Top 10 Worst Data Breaches of 2017

Electronic wire fraud begins with the exploitation of company database systems, either to place malware, create backdoors or download sensitive data. ‘Hackers’ can then use the information to commit wire fraud. Specifically, data breaches can be catastrophic for businesses that are not prepared, especially so if they lack wire fraud insurance.

These data breaches and fraud cases have ranged from large software firms like Yahoo losing three billion account details, massive real estate firms leaking government officials home addresses, to notorious adult dating sites (that encourages less than moral meetups) leaking private account names and marital status.

Real Estate Wire Fraud Begins In Massive South Africa Data Breach

The South African Real Estate firm, Jigsaw holdings, who own multiple real estate companies such as Adia and Realty-1 discovered in October that 31.6 million records were available to download on their public server. This information contained the addresses, emails, phone numbers, incomes and more, of some of South Africa’s political elite.

This information could have been used (or may have been, as it was up and available for some time) for identity theft and real estate wire fraud, as hackers could easily trick firms into believing they were the real title holders of land.  

Car Tracking Data Backed Up To Scammers Hard Drives

When the name of a firm has the word ‘tracking’ in it and they have a major data breach, the executives are going to have quite the headache. SVR Tracking, a company that specialized in tracking cars for their owners (to prevent theft), actually was a victim of burglary themselves. 540,000 customer records (including all the car tracking data and where they lived) was leaked via a misconfigured backup database.

This example serves as a warning to other firms to watch not only their network security but their backups as well, especially if they are on a different network system that is not regularly monitored.

Money Wiring Scam Hits California Real Estate Association

In sunny California, the California Association of Realtors found that their payment portal was infected by a malware program that stole users payment details (names, address, banking information, credit card details) and then transmitted them to an unknown third party. For two whole days, this information was transmitted, and hundreds of real estate industry alumni were affected.

In one of the smartest moves on this list, they have since changed their payment system to use the secure third-party system Paypal.

IRS Helps Hackers To Commit Wire Fraud

No network should be more secure than the one operated by the United States tax department, the Internal Revenue Service. Naturally, their database is the most detailed and sensitive of any government agency and in 2017 they had that compromised. Hackers discovered that the free tool (provided by the IRS) to fill out the Free Application for Federal Student Aid (FAFSA) could actually be exploited to retrieve any data (not just the information specific for students). In fact, the free tool might have been the victim of lazy programming as it had admin hierarchy control and allowed the hackers to download over 100,000 taxpayers details, everything from real estate financial information, to incomes and tax returns.

The hackers then used the comprehensive data set to steal identities, commit wire fraud and spread further chaos.

Chipotle Adds Wire Fraud To The Menu

The famous Texmex/Mexican chain reported that in April 2017 they detected an intrusion on their payment network. Following it back, they discovered that a malware bot had been installed on their web servers to siphon payment details from point of sale card readers. The malware bot had been active for over three weeks, sending data to unknown third parties to commit fraud (wire fraud amongst other scams), leading to customers having unauthorized transactions on their cards.

As Chipotle also owns and operates another business, Pizzeria Locale, they were also affected by the same data breach.

Government Hacking Tools End Up In The Wrong Hands

The ‘Shadow Brokers’ is a cyber-espionage group that leaked NSA hacking tools to the general public. The NSA authorized Microsoft to fix the holes that their tools exploited, but like all new patches and security updates, many companies were slow to respond and implement them, resulting in thousands of businesses having their data stolen or destroyed.

You would think that the original hacking tools held in the NSA would have been kept under lock and key but this is an example of how all systems, including wire transfers, are vulnerable.

Uber Bribes Hackers To Keep Quiet About Fraud

In late 2016, Uber, the famous car sharing disruption app had a data breach and let hackers gain access to 57 million Uber users data worldwide, which included their homes, wire transfer details, payment credentials as well as the geo-tracking data and licensing information of over 600,000 drivers. This massive breach was only reported a year later with the company reportedly paying over $100,000 to try and keep it quiet.

Edmodo Hack Puts Kids At Risk

Discovering that their student and teacher database was for sale on the dark web was quite the wakeup call for firm Edmodo, who was hacked in December last year. The education platform had a subscriber list of 78 million accounts and included passwords and emails, many of which belonged to minors.

‘Human Error’ Stings The Republican National Committee

Sometimes data leaks can come from simple human error, as was the case with the Republican National Committee’s voting database. It had one line of code switched to the wrong variable, allowing public access to over 200 million Americans’ voting data. Many of these people were not even registered to vote in their state (after all this was not a government database, but just a political party) nor even for the Republican party. The information was over 1.1 terabytes and stored on an easily accessed amazon server.

This data breach is an example of how a simple human error can escalate to do critical damage, and just like a mistake sending a wire transfer, it can be almost impossible to recover.

And… The Biggest Leak Of 2017!

In September of 2017, Equifax, a credit agency reported that they had a data breach that affected 143 million Americans. Hackers found that the open source software that the firm’s web application operated on, had a hole that allowed them unlimited access. Using this access they were able to reach in and copy vast quantities of data. Adding insult to injury a fix had been available for months and could have been easily implemented.

This data contained social security numbers, real estate addresses, personal information and in 200,000 accounts, unencrypted credit card numbers (perfect for wire fraud). Equifax doubled down on the damage by creating a website to allow victims to find out if they had been affected, and that too was also hacked! Worst of all to some, no one has been charged with this crime, either the hackers nor the executives of the firm

Moral of The Story?

The most common thread amongst these examples is the reliance on using unsecured tools that don't protect against human error nor use the latest encryption technologies. As real estate firms continue to centralize data and utilize the latest in technological advancements, especially in the realm of wire transfers, they have to be even more vigilant and ensure their customer’s data is secure.

CertifID fixes these flaws by assuming malicious activity is out there, protecting your wire transfer data and guaranteeing that it will reach its destination unharmed, ensuring that your firm won't be in our 2018 data breach list.

Sign up for our free trial to protect your firm from wire transfer fraud today.