Remember when Target got hacked and tons of customer credit card information was leaked two years ago? Target didn't detect that breach until weeks later, long after sensitive data had been disseminated across the internet. The incident ended up costing the company hundreds of millions of dollars outright, not to mention the lasting damage to Target's reputation.
Target's not alone. According to a survey research firm, online thieves stole more than a billion(!) records containing sensitive customer information last year, costing companies a whopping 445 billion dollars.
A lot of the damage associated with these hacks could be prevented if companies were quicker to catch on. That's why Terbium Labs, a startup announced last Wednesday, is developing technology that could narrow the gap between data leakage and detection, allowing retailers and service providers to notify their customers of stolen credit card information before we rack up thousands of dollars of unwanted Best Buy purchases.
Terbium Labs is essentially offering companies a private way to trawl the Dark Web — that vast swath of the internet that isn't indexed by search engines — hunting for credit card information and other sensitive customer data that's been put up for sale. MIT Technology Review explains:
After researchers enter hundreds of seed links, the system crawls through those pages, following any new links, to eventually map a significant portion of the entire Web. When it finds data, the system divvies the information up into 14-byte chunks, a common way to search for patterns in text. Those chunks, or n-grams, are stored in a database for later searching. Clients can then query this database to see if any sensitive data from their systems may have been found.
Yet, the system also protects privacy. The data is encrypted and stored as a digital fingerprint. A client can then encrypt its own data, and search for that encrypted text within the database, preventing anyone else, including Terbium Labs, from seeing the information. The company works with its clients to make sure that their selection of sensitive data fingerprints will not result in too many false matches.
Overall, the system allows companies, such as retailers and financial institutions, to detect whether a criminal has published some of their data on the Dark Web without revealing to anyone the exact nature of the sensitive data.
We may never reach a point where our digital transactions are 100% secure. But there's absolutely room for improvement, and tools that help companies become better watchdogs are a step in the right direction.