Data Theft - Everything You Need to Know

Data Theft – A Push of a Button May Risk It All

Our society is plunging deeper in an ambiguous state where we are becoming more aware of the risks that come with the online sharing of personal data, yet we continue to do so, regardless. What people don’t know is that internet data breaches have been the main culprit (almost 92%) of identity theft in as early as 2016, and we should take the necessary measures to combat this growing threat to our personal safety.

Data Theft - Everything You Need to Know

What We Mean By Personal Data

Personal DataBefore we delve into the basic ways you can protect your personal online data, you have to know – what exactly constitutes personal data? It comes to no surprise that many make the mistake of what is and isn’t a part of your personal data since it is a very vague and broad term to start with.

The most sensitive forms of personal data you need to concern yourself with are your social security numbers, health records, and banking details since these are the prime targets of data thefts.

A few other kinds of data that fall under the same umbrella (albeit less important) are your posts on social media, search engine history, location data, and other basic types of information that can be easily monetized by online businesses.

This collection of data is collected within a wide consent spectrum. Sometimes, we give our data knowingly, other times, we hand it over without even realizing it.

Who Sells and Buys My Data?

Buy and Sell DataThe services and convenience that you get by giving away your personal data will not always be as helpful as you might think they will be, so read into the fine lines and be sure that you’re getting what you want out of the deal.

If you keep giving away your data willy-nilly, data brokers will take advantage of your lax attitude and sell your data for profits. They turn your private information into cash legally by collecting, analyzing, and selling to various parties who might be interested.

The info that these data brokers disseminate might be out of date and inaccurate. Regardless, it could still prove invaluable to many investors, corporations, marketers, and even individuals.

If you’re wondering how big this trading system is, last year alone, the Interactive Advertising Bureau released its annual report stating that American corporations have spent an estimate of over $19 billion collecting and studying consumer data.

The services of data brokers have also been used for slightly more sinister means by stalkers and abusers. Doxing (releasing someone’s private information without asking for consent) is becoming more commonplace, made possible by the availability of data brokers.

Removing your information on the internet is an incredibly difficult task, and even if the main source is taken down, the odds are that your info is already being spread among different sources or saved by many individuals.

You can opt to take legal action against the individuals who doxxed your private info, but take note that collecting and selling your online data is completely legal, so you can’t, in any way, sue the data brokers who sold your info in the first place.

While a few states like Vermont and California have put additional restrictions on data brokers, this practice remains very much unregulated.

How Did Personal Data Collection Start?

Since time immemorial, humans have been using the current technology to collect and study data. The Greeks have developed the first every rudimentary computer system with the purpose of tracing astrological patterns.

After two millennia, Herman Hollerith created a tabulating machine that made data processing much easier for the U.S Census. Today, the company that Hollerith created is still standing, in the form of IBM.

Half a century ago, the entire U.S. government began to form a big mainframe of computers tasked with storing and processing the American population’s personal data. Different corporations took advantage of this to further their profits, analyzing consumer information to create optimal marketing tactics. This is still happening today, albeit with a few restrictions. The use of online trackers are becoming more popular, and they come in different forms:

Traditional Cooke

Large corporations such as Google and Facebook use this form of tracker that follows a user’s actions throughout their website.

Super Cookie

This is a more complex form of a cookie that’s harder to remove from your browser. This is used by Verizon, and they had to pay a fine worth $1.35 million because of this dishonest practice.

Fingerprinter

This tracker will follow a user by creating a profile of their device, then proceeding to obtain the user’s info like their IP address, screen resolution, and the specs of their device.

Identity Tracker

This rare form of a tracker will follow people through their identifiable information like their email. They obtain this data through seemingly harmless login pages where users have to give their credentials.

Session Cookie

Not all trackers have a nefarious purpose. Session cookies will keep you conveniently logged in a site or even remember what you’ve chosen to buy. This way, coming back to avail, a site’s services are less of a hassle and much faster.

Session Replay Script

There are a few scripts that are extremely invasive, recording all of your actions within a site, including whatever information you’ve entered or the kind of products or services you’ve clicked.

Our Personal Data Is At A Constant Risk of Data Theft

A majority of data theft happens during a data breach, where cybercriminals infiltrate a big source of data and illegally obtain private information. They do so through “physical” means where they access the network or computer itself and steal its files or remotely by breaching a network’s security. The latter method is the more common form since it’s relatively easier. These are the common steps that a hacker takes during breach operations:

  • Pre-Operation

The criminal does their research and looks for any weakness in security (a company’s people, network, or the system itself.)

  • Initial Contact

The criminal connects with the network or system.

  • Infiltration

The criminal attacks and breaches the system by taking advantage of its weaknesses.

  • Exfiltration

After a criminal successfully breaches a system, they proceed to procure that they data that they need. These data breaches are becoming increasingly common, with the Identity Theft Resource Center totaling the number of reported breaches at 10,818 from January 2005 to the 31 st of August 2019, with 1,612,530,601 records illegally exposed.

You can check ITRC’s yearly reports if you want a more specific breakdown of these numbers. Last year, the industry that took the brunt of these data breaches was the business sector, with the medical sector coming in second, and the financial sector in third.

The Victims of Data Theft

Here are some of the most well-publicized attacks since 2014, showing just how vulnerable we are, with even the biggest companies and corporations being successfully infiltrated:

  • TimeHop – Mobile Retailer

Its users’ data was exposed for 2 hours through an illegal network intrusion on the 4th of July 2018, with over 21 million users affected by the incident.

  • Reddit – Social Media Platform

Hackers were able to access the database of older users on the 19th of June, 2018.

  • Dixons Carphone – Retailer

An estimate of 10 million people could have been affected by the network breach that happened in June 2018. Data that may have been obtained were names, physical addresses, emails, as well as 5.9 million records of payment transactions.

  • Hongkong’s Department of Health

Back in July 2018, this government body was subject to a ransomware attack, where it left their systems unable to be accessed for a whole two weeks.

  • Equifax – Provider of Information Solutions

This incident affected an average of 143 million U.S. consumers where the breach revealed their names, SSS, date of births, and addresses.

  • Anthem – Healthcare Provider

This attack happened in April 2014, with over 80 million medical records reported to be stolen.

  • Ashley Madison – Social Media

Hackers were able to steal 10GB of personal information that belonged to an average of 32 million online users.

  • Target – Retailer

Hackers back in January 2014 were able to breach into Target’s network and infect every one of its point-of-sale systems. This attack leads to the exposure of almost 40 million credit and debit cards, and information that includes names, bank info, and PINs.

What Happens To My Stolen Data?

The most common use for your stolen data is identity theft, often for the purpose of monetary gain. According to Javelin Strategy’s latest annual study on Identity Fraud, identity theft is still prevalent even today.

While its number of victims fell (by 15%) during the start of the year, the rest of its stats are up. More Cybercriminals are still accessing consumer data with too much ease. As stated before, billions of records have been exposed since 2005.

And only last year, over 446 million records were exposed. Despite the latest efforts of governments and outside parties to combat these attacks, criminals are finding other ways to bypass the security, and every consumer’s personal information is still at risk.

Safety Measures You Can Take To Safeguard Your Data

Here are the most basic measures you can take to give secure your data:

1. Extra Steps To Protect Your Identity

You can have extra protection by employing the services of Credit bureaus such as:

  • Fraud Alert – where lenders have to verify the user’s identity before they can extend credit. These are free but need to be renewed every three months.
  • Credit Freeze – will prohibit any third party from retrieving your credit report. Whenever lenders can’t get a credit report, they usually won’t continue a transaction. Some freezes do have added fees, and you have to lift them if you want to apply for any credit in the future.
  • Credit Lock – has the same function as a freeze, except you can lift it yourself. These will also have added fees. For the most safety, you should put in all of these measures in Experian, TransUnion, and Equifax.

2. Stronger Passwords on All Your Devices

The devices that you commonly bring outside, like phones, tablets, and laptops, have the highest risk of getting stolen or lost. Thieves would be able to access your data much easier if you didn’t implement any password to your device. Never use the same password in all of your devices.

If a thief was able to obtain multiple devices, they would be able to unlock all of them if you use just one password. The strongest passwords are very long and don’t have an obvious order to them. You can opt to use a tool to create a stronger password. On the other hand, use an app for password management or keep a list of your passwords in a safe please to keep track of all of them.

3. Two-Factor Authentication

This means that you have to use a specific code every time you log in somewhere new. Check each one of your account’s settings and ensure that this form of authentication is enabled.

4. Avoid Shopping or Banking Online While Using Public Networks

Most public networks aren’t that secure, so always use a private network when doing online transactions. On the other hand, you can use a Virtual Private Network to secure your browsing.

A VPN hides your identity and encrypts your data. That makes it next to impossible for anyone to harvest your data even if you’re using public Wi-Fi.

5. Regularly Update Your Software

Update your OS, antivirus software, and other forms of security. That way, you can use their latest form of protection against the latest cyber threats.

6. Never Give Your Private Info Through a Text or Email

Phishing scams are becoming more commonplace. If someone sends you an email asking for private information, regardless of whatever organization it is, do a background check before you send them anything.

As an alternative, you can visit the company’s official website. For example, if it’s an email from your bank, go to the bank’s website directly instead of clicking the link. It might take a few more seconds, but it’s sure a lot more safe than a malicious re-direction, don’t you think?

7. Don’t Click on Links and Attachments You’re Unsure of

You can easily infect your computer with malware by clicking on a malicious link, so be careful when you’re on a less-than-secure site.

Data Theft – Final Thoughts

One doesn’t need to be an expert to keep your private data secure. All you need is to adequately inform yourself of the basic steps you need to take to ensure the protection of your information.

Having your data stolen can have the most severe repercussions from identity theft, the loss of your finances and assets, or even your physical safety. If you want to learn more, just drop me your questions in the comments below.

Tania Becker

Tania's work at Whatismyip.network revolves around covering the latest cybersecurity news. She has also written several guides on how to bypass regional restrictions.


Leave a Reply

Your email address will not be published. Required fields are marked *