Insecurity over ID theft
Paris Hilton was just one of millions of people whose privacy was breached this year.
"The Simple Life" diva became the victim of a scam that combined hacking with old-fashioned con tricks. It resulted in some of the contents of her cell phone--including racy pictures and phone numbers for her celebrity pals--being published on the Web. A Massachusetts teen was sentenced to 11 months in a juvenile facility for the crime.
The Hilton case may have been one of a youth looking to boast about hacking exploits, but in many other cases, the culprits are simply hard-core criminals looking for cash.
"Phishing," a term previously reserved for the security in-crowd, went mainstream. "Pharming" and "keystroke logging" are also now commonly recognized threats and used by criminals in their hunt for valuable data.
Phishing scams got more sophisticated and more targeted. Perpetrators picked smaller financial institutions as targets and expanded their fraud attempts outside the United States. And some cons took advantage of the generosity of Americans for victims of Hurricane Katrina.
Still, the Anti-Phishing Working Group said in October that the efforts to stem online scams may be working. Possibly the largest data security breach to date happened this summer. Intruders exploited software security vulnerabilities to install a rogue program on the network of CardSystems Solutions, a credit card payment processor. Information on more than 40 million credit cards may have been stolen, MasterCard International said in June.
The CardSystems breach was one of several high-profile incidents in 2005 that may have exposed American consumers to identity fraud. Data leaks were reported by financial institutions Bank of America and Wachovia, data brokers ChoicePoint and LexisNexis, and the University of California at Berkeley and Stanford University.
Consumers might never have heard about the incidents if it hadn't been for a spate of data breach notification laws. Such laws went into effect in many states this year, and several proposals for a federal notification law are now making their way through Congress.
In the CardSystems case, however, individual consumers were not notified that their personal details had been exposed because Visa and MasterCard maintain that notification responsibility falls with the banks that issue credit cards and have direct relationships with the affected customers. There is an ongoing lawsuit in a California state court over the matter.
Since February, more than 50 million personal records have been exposed in dozens of incidents, according to information compiled by the Privacy Rights Clearinghouse.
Possibly in response to the many headlines about identity fraud, consumers became more worried about data protection, according to the results of several studies. In June, the Cyber Security Industry Alliance reported that nearly half of U.S. voters in a survey said fear of identity theft was keeping them from conducting business online.
Experts questioned whether the threat of identity theft was being overblown. A leak of personal information--whether via data tapes falling off a truck or a laptop being stolen--doesn't always translate into fraud, experts said.
Nevertheless, Washington is expected to work next year on data breach notification and anti-spyware legislation. And one prediction for 2006: The ongoing race between security companies and criminals will result in increasingly smarter scams.
Database break-in affects far more consumers than originally acknowledged. Factor in 750 cases of identity theft.
The contents of the socialite's cell phone are posted on the Net, including celebrities' phone numbers and e-mail addresses.
Phishing attacks may have slowed, but their sophistication is increasing at a rapid pace.
Spammers and online fraudsters are exploiting Web site features to learn more about their victims and better hone their attacks.
Security vulnerability lets intruder enter network and nab info on millions of credit card holders.
Payment processor didn't meet guidelines, MasterCard says, as details come out about the break-in that exposed 40 million accounts.
These days, attackers are motivated more by money than the desire to write disruptive worms like Sasser.
Scan finds that hundreds of thousands of the servers that act as the white pages of the Net are vulnerable to attack.
Teen gets 11-month sentence for hacking T-Mobile and posting data from Paris Hilton's Sidekick on the Web.
A new proposal expected this week would require businesses that handle sensitive info to secure their data.
Though the number of phishing sites has hit a new high, swift action is making it tougher to launch attacks.
Despite big leaks and public perception of threat, few people whose personal information is exposed are ever victimized.
Nearly 30,000 airline passengers must ask the TSA to remove their names from watch lists.
Behind the headlines