Data breaches fueled by mobile continue to rise, Arkansas low on vulnerability list

Data breaches continue to threaten Arkansas consumers and businesses, even with the state ranked 15 out 51 states for vulnerability – with 1 being the least vulnerable – to data breaches and cyber fraud.

However, more than 700 businesses, education, government and health operations have been hit by 717 data breaches so far in 2015, according to a new report by the Identify Theft Resource Center. 

More than 176.275 million records have been exposed to cyber criminals and hackers this year through various kinds of breaches or losses related to insider theft, hacking, third/party contractor, employee error, accidental web exposure and physical theft, according to the ITRC report.

Not all the breaches are created equal, but the four major types of information that hackers are most often after include the following:
• Social Security Number
• Credit/Debit Card Numbers
• Email/ Password/ User Name
• Protected Health Information

The WalletHub report, which measured the vulnerability of states, found that South Dakota was the least vulnerable, with Hawaii and Maine ranking second and third. Conversely, the District of Columbia, Florida, Nevada and California were the most vulnerable for cyber fraud and data breaches, according to the WalletHub report.

Florida was the most vulnerable state for the most identity theft complaints per capita, with roughly five times the number of victims that South Dakota, the least vulnerable state. The same was true for credit card fraud complaints. Arkansas consistently ranked on the lesser side of vulnerability though it was not among the least vulnerable list which was South Dakota, North Dakota, Hawaii, Iowa, Nebraska, Wyoming and Vermont.

RETAIL, FINANCIAL HACKS
While data breaches most often reported are those by banks and other credit providers, they are not the lion’s share of breach activity in 2015. ITRC found that this category has had 66 breaches which was roughly 9% of the total reported so far in 2015. that exposed 5.062 million records.

Many of the largest banks and investment houses have been hit this year by hackers. They include American Express, Citibank, Regions Bank, Morgan Stanley, T-Rowe Price Retirement Plan Services and Chase Bank. Among the 66 breaches in the financial category, less than 3% of their total records were exposed.

Retailers and other businesses garnered 40% of the total data breaches this year with 290 hacks that exposed 16.155 million records. The level of breaches in the retail category increases each year. Since 2013 the number of attacks on retailers has risen to 253 breaches that exposed 552 million identities. 

Cybercrime global totals between $300 billion and $1 trillion annually, according to McAfee. With the rise of mobile shopping and payments by phone, cyber security expert David Hausam of Wal-Mart recently said breaches are likely to grow more quickly because mobile breaches are easier. Before joining Wal-Mart, Hausam spent 21 years in the U.S. military, where he first learned about cyber intelligence. He said sites like Instagram that are hosted offsite are among those with weak links.

“If you use Instagram on a mobile device, always use the app. Don’t go to the browser and search for their website. Also be careful about opening links on your mobile phone,” Hausam warned.

ANDROID MORE VULNERABLE THAN APPLE
He said Android users are more vulnerable than Apple because of weaknesses at Google. He said the Android device is so widely used around the world that by the time 50% of its users realize the attack, a year has passed.

“That is why hackers love Android systems. They will not stop hacking,” Hausam said.

Target’s high profile data breach during the holiday season of 2013 has cost that retailer over $290 million, including the recent $39.4 million settlement announced earlier this week with banks and credit unions. Target has said at least 40 million credit cards were compromised in that breach, and that as many as 110 million people may have suffered the theft of personal information such as email addresses and phone numbers.

Other retailers and businesses impacting Arkansas consumers this year include American Airlines, AT&T, Bed, Bath & Beyond, Casey’s General Stores, Dairy Queen, Intuit Turbo Tax, Kohl’s, Outback Steakhouse, Toys R Us, Uber, United Airlines, and Walgreen.

ARKANSAS HEALTHCARE DATA HACKS
While health provider data breaches don’t often result in direct financial losses for consumers they are among the fastest growing segments. Through Dec. 1 of this year the medical segment reported 248 breaches, or roughly 35% of the total hacks in the ITRC report.

More than 120.077 million medical records were exposed this year in the reported data breaches. Arkansas health care businesses were among those hit by hackers. Baptist Health and Arkansas Health Group had 6,500 patient records compromised in October when two employees stole data and took it with them to a new employer, Bray Family Health.

While the data stolen did not include billing or social security information, it contained HIPPA protected health information. HIPPA is the federal law that sets rules and limits on who can looks at personal health records.

In February, Arkansas Blue Cross and Blue Shield released a statement on the Anthem data breach that put 80 million accounts in jeopardy. The Arkansas company reported to ITFC that 560 health records were compromised in the February security breach of its partner Anthem which operates separate businesses in 14 states.

In October Arkansas-based Neuropathology Associates reported a a privacy breach that affected 1,260 patients. The privacy breach was discovered to have been caused when an employee made an error sending data to a HIPAA Business Associate (BA).

The company said no financial data, Social Security numbers, dates of birth, addresses or insurance information were compromised, and there is no reason to believe any of the data transmitted was intercepted, retained or disclosed.

Franklin, Tenn.-based Community Health Systems, which owns Northwest Health system hospitals in Springdale, Siloam Springs, Bentonville, and Sparks Regional in Fort Smith and others across the state, reported a data breach last year that impacted 4.5 million patients. Community Health Systems said the hacker was a foreign-based group out of China that was likely seeking intellectual property. The intruder used sophisticated methods to bypass security systems. The hospital group said it has employed new applications to protect against future attacks. Consumers impacted were notified by letter and also offered free identity theft protection by the company.