The Clearsale Blog

2016’s Biggest Data Breaches — and The Implications for Merchants

2016’s Biggest Data Breaches — and The Implications for Merchants

2016 was a big year for hackers. The Identity Theft Resource Center identified 980 breaches, exposing billions of sensitive records to theft. Here are some of the year’s biggest data theft stories – as well as insights into how all of this impacts e-commerce websites.

What Were the Biggest Data Breaches of 2016?

No consumer’s data is safe; this was especially clear in 2016. As fraud continues to increase, even the largest companies fell victim to hacking.

  • In 2014, 500 million Yahoo accounts (including full names, dates of birth, phone numbers, and some security questions and answers) were breached, although this wasn’t confirmed until September 2016. Adding insult to injury, the company discovered in December 2016 that a 2013 breach may have compromised 1 billion Yahoo accounts — making it the largest data breach in history.
  • Another instance of an aftershock breach, 360 million accounts were hacked sometime before June 2013. However, the company didn’t report the breach and notify users until May 2016.
  • Approximately 145 million users were affected by a system compromise using stolen employee login credentials. Hackers gained access to such information as names, passwords, addresses and dates of birth.
  • The social network was hacked in 2012, with 117 million email and password combinations reported as stolen. In 2016, this data surfaced again, for sale on the dark web.
  • This file-hosting service experienced a breach in 2012, in which it reported that a “small number” of user names were stolen. In 2016, Dropbox revealed that the scope of the breach was far greater: Approximately 68 million emails and hashed and salted passwords were compromised.
  • Newkirk Products. An issuer of healthcare ID cards, this provider’s data breach in August 2016 may have affected nearly 3.3 million people. Hackers accessed sensitive information, including names, dates of birth and insurance plan details.
  • 21st Century Oncology. In March, this cancer care service provider revealed that it was the victim of a major breach in October 2015. Hackers accessed 2.2 million patient records, including Social Security numbers, diagnosis and treatment information, and insurance details.
  • Verizon Enterprise Solutions. A security system breach led to the compromise of approximately 1.5 million customer records, which were found for sale in an underground cybercrime forum.

With an estimated 1.9 million records compromised every day — and each record costing companies an average of $221 — the risk is serious and pervasive.

How Can Consumers Protect Themselves?

When consumers learn their data has been compromised, they’re likely to feel vulnerable. There are several steps they can take to protect themselves against the misuse of personal data.

  • Change existing passwords. As evident from the LinkedIn, Dropbox and Yahoo breaches, personal account details can resurface years after the initial data breach. Failing to change passwords and secure sensitive data after a breach means personal credentials are available to cybercriminals long after the information was first compromised.
  • Create unique passwords for each site. It’s important to use a unique, hard-to-hack password for every site visited. Tedious? Yes. But if hackers gain user names and passwords on one site, they’ll try them across multiple sites in an effort to gain entry.
  • Take advantage of services offered. After a data breach, many companies offer free credit monitoring and ID protection services. Consumers should utilize these services.
  • Monitor credit reports. With free credit reports offered once a year from the three major credit reporting agencies, consumers should request a credit report from one of the agencies every four months to check for fraud.

 

What Does This Mean for Merchants?

With 2016’s increase in breaches comes an increased volume of compromised data available for sale on the dark web. No longer can e-commerce businesses take transactions at face value. Customers aren’t always who they say they are. Merchants must efficiently — and effectively — protect their businesses by verifying every online customer’s identity.

Screening every transaction is a good place to start. This allows merchants to:

  • Prevent fraudsters from conducting transactions using stolen information
  • Quickly and accurately distinguish between fraudulent transactions and legitimate ones
  • Spot the small fraudulent transactions that may signal a cyberthief testing out a merchant’s fraud filters
  • Draw from a bigger pool of transaction data for more accurate analysis of fraud patterns

To take fraud protection a step further, a multi-layered solution that integrates advanced technology, statistical intelligence and sophisticated human analysis arms merchants with a comprehensive set of tools to stop fraud from taking hold in the first place.

Moreover, a strong fraud protection solution sends an equally strong signal of trust to consumers, that the merchant is not willing to let criminals get away with using their stolen information. This peace of mind can go a long way toward building confidence and loyalty for consumers.

Prepare for 2017 by Learning From 2016

One thing is clear: Despite increased security and awareness, the data breach forecast for 2017 is daunting.

  • Password breaches that resurface long after the initial compromise will continue to put customers at risk.
  • Payment-based cyberattacks will continue at a high level, despite the transition to EMV in the United States.
  • International data breaches are on the rise, causing new headaches for global organizations.

The best approach for merchants? Learn from the mistakes of 2016 and keep on top of developing threats. Hackers are determined to get the information they want, so make it impossible for them to use stolen credentials on your e-commerce site.

We can help. Contact Clearsale today, and learn how our total guaranteed protection plan can help protect your business and create a secure and profitable online sales environment.

New Call-to-action

You may also like

3 Ways Tech Can Benefit Remote Teams

3 Ways Tech Can Benefit Remote Teams

Ecommerce businesses are used to an ever-evolving digital connection between them and their customers. But 2020’s COVID-19 pandemic has resulted in that digital connection making its way into the..

Shopping Habits by Gender: What’s Changed in 2020

Shopping Habits by Gender: What’s Changed in 2020

Do men hate shopping online? Are women more worried about fraud?

Is Fraud Risk Scaring You Away From International Shipping?

Is Fraud Risk Scaring You Away From International Shipping?

With cross-border shopping estimated to make up 20% of e-commerce in 2022, many merchants are right to consider expanding into other countries. So what’s stopping them from pulling the trigger?

Retailers have got COVID-19 problems, but fraud shouldn’t be one

Retailers have got COVID-19 problems, but fraud shouldn’t be one

 The coronavirus pandemic has led to more Australians filling their shopping bags from behind a screen, but a proliferation of COVID-19-themed online scams are pushing customers away from shopping..

Headless Commerce: What, Why and How

Headless Commerce: What, Why and How

As technology and e-commerce solutions improve, we’ve seen digital platforms evolve from on-premises platforms to software-as-a-service. Now, while these two models aren’t completely outdated (in..

How Machine Learning Can Improve Fraud Risk Assessment

How Machine Learning Can Improve Fraud Risk Assessment

When you’re trying to prevent fraud from happening, you might be tempted to set up a basic fraud prevention solution and let it go, assuming it will catch each instance of fraud on its own.

CLEARSALE ON ECOMMERCE FRAUD & COVID-19

CLEARSALE ON ECOMMERCE FRAUD & COVID-19

The world is living through troubled times as it battles COVID-19. We sat down with Rafael Lourenco, EVP at Clearsale, to talk about how merchants can protect themselves from fraudsters who seek..

Why M&A Due Diligence Should Include Cybersecurity and Fraud Prevention

Why M&A Due Diligence Should Include Cybersecurity and Fraud Prevention

Think of due diligence for mergers and acquisitions covers and you probably think about reviewing the books, assets, customer base and contracts of the target company. You may also think about..

Country Profile: The Guide to Ecommerce in Mexico

Country Profile: The Guide to Ecommerce in Mexico

¡Bienvenido a México! The digital economy south of the border is growing by leaps and bounds. For the ecommerce retailer, Mexico represents an exciting opportunity to enter a new market of..

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog