Millions of people have recently been affected by serious data breaches of major corporations and organizations such as the Texas Comptrollers Office, Sony, the New York Yankees, Michaels, and Fox Entertainment. These breaches of sensitive personal information reinforce the need for strict regulations and security measures to be implemented for businesses large and small. The PCI Standard Security Council was created to prevent these types of credit and debit card information security breach situations. However, with the recent news around these notable organizations experiencing data breaches, it becomes painfully clear that data breaches can happen to any business, large or small. And as a consumer, you should be conscious of where you offer your information, and be aware of the standards such as the PCI DSS and PA-DSS are being put into place to protect your valuable information and the associated headache that comes with having it stolen.
It is crucial for people to understand that data breaches can happen to any business or organization. If a Businesses or organization collects and stores sensitive information, they need to understand the PCI DSS to avoid data breaches and regulatory fines. The Texas Comptrollers Office discovered in March of 2011 that it had left personal records openly available on a publicly accessible server for over a year. These personal records included names, addresses, social security numbers, and in some cases, dates of birth and driver’s license numbers. This is the most extensive information breach in the history of Texas, affecting 3.5 million people. The Office of the Texas Comptroller is now facing a $3.5 billion lawsuit: $1,000 statutory penalty for each individual whose privacy was violated. (Dallas News)
Sony was the first high profile corporation to be recently hacked. From April 17 through April 19, hackers had access to around 100 million people’s names, addresses, birthdays, credit card numbers, and billing history through Sony servers. The data breach forced Sony to shut down their online gaming network for over a week. Sony later released a statement that they had no evidence that credit card numbers were stolen, but they could not rule it out. Currently, the data breach has cost Sony $171 million, but with all the pending lawsuits and regulatory fines, that figure will likely be much higher. (Reuters)
The New York Yankees suffered a data breach on April 25, 2011 when an employee accidentally emailed an Excel spread sheet of names, addresses, phone numbers, seat numbers and email addresses of 21,466 season ticket holders to 2,000 fans. The email was a newsletter that the Excel sheet was attached to. The Yankees sent out an apology letter and assured fans that birth dates, social security numbers, or financial data was not included in the exposed personal information. (NYYankees)
Michaels Stores, a retailer of arts and craft supplies, announced on May 4, 2011 that PIN pad tampering had occurred, compromising credit and debit card information of at least 80 stores across the U.S. Roughly 100 Michael customers reported having their bank accounts emptied. The hackers were able to get debit card and PIN numbers, draining bank accounts in a matter of minutes. Michaels has set up a help line for customers who have any questions or concerns: 1-800-642-4235. (Michaels)
On May 6, 2011 a hacker group named LulzSec breached Fox Entertainment’s servers, gaining access to names, emails, passwords, and phone numbers of nearly 400 employees and hundreds of thousands potential X-Factor contestants. The hackers released the personal information and encouraged people to “ravage” the list of emails and passwords, and taunt their Facebook, Myspace, Paypal, LinkedIn, and Twitter accounts. (MSNBC)
In addition, LulzSec was responsible for breaching Sony’s Greek unit, affecting 8,500 user accounts, as well as smaller incidents in Thailand and Indonesia on May 24, 2011. Sony spokesman Atsuo Omagari released a statement that Sony is not sure if the attacks are related; "We don't know whether the incidents in the three countries are linked to the attacks on the PlayStation. For now, we are still investigating each incident" (Fox Business).
Hackers are like Internet train robbers, and we are in the wild west of digital payments. Working together to shut out online bandits will make payment processing stronger and more secure for merchants and consumers. To help better understand your PCI compliance level or find answers to questions on PCI compliance, check out our PCI compliance guide or contact an Element Payment Services representative.