Russian Crime Ring Possesses Mass Quantities of Stolen Online Information


With recent reports that a Russian crime ring may have stolen the largest collection of online data — including 1.2 billion username and password combinations—effective data security is more critical than ever for all organizations — public, private or nonprofit. Working out of a small town in south central Russia, the hackers captured mass quantities of online information using botnets — networks of zombie computers infected with a computer virus — to identify websites vulnerable to a common hacking technique known as an SQL injection. Where weaknesses are found, hackers enter a command that allows them to extract the contents of a website's database.

The criminals used these botnets to collect 1.2 billion unique user name and password combinations and approximately 542 million unique email addresses. While selling the records on the black market would be lucrative, the criminals currently appear to be charging a fee for using the information to spam social network sites on behalf of other groups.

Milwaukee-based Hold Security, the firm that discovered the breach, indicates that most of the hacked sites — ranging from Fortune 500 companies to very small websites — remain vulnerable. Experts acknowledge that cybercriminal attacks are currently outpacing available defenses as data security breaches get larger, occur more frequently and are more costly to address.

In such an environment, companies that do not proactively protect online information expose themselves to significant costs, liability and negative publicity. The following ten tips can help employers improve their organizations’ information security and decrease the risk of a data breach:

  1. Develop comprehensive cybersecurity policies and procedures and clearly communicate them to employees so they understand their role in creating a more secure environment;
  2. Review internal security measures and upgrade processes and systems where needed to address any vulnerabilities;
  3. Use encryption to enhance data security by making it more difficult for unauthorized parties to read lost or stolen data;
  4. Make certain third-party vendors and partners apply appropriate security measures to protect information;
  5. Implement measures to monitor accounts and websites for suspicious activity;
  6. Reassure clients and customers by providing information on steps being taken to protect their personal data;
  7. Use multiple technologies to secure information and detect breaches to make it harder for sophisticated hackers to access data;
  8. Schedule regular backups to protect data;
  9. Test security systems frequently to ensure everything is working smoothly and to detect any new vulnerabilities; and
  10. Adopt a data breach response plan.

As data security becomes increasingly complex, it is essential for companies to develop a data security policy and train their employees on how to effectively implement it.

[View source.]


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomson Reuters Compliance Learning | Attorney Advertising

Written by:


Thomson Reuters Compliance Learning on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.