Cyber-attacks have rung out on the three major U.S. data providers after a cybersecurity news site linked the data breaches to a group that supposedly sells stolen social security numbers and other personal information of victimized computer users.
Among the major U.S. data providers suspected to have been attacked by a cybercrime ring were Dun & Bradstreet Corp, Reed Elsevier's LexisNexis Inc and Altegrity Inc's Kroll Background America Inc. KrebsOnSecurity was the first to break the news of the security breaches while an FBI spokesperson exclaimed that the bureau is currently investigating incidents but have not elaborated on any fine details as of yet.
It seems as if the cyber-attacks took place on Wednesday, September 25th where data such as credit reports were among the information stolen. Within those reports, it includes social security numbers, birthdays and other detailed personal information of U.S. residents, which were found to be sold by the cyber ring for 50 cents to $2.50 for each record.
Cyber forensics experts who have served as consultants to the publications reporting this cyber-attack assure that there are grave implications from a privacy perspective. The victims and the data brokers are still unsure of what specifically took place in the cyber-attack. Basically, LexisNexis is among the data brokers claiming they have found no evidence of theft, and it seems as if no consumer data was retrieved by the perpetrators.
D&B spokeswoman Michele Caselnova said her firm was "aggressively investigating" the attack. She said, "Data security is a company priority and we are devoting all resources necessary to ensure that security."
The website ssndob.ms remains to be one avenue that the cybercrime ring sold the supposed stolen data. Ironically, there has been an on-going 7-month investigation into SSNDOB. The site has marketed itself on underground cybercrime forums for upwards of 2 years now. Data sold through the site has been from other attacked entities but still has some uncertainty around the validity of a recent attack on the top U.S. data brokers.
Currently, external forensics experts are working with the data brokers, to further investigate the source and reach, if any, of malware found on the servers belonging to the brokers. The incident, or potential destruction that could have taken place, is one example how no known entity is 100% immune to cyber-attacks even if they are among the top data brokers known in the U.S., who supposedly have an iron-clad means of protecting their data.