If you thought the Equifax data breach was as bad as digital security got… think again.
The Atlanta-based credit report company only leaked the personal information of 143 million accounts – that’s almost one out of every two Americans but Yahoo managed to lose the email addresses, birthdates, telephone numbers and passwords of THREE BILLION subscriber’s details.
THAT’S ALMOST HALF THE WORLD!
To make matters worse, while Georgia State laws meant Equifax bosses could keep news of the hack quiet for over a month (while they sold company shares) the Yahoo cyber attack occurred in 2013 but wasn’t disclosed until December 2016.
Yahoo’s breach isn’t exactly the tip of the iceberg (unless it’s a very oddly shaped iceberg) because when you add MySpace (360 million) eBay (145 m) Target (110 m) and Linkedin’s data breaches (100 m) – and that’s just the ones over 100 million – you might be entitled to shout “Yodelleh-eh-eh. WTF is going on?” from the nearest mountaintop like AT&T did… before losing 280,000 customer’s personal info in 2015.
Now imagine if Facebook got hacked. That would be…
THE END OF THE WORLD AS WE KNOW IT
According to breachlevelindex.com, this many data records have been hacked, breached, leaked, lost or stolen in the last four years.
In English, that’s nine billion, fifty-three million, one hundred and fifty-six thousand, three hundred and eight. The world’s population is 7.6 billion so I’m guessing that means every human and pet dog, cat, rabbit, and Tamagotchi on earth has had their social security number, passwords or pet passport hacked.
Those figures do not include New Zealand and parts of the Deep South where, of course, electricity hasn’t yet been installed.
In the last month, Apple Mac users (who nonchalantly think they are immune from being PWND) were hit by a Ransomware attack and forced to pay $50 in Bitcoin, reset their machines or a trip to the Apple Store. These Ransomware hackers began using potentially millions of hacked iCloud usernames and passwords to remotely lock people’s computers with the Find My Phone app.
Last but not least, if all this hasn’t put the fear of God into you, yesterday’s news that more than half of South Africa’s population faces the prospect of identity theft after yet another data leak. In short, more leaks happening in the world every day than Scottish people eat cock-a-leekie soup.
We often talk about the importance of strong passwords, anti-virus software and remaining vigilant but it’s not we, the citizens that seem to be leaking all this information. The corporate behemoths are the ones to blame and what gets done? Well, in America and most of the western world – this:
Just like when there are mass shootings, there’s a huge fuss when the sh*t hits the fan and then everyone forgets to be outraged and everyone goes back to their 9-5 job. Need evidence? Well…
Equifax even won a $7.25 million contract with the IRS to protect taxpayer identity AFTER they announced they lost 143 million people’s personal details, though the Government Accountability Office has, as of this week, suspended the contract yet the IRS “continue to review the status of our short-term contract with Equifax” and is “looking forward to the start of the new contract.”
Okay, so that’s the bad and the ugly, but as well as making billions selling your personal data before losing it, CTO’s of those corporate behemoths are taking steps to improve personal and bigger-picture security.
Companies are, finally, beginning to treat data breaches much more seriously and are utilizing better rapid event detection and responses, but we’re gonna throw some ideas at the wall and see if any of them stick.
Over at Facebook, they’re working on facial recognition as third-level authentication to unlock your phone, as well as training neural networks to recognize people by their hair, body shape, and posture. Could these techniques help secure your data on a personal level? If they can, let’s hope it goes better than Samsung’s facial recognition, which could be fooled by holding up a photo of the person’s face!
Could security analysts harness the power of Artificial Intelligence to predict future trends based on past and current behavior to help stop large-scale hacks? Might the future see androids and nanobots hacking the hackers?
It certainly could be one way to stay ahead of the hackers, or would they escalate and use their own A.I. in retaliation?
Apple and Google are making huge leaps forward in machine learning so why can’t a Terminator help with security analytics? It may be less fun than riding motorbikes and wiping out the human race, but hey…
With no single point of failure and authentication offloaded to a decentralized layer of security, Blockchain technology might be the way forward for companies who store data electronically, especially when you consider the idiot things some of them do…
In Target’s 2013 breach, hackers not only obtained 110 million people’s details (including credit cards by targeting POS systems with sophisticated malware) they even obtained the PIN numbers to those credit cards which Target was also holding.
Target was fined $18.5 million, which is a drop in the ocean to a company of their size. If government’s regulatory bodies levied bigger fines, then companies might start pretending to prioritize customers. Instead, Equifax spends $1.1 million a year lobbying against regulatory laws, including data security and breach notification.
Regulation must come from the top-down. It’s up to governments to protect its citizens from executives covering up, stalling or not announcing data breaches. 48 out of 50 states require disclosure after a breach, though timing is only specified in 8 of them and varies from 15 to 90 days whereas over in the European Union, a new law will soon require companies to notify customers within 72 hours of discovering a breach.
America needs to take note of the rest of the world. In the meantime, I’m off to live in the mountains.
In New Zealand.