I try not to go off on security rants in the newsletter, but this week I’m unable to hold back. An apparent breach of a data aggregator has resulted in a monster dataset of US, UK, and Canadian citizens names, addresses, and social security numbers. As a number of reports have pointed out, the three billion records in the breach likely contain duplicate individuals, because they include all the addresses where you’ve lived, and there have only been on the order of 450 million US social security numbers issued anyway.
But here’s the deal. Each of these data aggregators, and each of the other companies that keep tons of data on you, are ticking time bombs. Maybe not every one of them gets breached, but there’s certainly enough incentive for the bad guys to try to do so. (They are looking to sell the NPD dataset mentioned above for $3.5 million.)
My gut feeling is that eventually all of the information on everyone will be released. Maybe then it will cease to be interesting to new crops of crooks, because there’s nothing new to learn.
On the other hand, the sheer quantity of identity thefts that this, and future breaches, will unleash on us all is mind-boggling. In the case of legitimate data aggregators like this one, requesting to have had your data out of their dataset appears to have been a viable defense. But for every one legit operator, there are others that simply track you. When they get hacked, you lose.
This breach is likely going to end in a large lawsuit against the company in question, but it almost certainly won’t be big enough to cover the damage to everyone in the affected countries. Is it time that companies that hold large datasets will have to realize that the data is a liability as well as an asset?
9 thoughts on “Your Data In The Cloud”
Maybe they can hide the data?
How about not have the data in the first place. There is no legit reason (marketing, and sales are not legit reasons) to maintain my personal information without my consent.
Background check companies can actually do their jobs instead of maintaining a database as well.
Even worse nothing happens to these companies that accumulate information and then lose it. Experian anyone? Heck the damn military has leaked my information TWICE and I have been out of service for 6 years at this point.
I am really tired of it. Same with the Flock cameras, biometrics at airports, all new passport photos are being used for biometrics. Stop spying on me.
There is a simple fix, just require that everyone who stores your data and that data is stolen is required to pay every person $325.
This happened to me, there was a data breach, the settlement was $325. Of course then they started making up arbitrary requirements like you had to submit proof of something or other, then there was another thing, then it just all quietly went away after proper application of hookers and cocaine.
But the idea is simple and would be stunningly effective.
I suspect if something like this happened, the company would just declare bankruptcy, all the other debtors before anyone affected would get payouts, and the people running the company would just start a new business doing the same thing. It’s a mess.
But I like the idea – maybe even require companies to get insurance against a breach. Then they’d have to work pretty hard to make the insurer happy, and it would guarantee the payout when it does happen (and it always happens)
It seems you may have omitted a few words in you post:\
“There is no legit reason (marketing, and sales are not legit reasons IN MY OPINION)… ”
THEY think marketing and sales ARE legit reasons (it’s how they make a living after all). If you don’t like it, work to install politicians that will stand up for your rights – stop voting for the same people that continue to look the other way or merely pay lip service to the privacy of individual citizens.
(I found it quite amusing this week when Congress got all bent out of shape because one of their own (Ex-congress woman, Tulsi Gabbard) was on a list of people the government keeps an eye on. How’s it feel, folks?)
Aside from the fact that govs, military, intelligence agencies all want the data, if the polity and its citizens all got on board with stricter privacy laws and penalties it’s too late for most of us now with our data already out there. Changes may safeguard future gens, but probably only for a short period of time before it’s the same-old, same-old sh!t again.
Amen!
We need to make this kind of stuff illegal.
They’re putting pressure on gun manufacturers to have accountability for how their weapons are used, and the vast majority of guns are never used to harm people or stolen. (Not debating here the rights or wrongs of that approach, just raising it for comparison) –
These datasets are abusing us even when used as they intend them to be, and as you say, the majority will be stolen or leaked eventually. We need to hold them to account and stop them doing this.
Just make any dataset containing any data of a person paid per day to the person in question by the company behind the dataset.
Even $ 0.50 will do.
And if the data is stolen then de data is presumed stored forever.
Maybe a solution would be to make it legal to delete their data. These brokers never ask permission to arbitrarily gather it, maybe we should have the right to arbitrarily delete it. If their security isn’t up to scratch wiping it all rather than trying to sell it should be fair game.
