Insights + interviews
Beware how massive data breaches can affect you
I recently had my Facebook identity stolen. I never thought something like this would happen to me, I use strong passwords and have two factor authentication (codes sent to my mobile phone to access the account). Whenever I see a Facebook friend warning others not to accept a friend request, I assume this is because of poor security or bad password choices.
But I was wrong, this can happen to anyone – even me, a specialist in data privacy. In my case, someone had downloaded my profile data: my profile photo, account information and the contacts in my friends list. Thankfully my friends were suspicious and asked me why I had been adding them again, some had even received messages from this fake account. But some other friends accepted the request – who knows what would have happened if Facebook had not been so quick to delete the account!
This is only one case of fraud, but many more serious breaches take place every year. Let’s recap quickly on the Cathay Pacific breach and the impact this might have on their users. 9.4 million people were affected by the Cathay Pacific breach, making it the worst airline breach in history. The hackers accessed personal information: everything from phone numbers and names to birth dates and email addresses. In addition over 800,000 passport numbers and identity cards were hacked, and over 400 expired credit card details.
The problem with these data breaches isn’t the breach itself, it’s the personal details that could be used in the long run. Even with data protection laws in place these breaches can affect the entire company (from board to senior management), but at the end of the day the real victims are those whose data was taken.
How might our personal data be misused or monetised?
The personal information that hackers access can be used as proof of identity. Proof of identity is information we use to verify who we are, which can then be misused for fraud and blackmail. These details together with a passport number, identity card number or frequent flier number, can be worth millions of dollars on the black market.
Why might a passenger’s personal information be useful? Simply because we are comfortable giving more personal information to airlines. According to the IATA Global Passenger Survey 2018 :
• 65% of passengers are willing to share additional personal information (e.g. address at destination and photos) to speed up waiting times at airports.
• People like to stay connected, are web savvy and comfortable with their digital lifestyles.
• 85% of travellers like to receive flight notifications through apps on their phones.
• The typical profile we give to airlines can therefore be a goldmine for scammers and hackers, making us easy targets for phishing and social engineering. With the information we give, hackers can steal flights and alter ticket details, or earn millions of air miles, or even sell identities on the black market.
Scammers can also do the following:
• Attack personal accounts where users use personal identification numbers as their user IDs.
• Use identity cards and basic information to get a contract deal mobile phone number and phone.
• Redirect correspondence by changing addresses with your bank or other service providers.
• Borrow money from loan sharks.
• Send phishing emails to us, pretending to be reputable companies or government institutions.
• Manipulate us into divulging more confidential and personal information that can be used for scams and fraud.
These instances might not take place immediately, it could be weeks or months down the road when our personal data might be used.
If you think you might be at risk of a data breach, you can take the following simple steps to try protect yourself. You should regularly change passwords and user ID information, monitor your credit card and airline mile usage, and be more vigilant when it comes to future online interactions and the personal information you give.
Social media sites like Facebook are prone to identity theft, making users an easy target for a phishing attack or scam. For these sites you can go to your privacy settings and change them, for example, how people can find you and contact you, or who can see your friends lists (this is how the thief was able to get my friends list and contact them). You can do the same for anything you post online!
At the end of the day, ensure you have all the security measures in place – it’s better to be safe than sorry!
This article was contributed by Kevin Shepherdson, CEO, Straits Interactive
Kevin is a leader in data privacy platform solutions, with over 20 years’ experience in the IT and data privacy Industries. `International author of “88 Privacy Breaches to Beware of”, Kevin is also a Fellow in Information Privacy and has
consulted for over 50 listed and multinational companies on data privacy.
Straits Interactive delivers end-to-end governance, risk and compliance solutions that enable trusted businesses and responsible marketing, especially in the areas of data protection and privacy.
