Officials warn 500 million financial records hacked over the past 12 months
Officials warn 500 million financial records hacked
Erin Kelly, USA TODAY 8:10 p.m. EDT October 20, 2014
WASHINGTON — Federal officials warned companies Monday
that hackers have stolen more than 500 million financial records over the past
12 months, essentially breaking into banks without ever entering a building.
"We're in a day when a person can commit about
15,000 bank robberies sitting in their basement," said Robert Anderson,
executive assistant director of the FBI's Criminal Cyber Response and Services
Branch.
The U.S. financial sector is one of the most targeted in
the world, FBI and Secret Service officials told business leaders at a
cybersecurity event organized by the Financial Services Roundtable. The event
came in the wake of mass hacking attacks against Target, Home Depot, JPMorgan
Chase and other financial institutions.
"You're going to be hacked," Joseph Demarest,
assistant director of the FBI's cyberdivision, told the business leaders.
"Have a plan."
Nearly 439 million records were stolen in the past six
months, said Supervisory Special Agent Jason Truppi of the FBI. Nearly 519
million records were stolen in the past 12 months, he said.
About 35% of the thefts were from website breaches, 22%
were from cyberespionage, 14% occurred at the point of sale when someone bought
something at a retail store, and 9% came when someone swiped a credit or debit
card, the FBI said.
About 110 million Americans — equivalent to about 50% of
U.S. adults — have had their personal data exposed in some form in the past
year, said Tim Pawlenty, president of the Financial Services Roundtable and the
former governor of Minnesota.
About 80% of hacking victims in the business community
didn't even realize they'd been hacked until they were told by government
investigators, vendors or customers, according to a recent study by Verizon
cited by Pawlenty.
Businesses need to reach out to the FBI and Secret
Service for tips on how to protect their data before something happens, agents
said. If a business is hacked, company officials need to contact government
agents rather than trying to keep the attack quiet and deal with it internally,
the FBI said. "No one is going to solve this problem on their own,"
said Supervisory Special Agent Thomas Grasso of the FBI. "This is
something we all need to work together on."
FBI and Secret Service officials say they have taken down
international hackers with the help of U.S. companies and international law
enforcement allies overseas. Agents said many of the attacks against U.S.
companies are done by cybercriminals in other nations.
One Romanian hacker was lured to Boston by Secret Service
Special Agent Matt O'Neill, who used the Internet to pose as a woman and invite
the cybercriminal on a trip to the USA to enjoy gambling and romance. "He
was quite surprised that I was the one meeting him when he arrived," said
O'Neill, who worked on the case for months.
The man was arrested and is serving seven years in a U.S.
prison. Romanian authorities extradited one of his co-conspirators to the USA,
reflecting stronger partnerships between U.S. law enforcement authorities and
U.S. allies to catch hackers.
"Five years ago, we would have focused on whether
the (hacker) was in the United States where we could get our hands on
them," Grasso said. "Today, we're going to team up with our overseas
law enforcement partners and go after them."
Congress could help by passing cybersecurity legislation
to update surveillance laws and give federal agents greater authority to go
after cybercriminals, Pawlenty said. The House has passed a bill that the
Senate has not taken up. The Senate has taken a piecemeal approach, approving
one bill that would make it easier for the Department of Homeland Security to
hire cybersecurity experts.
"Our government and our businesses are in a daily
fight against hackers," Pawlenty said. "It's getting increasingly
concerning, and it needs to be met with action by Congress."
Comments
Post a Comment