Reports have been confirmed that over four billion records from 500 million addresses have been stolen by by a Russian group. From buying a set of stolen details on a Dark Web Site the gang was able to install malware on systems using both social media and email exploits. These infected systems were then used to expand the theft as their botnet grew through SQL injection attacks and other vulnerabilities enabling them to steal more data from more websites.
Wm. Morrison, one of the UK's largest supermarket chains, has had the details of more than 100,000 staff stolen. While far fewer people have been affected by this data theft than in others recently reported.
“63% of data breaches were attributable to an outsourced third party IT or web services provider”
CRIF founding member Richard Hodson, Head of Technology at Oval Insurance Broking talks in his article about the risks that remain within your organisation even though you have outsourced your IT.