October 15, 2014 - John Gunn
Fear Not the Mega-Breach (it’s the little ones that’ll get you):

A few years ago, the words hacking and breach weren’t used often in everyday conversation, and the victims were someone other than you. Following massive data breaches at Target, Home Depot, Neiman Marcus, Jimmy John’s and others, and have a majority of Americans impacted by hackers stealing credit card numbers.

It may sound counter-intuitive, but this is not your biggest risk. I made regular purchases at three out of the four above merchants and I know my credit card numbers were comprised. So, I got new cards, changed my passwords and watched my bank statements like a hawk – my guard was up and I was ready for battle.

But what about the breaches that don’t make the news? Don’t think there aren’t breaches at the small chains and independent restaurants where you use your credit and debit cards. This is where the real risk lies and here’s why:

  • Smaller shops simply can’t make the investment in security that the big retailers can. They often don’t have the money, time or people needed to implement the security measures necessary to keep their data protected. Hacker can consolidate stolen credit cards and sell them in secondary markets called the darknet
  • Hackers don’t attack only big stores, but those are the only ones that make the news. Smaller shops are beneath the radar and they often don’t report hacks so you’d never know your credit card was taken by hackers. And let’s face it. A hack at your neighborhood store is certainly not going to make the news.
  • Enforcement of breach notification laws for small business is lacking, and even PCI compliance requirements are weak. According to the Ponemon Institute, 55 percent of small businesses in the United States have had a data breach, but only 33 percent of them notified the people affected, even though 46 states require some form of notification.
  • Since you’re not watching your statements or requesting a new card, it is much easier to miss fraudulent charges on your bank statements, and that’s where you lose.

So, the next time you frequent your favorite neighborhood shop, understand that what you don’t know can hurt you. Just because it’s not on the news doesn’t mean it doesn’t happen, and it’s a false sense of security to think that small businesses are a less appealing target for hackers.

As a consumer and a foodie, I love to frequent local Chicagoland businesses as much as I can, and I still plan to, but now I’m going out with a little more vigilance.


2 Responses to Fear Not the Mega-Breach (it’s the little ones that’ll get you)
  1. Yep, I’ve been saying for months that the small and undetected breaches are going to be far larger, as a whole, than Target or Home Depot. People looked at me like my head would spin around.

    Thanks for writing about it.

  2. Being able to spin around gives you a 360 degree view, which is always better. I am afraid the worst is still yet to come, but perhaps the benefit will be that people will finally move away from static passwords – they are the only technology still in use from 20 years ago.

Leave a Comment