NPD Shutters and Hackers Trending Younger
The average age of those arrested for cybercrime is trending younger and younger, currently in the teens. The latest report from Experian, predicting upcoming data security trends for the next year, foresees this trend increasing, with more young people participating in cybercrime and recruitment by veterans in the field. We discussed recently how hackers like Lapsus$ used convincing social engineering schemes like phishing against hotels, tech firms, and many more, in some cases perhaps out of little more than boredom.
The risks of AI proliferation will also contribute to a rise in cyber attacks, the report predicts. More employees with some level of AI training increases the chances for someone to turn their knowledge against the organization. Both AI-related attacks and ransomware schemes are expected to become even more sophisticated, says Experian, necessitating the improvement of identity monitoring and confirmation methods to better protect against fraud using stolen data.
In other and perhaps unsurprising news, National Public Data (NPD) has officially closed its doors after its record-shattering data breach. The data broker had previously filed for bankruptcy protection, but now is gone after two decades with barely a whisper (and by whisper I mean a brief notice on its website and steps for those affected to take). NPD’s parent company, Jerico Pictures, is meanwhile facing multiple class action suits and filing for bankruptcy protection itself – filings which a judge apparently dismissed.
The culprit behind the NPD and other breaches was arrested in Brazil in October. Going by the handle US Department of Defense, this hacker initially offered to sell data stolen from the organization for $3.5 million on the dark web. They have also been linked to security incidents at an FBI intelligence portal, InfraGard, TransUnion, and the Environmental Protection Agency. Nor has the Brazilian government and police evaded the USDoD’s schemes.
In the end, nobody looks to come out of this unscathed. Aside from whatever repercussions hit the hacker responsible, a major data broker was shut down, and the field itself brought into further focus. Just last week, the Consumer Financial Protection Bureau (CFPB) proposed stricter limitations on data brokers and scrapers and the sale of their accumulated data; not just to any old profit seekers. “By selling our most sensitive personal data without our knowledge or consent, data brokers can profit by enabling scamming, stalking, and spying,” says the CFPB statement.
Personally identifiable information (PII) is a valuable resource, and always at risk of exploitation. NPD should serve as the utmost cautionary tale about how an entire enterprise can implode from poor data security hygiene. Which is precisely why organizations need to protect their PII at all levels, from the perimeter and beyond. NetLib Security’s Encryptionizer provides a solid layer of encryption for all your databases and devices. No additional programming is required to lock down your vulnerable resource, and minimal impact on performance. Not to mention guarding the hundreds of millions of affected individuals whose identity may be at risk, some of whom are the ones putting NPD and perhaps Jerico out of business. The hackers are only getting younger and smarter, after all.