Identity Crisis – The Real Cost of a PII Data Breach

As the success of phishing attacks continues to broaden and gain traction in the modern news cycle, it’s important that we understand the differences in impacts based on the type of breach.

While over the past year, there has been a lot of talk about the increase in and effectiveness of Ransomware in terms of financial reward and even in forcing political statements from victims, it is critical that we not forget about the designs malicious actors have on PII (Personally Identifiable Information). For example, according to Krebs on Security, the recent Equifax breach noted hackers were motivated to get their hands on PII, as the breach compromised personal information such as birth dates, addresses, credit card numbers, and social security numbers for as many as 143 million Americans.

While the security industry talks a lot about the importance of the regulation of protection for PII (still important), we absolutely must take note of the extended dangers for our organizations and the general public when that data is exposed.

Of course, there are all the standard company concerns:

  1. Your reputation will take a hit
  2. Incurring the cost of repairing the breach
  3. Provisioning of client-side ID protection services
  4. Increases in regulation and compliance that are sure to follow

But that’s not all…

What is often over-looked, especially in the cases of a PII breach, is the responsibility to prepare our associates, users, and clients for the additional threats they now face. Because the stolen PII will now be sold to the highest bidders, we must prepare them for the coming onslaught of attacks.

  • Users and clients will experience identity theft and increases in financial fraud and need to monitor for such
    • Opening of Credit Cards and other Financial Accounts
    • Use of data to obtain medical services and prescription drugs
  • Personalized phishing and vishing attacks will be easier to execute
    • Fraudulent email invoicing for services
    • Bill collection fraud (personal) in the form of vishing
  • Two factor authentication protocols may be compromised
    • Providing SSN as proof of caller ID
    • Birthdates as second factor, etc.

After any major breach, it’s critical that we remind our users and clients of the extended dangers of fraud and capability to execute highly personalized attacks against them. Preparing them is no longer a nice idea… It’s a must do.

Don’t miss another threat – stay updated on the latest malware trends and active threats with our complimentary PhishMe® Threat Alerts! Click here to subscribe.

75% of UK IT Professionals Hit with Email-Based Security Incident, Phishing Trend Report Reveals
Catching Phish with PhishMe Intelligence and ThreatQ

Leave a Reply