According to Andy Kemshall, the two-factor authentication firm's technical director, the X-Factor US systems hack is the latest in a string of attacks on corporate servers to extract personal data.
The X-Factor US hack, he says, suggests that cybercriminals are now building information profiles on people, rather than developing frauds around available credentials.
"This corporate hack is notable, both for the size of the database theft, and the fact it was made against the servers of music executive Simon Cowell, who is renowned for his attention to detail. This suggests that the server hack was carefully planned and one of a series of attacks on company systems", he said.
Kemshall went on to say that the last few months have been peppered with reports of corporate servers being hacked, and large databases lifted for purposes unknown.
The Sony PlayStation Network and the Epsilon system hacks are the most high profile of these, he said, adding that there have been many more less-reported intrusions, suggesting that cybercriminals are now actively compiling data on large numbers of people for longer-term fraud.
"It's actually quite easy to see a pattern emerging in these attacks. Previously, frauds were card-centric and built around opportunistic database hacks, but the sheer volume of the system hacks in recent months suggests that there is a longer-term strategy involved", he explained.
Kemshall noted that people's credentials – including their names and unique identifiers such as social security/national insurance and address details – are being bought and sold on underground forums, along with dates-of-birth, email addresses and other personal data.
"Our observations suggest that this data is being compiled into one or more databases, meaning that low-level frauds can be carried out on a steady basis, bursting into periods of high activity when the people's debit or credit card details become available", he says.
The data from the attack against the servers of Simon Cowell's operation, Kemshall adds, could be used for phishing or phone-engineering scams against the contestants, but the fact that the FBI is investigating the hack suggests that a gang – who may be involved in other corporate attacks – carried out the systems intrusion.
"It's very easy to dismiss the X-Factor US systems database hack as a one-off incident, but if you look at the hack against the backdrop of a constant stream of corporate hacks in recent months, the reality starts to hit home," he said.
"And the reality is that cybercriminals are starting to conduct these attacks on a carefully planned basis, with the longer-term strategy of building their own fraudulent database on as many people as possible," he added.