Business Columns & Blogs

How fast do thieves use stolen data? You might be shocked

The Target data-breach settlement is a reminder that customers must safeguard their personal data.
The Target data-breach settlement is a reminder that customers must safeguard their personal data. Tribune News Service

Idaho Attorney General Lawrence Wasden announced May 23 that Idaho had settled with Target to the tune of $193,000 following the company’s 2013 data breach.

That breach is one of the more memorable for many people, but Target is far from alone in having customer information compromised. The Privacy Rights Clearinghouse tracks data breaches on an online database (privacyrights.org/data-breach). There, you can read about recent breaches and what information was compromised. Since 2005, more than 7,000 data breaches have been reported, compromising more than 900,000,000 individual records.

We’ve said it before; Data breaches are a matter of when, not if, your information will be compromised.

But what does that mean? What happens when your information is stolen?

The Federal Trade Commission researched the topic and reported on it. Researchers conducted a test by creating a database of information for 100 fake consumers.

“To make the information realistic, they used popular names based on Census data, addresses from across the country, email addresses that used common email-address naming conventions, phone numbers that corresponded to the addresses, and one of three types of payment information (an online payment service, a bitcoin wallet or a credit card),” writes Ari Lazarus, consumer education specialist at the FTC.

That data was then posted two different times on a website “that hackers and others use to make stolen credentials public.”

It took just nine minutes before thieves were using the information. The FTC reports 1,200 attempts to access the accounts associated with their fake data. The “credit card” information was used to pay for items varying from clothing to games, online dating memberships to pizza.

Some accounts were tougher to crack than others. According to the FTC, accounts that used two-factor authentication were not able to be accessed. Two-factor authentication requires a combination of multiple keys to log in to an account: perhaps a password and a code texted to a phone number, or a password and a thumbprint.

If you have been a victim of a data breach, take steps to recover. If your card was compromised, talk to your bank about issuing a new one. They may do this automatically. Regularly check your statements and credit reports to make sure everything is accurate. BBB offers a number of tips at bbb.org/breach.

Emily Valla, emily.valla@thebbb.org, is the Idaho marketplace director for the Better Business Bureau Northwest. To check a business or report a scam, go to www.bbb.org or call (208) 342-4649.

  Comments