Posted on 15 November, 2016With a whole load of Tesco Bank and Friend Finder's data for sale on the dark web following their recent hacks deceased ID fraud is set to increase. What does this mean for UK retailers and credit providers?
Accompanying Trump on the front pages this week have been two more very public data hacks. The first breach affected Tesco Bank customers. Cyber-criminals stole £2.5million from the current accounts of 9,000 customers – the largest ever cyber-attack on a UK bank to have resulted in a mass loss of money. One in 15 of the bank’s 136,000 current accounts were affected. Tesco Bank responded quickly by suspending all online debit transactions – including contactless card payments – to prevent further criminal activity. Recent developments have indicated that the breach was preventable with a number of security specialists saying that they had flagged the weakness to the bank and the dark web is currently awash with posts from hackers calling the bank a 'cash cow' given how easy it is to milk money from it.
In the second attack adult website Friend Finder confirmed that 419 million accounts had been breached, including those from sister sites Cams.com and Penthouse.com. Usernames, passwords, email addresses and dates of the last visit are all available on the dark web and, although the company made no mention of any financial data being stolen, information about if a user bought something or not is visible.
The rate and severity of cyber crimes is growing exponentially. It is expected that by 2018 three quarters of online users will have been victim to some kind of data breach. Other than the obvious repercussions for the organisations involved there are also secondary risks which are much longer reaching. It has been proven that hackers are holding the data and using it months and even years after the initial breach for the purpose of deceased identity fraud - one of the fastest growing crimes. Cyber criminals have become so sophisticated that they are now able to identify records in the stolen data sets of people that have subsequently died. They then sell these records to professional identity fraudsters to use. These records come at a premium as deceased identity fraud takes longer to identify than stealing the identity of someone that is still alive. The fraudster uses the details of the deceased person to open as many credit accounts as possible which is costing financial institutions and retailers thousands every year.
Whilst this does not have the financial impact or brand damage of the original breach it is enough of a problem to be attracting the attention of the risk community and law enforcement. This is why we have created a product that identifies potential deceased ID fraud at the application stage. For more information please contact us on 01274 5338888