Cyber-thieves broke into the computer systems of Amazon.com's book service Bibliofind.com, Creditcards.com, and Egghead.com. and stole customer information including credit card information.
ZDNet News, Oct 11, 2001. Underline added.
ChoicePoint who provides information about individuals and companies to the FBI, Department of Justice, insurance firms and other clients, including banks and other customers in the financial services industry reported the existence a sever security hole in its computer system. The vulnerability allowed cyber-attackers to run the operating system. The data gathered by ChoicePoint on behalf of its clients includes such items as background screens, pre-employment drug tests, military history checks and insurance fraud investigations. This report followed a prior report from ChoicePoint that disclosed a cyber-attack vulnerability that gave the attacker access to the company's internal documents and to obtain user Identity data and passwords used to access the system. It is reported that the ChoicePoint's access vulnerability could have been easily located through the use of many of the free or commercially available vulnerability assessment scanners.

Newsbytes, Jan 28, 2002. Underline added.
A cyber-thief broke into the computer system of a car enthusiasts company and downloaded information on 115,000 customers including 45,000 credit card numbers.
Associated Press, Dec 18, 2001. Underline added.
A cyber-thief broke into a Palo Alto company's computer system on multiple occasions and stole at least 1,800 credit card numbers, users names and passwords.
Mercury News, Jan 26, 2000. Underline added.
Payboy.com alerted customers that a cyber-thief broke into its computer system and stole some customer information including credit card numbers.
CNET News, Nov 20, 2001. Underline added.
A cyber-thief broke into the computer system of the Maine Public Broadcasting Corporation and accessed names, phone numbers, addresses and credit card numbers of the 63,000 members.
InfoSec News, May 11, 2000. Underline added.
An insider cyber-thief stole a database of approximately 60,000 Prudential employee personnel records which included sufficient personnel information to allow the theft to steal each individual employees’ identity.
Department of Justice Release, March 1, 2002. Underline added.
De Beer's, the World's premiere diamond distributor, through a security hole in its computer system, allowed cyber-criminals and the public at large to access the names, phone numbers, home addresses and e-mail addresses of about 35,000 of its customers.
CNET News, April 4, 2000. Underline added.
The U.S. financial system depends upon three major payment networks and those networks are vulnerable to a cyber-crime. Financial institutions are loath to publicize cyber-crime of any type on any financial institution's network because such a report might shake consumer confidence in the banking system. However, one senior banking system security official states he is sure there have been many instances where bank computer systems have been successfully attacked but the attacks have not been reported.
USA Today, Oct 29, 2001. Underline added.

Are You a Target?

If you or your organization receives, processes, stores or distributes sensitive, confidential or secret information, defined as protected information, or you or your organization have access rights to someone who does receive, process, store or distribute protected information, you are a target.

Protected information includes, but is not limited to, such items as identity information, credit or debit card account information, banking, retirement or financial information, of any employee, agent, partner, associate, staff member, customer, client, patient, beneficiary, vendor, contractor, supplier, shareholder, or other party.

Your organization is exposed to significant damage losses and liabilities from a cyber-theft attack. It is very important that all employees and contract hires are fully aware of this fact. Each should also be aware that a successful cyber-crime attack could result in your organization being required to pay large sums of money to each of the individual damaged victims. These damage payments could drastically impact the financial strength of your organization and affect its ability to maintain current staffing levels and payroll. In fact, a very serious cyber-theft attack could result in the bankruptcy of your organization

 

What is cyber-theft?

Are cyber-theft attacks real?

Is my organization a target?

What is cyber-theft?

Cyber-theft encompasses many types of acts, which are defined as unlawful by statutes, regulations or other forms of dictating acceptable and legal activities. For the purpose of addressing the cyber-security of protected information cyber-theft includes the following definition.

Cyber-Theft - is the use of computers and communication systems to steal information in electronic format. Cyber-theft usually involves the extraction of a copy of the electronic information. By taking only a copy of the protected information the cyber-thief often remains undetected, the crime remains unreported, and the criminal is often never apprehended.

Are cyber-theft attacks real?

Cyber-theft is the most common and the most reported of all cyber-crimes. Cyber-theft is a popular cyber-crime because it can quickly bring an experienced cyber-criminal large cash results from very little effort. Furthermore, there is little chance a professional cyber-criminal will be apprehended by law enforcement.

The major multi-national organized crime syndicates did not enter cyberspace to have fun and play games. Each operates a very serious business highly dedicated to removing significant amounts of cash and valuable protected information from the possession of organizations and anyone that owns and operates a computer system.

The Chief Executive Officer of Microsoft reported that a cyber-criminal broke into Microsoft's secure computer system. The intruders gained access to some of Microsoft's key programs. The intruders did see [had access to] and stole some of Microsoft's source code. It has been Microsoft's policy to always keep its source code top secret and well protected. It is reported that Microsoft did not learn of the intrusion until after the attack was completed; that the attack included Microsoft's flagship products Windows and Office; the intruders gained the power to and may have manipulated the code possibly inserting operational bugs, worms or viruses.
Wall Street Journal, InfoSec News, Oct. 30, 2001. Underline add.

Point: Cyber-criminals successfully broke into Microsoft's very secure development computer systems. Microsoft admits the cyber-thieves gained access to Microsoft’s new product source code and could have manipulated the code or installed stealth cyber-crime code segments.

Point: Most organizations do not retain a large high-powered software security staffs to constantly maintain and monitor access to all of their computer systems, databases and data backup systems. Therefore, most organizations are even more vulnerable to a cyber-theft attack than Microsoft.

A cyber-theft gained access to some 8 million credit card account numbers including Visa, MasterCard, American Express and Discover, of which 2.2 million were admitted to be MasterCard, from a company that processes transactions for merchants. None of the credit card companies would identify the attacked company nor explain exactly when or how the intrusion occurred.
The Orange County Register, Feb 19, 2003. Underline added.