By Aaron LuhnBloombergTechnologyForumThe hackers behind the breach of the personal information of millions of people at thousands of websites are trying to steal passwords to those sites to steal their credit card and bank information, the head of a credit reporting agency said Thursday.
Peter Dejong, chief executive of Experian, said the hackers who broke into some sites were using a “bundle of code” to get into the sites and steal personal data.
Experian has identified more than 2,600 compromised sites, and about 100 of those are linked to one of the hackers, said Dejong.
“These guys are not only trying to sell the data they stole, but to sell it as legitimate information,” Dejong said at a news conference in Hong Kong.
“We have a clear understanding that these guys are selling legitimate information and that’s why we are alerting our customers and alerting the companies.”
“This is the most sophisticated, sophisticated attack we’ve ever seen in our history,” said De Jong, who added that the attackers were not the same ones who tried to steal information from the Office of Personnel Management website, the Federal Trade Commission website and the Federal Reserve website.
“This type of attack, this level of sophistication is not what you would expect from a group that is targeting people for this type of activity.”
A spokesman for the Department of Homeland Security said the department is aware of the reports of the breach.
The breaches occurred over the past week, and the attackers have yet to provide details about the data stolen, the spokesman said.
The hackers have used an “accelerated process of exploitation” to gain access to sites through “an active, active, passive, or passive network,” he said.
“We have not seen the full scope of the compromised data, but this information will be released at a later time.”
Dejong said the data theft will be difficult to recover from because the hackers are using a combination of “robots” and “spearphishing,” which is a tactic to trick people into clicking on links.
The Equifax breach was the first to hit the personal data of nearly 100 million Americans.
Experien reported the breach to the U.S. government in July.
The identity theft industry is one of many sectors hit by cyber attacks, with a recent report that more than $4 billion in consumer credit and other consumer information was stolen in cyber attacks in the first quarter of this year.
A cybersecurity expert said that although some companies have put cybersecurity measures in place, he believes the U,S.
is not yet ready for such a scale.
“I don’t think it’s the case that there is a lot of investment in cybersecurity and a lot more awareness of cybersecurity,” said Dan McArdle, a principal at the cybersecurity firm McAfee.
“I think the real problem is that it takes a long time for organizations to develop a cybersecurity culture.”
The hackers who breached the data are not the first in recent years to target credit reporting agencies and other credit bureaus.
Last year, hackers broke into the credit reporting company Equifax and stole data including names, Social Security numbers, credit card data and credit reports for 143 million people.