Zappos, the large online shoe retailer owned by Amazon, announced a data breach on January 15th compromising 24 million consumer records. Not many days later a civil negligence suit was filed against Zappos and parent company Amazon while lawyers seek to make it a class action law suit on behalf of all the data breach victims.
While companies focus their fraud prevention efforts on direct third party fraud, they had better be spending some time on mitigating the risks of account takeover. In a year that began with high profile attacks on Sony and email marketing firm Epsilon, ended with hactivist campaigns and posting sensitive information stolen from Stratfor, all while Federal initiatives in response to data breaches gained momentum, data breaches made headlines more than ever before in 2011. As estimates range from 400 to 535 data breaches in 2011, with tens of millions of records exposed, The Fraud Practice looks at the impacts of data breaches over the past year and how this may affect laws and regulations in 2012.
Now that the Security and Exchange Commission requires public companies to disclose the costs of cyber attacks and a national data breach notification law is in the works it is expected that more companies will be purchasing insurance policies to protect against data breaches and cyber crimes.
Hactivist groups Anonymous and LulzSec continue their holiday hacking routine called LulzXmas after stealing sensitive data from SpecialForces.com and Stratfor, a global intelligence firm, and then posting the breached information online.
The high profile data breaches continue in 2011 as Anonymous posted 1,000 user names and passwords taken from the United Nations. A hacker was able to access the server containing information for the United Nations Development Programme, the attack may have been just to demonstrate ability or to embarrass the UN as many of the posted passwords were weak. Anonymous is also threatening attacks against major financial institutions with their new ally, TeamPoison, in a hactivism effort they are calling Operation Robin Hood.