How Safe is Your Identity and Who Has It?

In July, a security company named Cyphort revealed that they had discovered a 5 year consorted effort to steal personal data called NightHunter. The NightHunter infected over 1,800 systems in major companies around the world to steal data.  In August, news of another large coordinated cyber-attack affecting over 1.2 billion login credentials and email addresses was announced. The attackers, allegedly a Russian cybercrime gang called Cybervor, stole usernames and passwords from over 420,000 websites.  Over the past year, we have learned about major data breaches at places like Target, Nieman-Marcus, and Michaels. All of this was announced while the world was still reeling from allegations that the United States’ NSA and FBI as well as the British government’s GCHQ were mining data on the internet.  While the veracity of some of these claims may still be in question, it does cause one to wonder how far and wide our digital personas reach, who is collecting our data, and why.

      Businesses and world governments have embraced the concept of “Big Data” and how to use the data they collect for everything from marketing to national security. This raises many concerns for those whose data is being collected. I am not going to discuss the arguments surrounding invasion of privacy or the conspiracy theories about “Big Brother”. My concerns surround informing you about how much of your data is actually out there, what can happen to you if your data falls into the wrong hands, and how you can protect yourself.

     Have you ever taken a moment to consider how much information sites like Google, Facebook, and Spokeo have collected on you? It might surprise you to know that Google has been involved in legal battles concerning private Wi-Fi information collected from neighborhoods while creating Street View and also for scanning emails for keywords in order to reduce spam and perform targeted marketing. Facebook commonly performs targeted marketing by using your profile likes and image to promote products to your friends. Spokeo is a treasure trove of personal information available for a price. Google, Facebook, and other sites should not be villainized for utilizing the data that we as users have authorized them to use. We may authorize this in end user agreements or overlook it for the sake of convenience. These are just small examples of the data collected and to simply put it everyone seems to be collecting similar data.

     Disney has experimented with facial recognition and RFID bracelets that track your movements and purchases within their parks. This helps them bring you, the consumer, a better “Disney” experience.

     The Department of Education’s new Common Core Education initiative reportedly has programs that track between 300-1,000 data elements about children and their parents.  Examples of the information collected in some states include child behavior evaluations, child iris scans, social security numbers, metadata from digital devices and online learning programs, keystroke information, the time and location that a device or app is being used, and the type of device on which the program is being accessed.”   Some of this data, like metadata, is not protected as PII and can be data-mined by companies.

     As you perform the research you quickly learn that information once considered private is now exposed on the internet and is being collected by multiple sources. This availability of data combined with those who are inclined toward criminal behavior can lead to bad things such as credit fraud or misuse of power can occur.

    The best way to protect yourself is to be aware of the information you provide when using social media, internet sites, webmail, and phone apps. Understand that anything you put on a computer, whether it is in an email or in a search engine, is being stored and could one day be accessed. Do a search for your name on the internet; you may be surprised at what you can find. Remember if you can find it, then so can anyone else, even those with malicious intentions, and that is one way data breaches and identity thefts occur.