Data Breaches: Are you a victim?

In a world that is using the internet for all sorts of activities, there are concerns that various users have about the cyber space and how data confidentiality is handled by the applications, websites and gadgets that we use on a day to day basis.

The applications we use usually request a lot of data from us. This data may include, your current location, access to your gallery, messages and contacts, access to your financial information about credit cards and other payment methods. When a user consents to share this information whether unknowingly or knowingly, it behooves the company that has requested this information to protect it from malicious users and unauthorized access. This however is not the case unfortunately.

Of recent there has been a number of increasing data breaches and hacks that have led to leakage of private information from big companies like Facebook, LinkedIn, Dropbox, Uber, Dell, Airbus, T-Mobile, Snapchat, among others. These companies have each been hacked, or exposed to bugs that leaked millions of users’ records, passwords and other credentials online. In other instances, it’s just negligence, for example, the Unites States Postal service left 60 million users data exposed online. In a more recent scenario, SenseNets, a Chinese company that boasts of its technology’s ability to track people across cities and pick specific faces out of crowds, accidentally exposed more than 2.5 million facial recognition records to anyone with an internet connection last week.

On 25^th May 2018, the General Data Protection Regulation (GDPR) was implemented across the European Union (EU) with an aim to primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. This regulation sought to ensure that controllers of personal data must put in place appropriate technical and organizational measures to implement the data protection principles. The GDPR in Article 33 gave the data holders a maximum of 72 hours after becoming aware of the data breach to make the report. This has perhaps contributed to the rise in the news about data breaches that would have otherwise been covered up by companies.

Recent Data breaches

One must be wondering what happens when databases are breached and documents leak? To answer this question, one must first consider the circumstances in which the data was breached. Usually, when hackers breach databases, the data is either sold on the darknet or put the internet where any user can access it.

In early November 2018, the world’s biggest hotel chain Marriott International divulged that unknown hackers compromised guest reservation database its subsidiary Starwood hotels and stole personal details of about 500 million guests. The incident is believed to be one of the largest data breaches in history, behind 2016 Yahoo hacking in which nearly 3 billion user accounts were stolen. The stolen database contained sensitive personal information, including names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, genders, arrival and departure information, reservation date, communication preferences and payment card numbers plus their card expiration dates.

In a very recent data breach, on 15^th February 2019, a hacker who was selling details of nearly 620 million accounts stolen from 16 websites, put up a second batch of 127 million records for sale on the dark web.  Such records are used by other malicious users to hijack accounts, steal credit card information, or mastermind social engineering attacks.

Prosecutions and Fines

The good news however is that not all hackers get away with the crimes they have committed.  In November 2018, two hackers were sent to prison for their roles in hacking TalkTalk, one of the biggest UK-based telecommunications company, in 2015 and stealing personal information, banking, and credit card details belonging to more than 156,000 customers. This specific breach cost TalkTalk £77 million. In a related incident, the German federal police on January 8^th 2019 arrested a 20-year-old local student for stealing and publishing a massive trove of personal data of hundreds of politicians, journalists and other public figures.

However, it’s not only individuals suffering penalties for data breaches, companies have also been fined for their negligence and failure to protect users’ data. This happened in the case of Uber which suffered a massive data breach in October 2016. This breach led to exposure of names, email addresses and phone numbers of 57 million Uber riders and drivers along with driving license numbers of around 600,000 drivers. Uber was fined approximately $1.1 million by UK and Dutch regulators.

The GDPR has also already penalized a number of companies. Last month on January 21^st 2019, Google was fined $57 million by France for lack of lack of transparency, inadequate information and lack of valid consent regarding the ad’s personalization. This penalty was under the GDPR law.

How to protect yourself

There is a school of thought that believes we should earn a percentage of the cut of the profit that tech companies make by selling users’ personal data. In early February, a company named Axios estimated peoples’ worth on social media by dividing the platforms’ annual revenues by their numbers of monthly active users. You are worth $7.37 to Facebook, $2.83 to Twitter and 30 cents to Reddit. Probably, its time to cash in. But until that time comes, you can take the following precautions to protect yourself from data breaches.

• Change your passwords often and avoid using the same passwords for multiple accounts. This helps when in a way that when one account is compromised, the others are safe.
• Add 2-Step or 2-Factor Authentication. Multi-factor authentication has been talked about a lot but not that many people have embraced it. It can be a life saver incase of a data breach.
• Use credit monitoring systems and pull a credit report to see how your credit card is being used.
• Consider the website https://haveibeenpwned.com. This site can tell you if your information has been leaked in a data breach.
• Use digital wallets. Contemplate using digital payment platforms to make online payments. These types of digital wallets, including Apple Pay, Google Pay, and PayPal, use tokenization to make secure forms of payments, essentially meaning they don’t store your credit or debit card information.

Whereas it’s practically impossible in this digital era to preserve your information from being accessed in these types of data breaches, you can make sure to minimize the information you leave on websites and limit the damage when they do occur.