Frank
Knapp appeared on SC ETV’s Connections this past Friday evening. Host P.A. Bennett talked with Frank about the
dangers to businesses as a result of the hacking of tax data from the S.C.
Department of Revenue. Also appearing on
the show was Carri Grube Lybarker of the S.C. Dept. of Consumer Affairs, FBI
Special Agent Chris McLure and financial empowerment coach Karen Jenkins. Click
here to watch the show entitled “Protecting Your ID”. Frank’s segment starts 13:55 minutes into the
program.
-------------------------------------------------------------------------------------------------------
The total potential consequences of the hacking
theft of South Carolina tax information on 700,000
businesses is gradually getting through to the public and, for that matter,
the Administration of Governor Nikki Haley.
-------------------------------------------------------------------------------------------------------
Haley first
characterized the threat to businesses as no more than the risk we have
when we “give a check to your grocery store.”
She asserted that the business information the hackers stole somehow
wasn’t a secret at all. “They got what
was already public.”
But to make businesses feel more secure her office
offered a state-funded business credit monitoring protection from Experian and
then later much the same service at no cost from Dunn & Bradstreet.
But the business threat is much more serious than
simply identity theft which results in results in destroyed credit. The actual money a business has in a checking
account is at risk.
Two weeks after the hacking of the Department of
Revenue data, S.C. Treasurer Curtis Loftis brought to Columbia security expert
Chris Swecker, the former head of the Charlotte office of the FBI and Bank of
America’s corporate security. Swecker
told a symposium on the issue that up to $360 million could be swiped from
individual and business bank accounts because of the data breach.
From the very beginning that the public was made
aware of this failure to protect taxpayer information I have been preaching
that businesses should at a minimum close their checking accounts and re-open
them with new account numbers. At least we
can make one part of the information stolen obsolete so as to protect against
the thieves fraudulently pulling money directly out of checking accounts.
However there is a much more insidious
threat—corporate account takeover. Swecker
pointed out that the thieves can use the business tax information to target
high-income businesses.
Corporate account takeover is real, costly and not
hard to do when the thieves have all a business’s tax information. The thieves can target the businesses most
likely to have significant cash from time to time in their corporate checking
accounts. Business websites will give
all the information the thieves will need to send malware to office
computers. Just as someone at the
Department of Revenue downloaded malware that let to this debacle, someone at
the business will unknowingly do the same.
Once in the door, the malware will find the computer
used for online banking and it’s over.
The thieves will know when is the right time for them to strike. The money will be gone and the financial
institution cannot be held accountable.
There are some solutions to this problem. One is inconvenient and the other will
cost. I’ll discuss them tomorrow.
No comments:
Post a Comment