CRM News: ID Security: Public Ransom Demand Distinguishes Va. Breach in a Data-at-Risk World

Public Ransom Demand Distinguishes Va. Breach in a Data-at-Risk World

By Erika Morphy
E-Commerce Times
Part of the ECT News Network
05/09/09 5:30 AM PT

A multibillion-dollar industry has grown up around data theft, but most cases fly under the radar. That's what makes a recent breach in Virginia different. The perpetrator posted a public ransom note demanding that the state of Virginia cough up $10 million for the return of stolen health records. Government officials aren't saying much about the matter.

Considering CRM solutions?
You first need to understand CRM best practices. Before committing to a CRM purchase and implementation, it's good to know the experience of those who have already "been there, done that." It can save time and prevent costly missteps. Download Free Research.

A hacker -- or a group of hackers -- is attempting to hold hostage some 8 million records purportedly acquired from the Virginia Prescription Monitoring Program, according to ransom note posted to the program's Web site on April 30.

Few statements have been released by Virginia state authorities, other than warnings that users of the program should monitor their financial records to make sure they are not victims of identity theft.

The site was down at press time.

Pay Up

The stolen patient records are stored in encrypted, password-protected files, according to the ransom note, which demands US$10 million for their return. However, government officials maintain the data was backed up, and the records have not been lost.

It is clear whether the data has been compromised, however.

The news has Virginia residents up in arms, but data breaches are nothing new in this era of poorly secured digital records.

Records theft is a multibillion-dollar industry run by organized criminal gangs with all the efficiency of legitimate business operations. What is new is the public announcement of the theft, Mandeep Khera, CMO of Cenzic, told the E-Commerce Times.

The goal is obviously publicity, but the reason is unclear.

"Usually, hackers prefer to keep their theft hidden so they can keep on milking the records for financial gain," said Khera.

Depending on how much is learned about this incident -- such as the motives behind it -- it is likely we will see more data taken hostage, Khera suggested. "It could easily happen again -- state Web sites, even federal ones, are still very vulnerable to exploit."

Companies will also be targeted -- if that's not happening already, he said, noting that "with companies, it is far more likely for something like this to happen under the radar."

Past Incidents

In fact, attempted blackmail using stolen digital records "happens more often than we realize in the corporate world," Rob Douglas, editor of IdentityTheft.info, told the E-Commerce Times. "There is no doubt these types of hacks occur far more than we hear about."

That's because there is no federal law mandating breach notification, Douglas pointed out, noting there's a lack of state uniformity in that area as well.

"I have little doubt that breaches have occurred that should have been reported and the companies decided not to," he said.

Even state laws that require notification leave some wiggle room. Basically, they require that the custodian of records must make a subjective determination that the breach could lead to ID theft.

Any number of reasons could qualify as support for the conclusion that a breach wouldn't result in ID theft, he said.

Even governments are less than forthcoming about these matters, Douglas said. "It's only by reading between the lines here that we can conclude definitively that a breach occurred in Virginia. They haven't told us much else."

Next Article in ID Security

Scammers Swarm: Tax Time Is Open Season for Phishers
April 08, 2009

April 15 is just a week away, and it's a busy time for taxpayers and scammers alike. With everyone busy fussing about e-filing, stimulus checks, federal and state returns, and the often complex business of putting together a proper 1040, those looking to steal taxpayers' personal information for their own gain have a fertile field to plow. Don't get caught up in a scam.

More by Erika Morphy

Windows 7 Flies Off the Shelves
November 06, 2009

Early sales figures on Windows 7 boxed software suggest a high level of consumer enthusiasm for the OS. Unit sales were a whopping 234 percent higher than Vista's out of the gate. The revenue haul was not as impressive, as Microsoft offered sharp discounts to spur presales. Also, sales of PCs with Windows 7 preinstalled have been lackluster -- but October is historically a weak month for PC sales.

Southwest Doesn't Fool Around
November 06, 2009

Either Southwest Airlines had better deals for my favorite route than its competitors or its superior Web site tools made it easier for me to ferret them out. Either way, kudos to Southwest. In the not-so-hot department were the airline's long list of what passengers weren't allowed to do and its very short list of what Southwest was obliged to do for them. Left me feeling a little chilly.

Commerce Search Puts Google Inside Retailers' Catalogs
November 05, 2009

Google has launched a new cloud-based search tool targeting enterprise-level e-commerce operations, just in time for the 2009 holiday selling season. Commerce Search provides a set of features designed to improve the relevance of results for consumers searching a retailer's own product catalog, while boosting cross-selling opportunities.

[Search More...]