Friday 24 July 2009

Alico: the company is always the last to know

Today, news is emerging of a credit card breach with the Japanese arm of global insurer Alico with the credit card data of approximately 110,000 customers affected. Of those affected, more than 1000 customers have seen fraudulent charges on their credit cards, and the credit card companies alerted Alico to the alleged theft.

An Alico spokesperson said that the company has yet to determine how the data could have been leaked. This statement and the fact that credit card companies alerted the company to the breach shows how difficult it can be to determine how a breach occurred, even if you know that one did occur.

This breach brings to mind RBS WorldPay and Heartland, in which customers saw fraudulent charges on their credit card bills before the companies realized they had been breached. As Alico looks for the source of the breach, we are also reminded that in this threat environment, personal data is constantly under attack. The link to criminal elements shows that these breaches are done with the express intent to grab personal financial data to be used fraudulently. In this type of situation, Alico is left playing “catch up” without the ability to stop additional damage to its customers, because their data has already been compromised. We hope that the company and all in the industry use this as a lesson as to the importance of knowing the location and status of their data at all times because it will always be an attractive target.

As they say, "an ounce of prevention is worth a pound of cure" -- now is the time to apply preventative measures to protect data.