Home > Identity Theft > Olympic-Sized Mistake: Which Companies Dropped the Security Baton?

Comments 0 Comments

By Brian McGinley

In the spirit of the Olympic Games under way this summer in London, we’ve opted to award gold, silver and bronze medals to companies and government institutions for their performance in the 2012 (In)Security Games.

Find out which organizations experienced the thrill of a well-designed privacy plan and which ones endured the agony of an easily prevented data breach. The goal is simple. We want organizations to get smarter about data security to better protect consumers’ personally identifiable information.
We’ll spotlight medalists in a number of events, including the Consumer Protection Decathalon and the 100-meter Privacy Dash. But the first event is Data Vulnerability. The year 2011 was a big one for world records in this category. Remember the Sony or Epsilon breaches, to name but a few? Preparing for this year’s games we wondered about the level of competition.

There were a lot of strong contenders. Corporate America gave it a good effort with a significant number of data breaches. Hackers and digital con men bent on stealing consumers’ personal information seemed to make gains this year, too. Nearly 400 breaches already have been reported this year, with about 19 million customer records affected, according to Privacy Rights Clearinghouse.

[Credit Check Tool: Monitor your credit score and activity for free with Credit.com]

Free Credit Check ToolSo without further ado, the gold medal goes to: Global Payments Inc.
Global Payments, which processes card transactions for merchants, exposed more than 7 million consumer records, although the company claims only 1.5 million credit cards were exposed. The breach happened when records were wrongfully exported from its North American processing system. The resulting investigation revealed that new and past processing applicants also had been hit. Security violations were so rampant here that the major credit card companies removed Global Payments from their list of third-party vendors that meet their joint security standards. A gold medal worthy performance, indeed.

The silver medal goes to: LinkedIn
Everybody’s favorite professional social networking site came out swinging this summer. Some 6.5 million user passwords were stolen, and the corporate response was tepid at best. The password dump, as it’s called, was made freely available in an online hacker forum, and it took third-party security wonks to figure out it belonged to LinkedIn. It’s unclear how much damage this information will cause users. But the breach warrants a silver medal because prevention was so darn easy. LinkedIn used a run-of-the-mill weak encryption process and should have known better.

[Featured Products: Research and compare Identity theft protection plans at Credit.com]

The bronze medal goes to: Zappos
A hacker snuck into the popular discount shoe site’s servers in January and left with 24 million records. Despite the big loss, Zappos clearly had a response plan on the books—and used it following the breach. Their reaction gained favorable coverage in the security press and probably mitigated some of the damage. Thereby, what could have been a gold medal performance took only the bronze.

I’ve said it before, and I’ll say it again. Security isn’t a path taken; it’s a destination reached. Learn more about how to build smarter security into your management practices with my three-part series on 21 Steps to Smarter Security.

This article originally appeared on IDentityTheft 911. Brian McGinley is Senior Vice President of Data Risk Management for IDentity Theft 911.

Image: Craig Deakin, via Flickr

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them.

Hello, Reader!

Thanks for checking out Credit.com. We hope you find the site and the journalism we produce useful. We wanted to take some time to tell you a bit about ourselves.

Our People

The Credit.com editorial team is staffed by a team of editors and reporters, each with many years of financial reporting experience. We’ve worked for places like the New York Times, American Banker, Frontline, TheStreet.com, Business Insider, ABC News, NBC News, CNBC and many others. We also employ a few freelancers and more than 50 contributors (these are typically subject matter experts from the worlds of finance, academia, politics, business and elsewhere).

Our Reporting

We take great pains to ensure that the articles, video and graphics you see on Credit.com are thoroughly reported and fact-checked. Each story is read by two separate editors, and we adhere to the highest editorial standards. We’re not perfect, however, and if you see something that you think is wrong, please email us at editorial team [at] credit [dot] com,

The Credit.com editorial team is committed to providing our readers and viewers with sound, well-reported and understandable information designed to inform and empower. We won’t tell you what to do. We will, however, do our best to explain the consequences of various actions, thereby arming you with the information you need to make decisions that are in your best interests. We also write about things relating to money and finance we think are interesting and want to share.

In addition to appearing on Credit.com, our articles are syndicated to dozens of other news sites. We have more than 100 partners, including MSN, ABC News, CBS News, Yahoo, Marketwatch, Scripps, Money Magazine and many others. This network operates similarly to the Associated Press or Reuters, except we focus almost exclusively on issues relating to personal finance. These are not advertorial or paid placements, rather we provide these articles to our partners in most cases for free. These relationships create more awareness of Credit.com in general and they result in more traffic to us as well.

Our Business Model

Credit.com’s journalism is largely supported by an e-commerce business model. Rather than rely on revenue from display ad impressions, Credit.com maintains a financial marketplace separate from its editorial pages. When someone navigates to those pages, and applies for a credit card, for example, Credit.com will get paid what is essentially a finder’s fee if that person ends up getting the card. That doesn’t mean, however, that our editorial decisions are informed by the products available in our marketplace. The editorial team chooses what to write about and how to write about it independently of the decisions and priorities of the business side of the company. In fact, we maintain a strict and important firewall between the editorial and business departments. Our mission as journalists is to serve the reader, not the advertiser. In that sense, we are no different from any other news organization that is supported by ad revenue.

Visitors to Credit.com are also able to register for a free Credit.com account, which gives them access to a tool called The Credit Report Card. This tool provides users with two free credit scores and a breakdown of the information in their Experian credit report, updated twice monthly. Again, this tool is entirely free, and we mention that frequently in our articles, because we think that it’s a good thing for users to have access to data like this. Separate from its educational value, there is also a business angle to the Credit Report Card. Registered users can be matched with products and services for which they are most likely to qualify. In other words, if you register and you find that your credit is less than stellar, Credit.com won’t recommend a high-end platinum credit card that requires an excellent credit score You’d likely get rejected, and that’s no good for you or Credit.com. You’d be no closer to getting a product you need, there’d be a wasted inquiry on your credit report, and Credit.com wouldn’t get paid. These are essentially what are commonly referred to as "targeted ads" in the world of the Internet. Despite all of this, however, even if you never apply for any product, the Credit Report Card will remain free, and none of this will impact how the editorial team reports on credit and credit scores.

Your Stories

Lastly, much of what we do is informed by our own experiences as well as the experiences of our readers. We want to tell your stories if you’re interested in sharing them. Please email us at story ideas [at] credit [dot] com with ideas or visit us on Facebook or Twitter.

Thanks for stopping by.

- The Credit.com Editorial Team