Why you should care about data breaches
A whopping 70% of retailers have lost important data and more than 20% has suffered at the hands of hackers. It’s an increasingly widespread phenomenon, with data leaking across all corners of the world wide web.
The figures should serve as a ‘wake up call’ for businesses according to Ann Sellar of Crown Records Management, the company which conducted the survey.
She said: “It takes on average 20 years to build a reputation but just five minutes to ruin it with a data breach and then up to two years to rebuild it. So businesses need to look at the way they protect their information, understand where the threats are and start putting robust processes in place to protect their customers. If they don’t, I can only see the number of data breaches increasing in the next few years.”
The bigger they are, the harder they fall
The trend might well be growing, but it’s also reeling in bigger and bigger fish. Hackers are becoming more and more sophisticated and they’re eager to bring down the biggest targets they can. Sony, TalkTalk, Wetherspoons and even the BBC website have all been attacked to a greater or lesser extent. The BBC attack seems, ostensibly, to be an attempt by the group New World Hacking to show off its muscle.
If anyone thought 2016 might see this trend dry up then they only need look across the Pond to the US, where telecoms giant Time Warner Cable looks to have had more than 300,000 passwords and email addresses stolen already.
Why YOU should care when a big name gets hacked
You might be forgiven for reading the news of corporate hacks and thinking ‘so what?’.
If companies are left red faced by hackers, why does that matter to you? In fact, isn’t there a little bit of Robin Hood charm to their exploits?
If you’re tempted to think that then it’s time to consider exactly what a data breach is and what its consequences are.
Companies hold a lot of data on you. They’ve got your name, date of birth, addresses, phone numbers, bank account numbers and passwords. If they leak data, it’ll be this that goes out and it can prove extremely costly. Once this gets snapped up by a shady operator in a dark corner of the net – where this information fetches just over $100 – your data could end up on the other side of the world in the hands of someone highly adept at wiping out your account.
A corporation might suffer reputational damage, but you and your financial security could be the collateral damage caught in the crossfire.
A £340,000 lesson in how hackers can ruin your life
The case of Paul and Ann Lupton should serve as a warning as to what can happen at the hands of hackers.
They were about to sell a flat in London for £340,000 and had an email from a solicitor asking for the bank details so that the sale proceeds could be paid to them.
The email, containing a bank account number and sort code, was intercepted by criminals, as the Telegraph reported, possibly using technology that ‘X-Rays’ messages to zero in on those containing valuable data.
The fraudster then posed as the couple and re-emailed new account details for the money to be paid into instead, helping them to bank just over £330,000.
The Luptons discovered the crime days later and were able to retrieve £271,000, still leaving them £62,000 out of pocket.
Pastor’s suicide after being exposed in Ashley Madison hack
The affects of a data breach can’t just be measured in monetary terms alone, there’s clearly a psychological impact on the victim, as there is in any crime.
Perhaps the most extreme example of this came last year when adult dating site Ashley Madison was hacked. The cyber attackers wanted to expose what they saw as the dubious morals of a website that was seen to be encouraging extra marital affairs.
Many relationships crumbled when users of the website were revealed online and the breach even led to a New Orleans pastor taking his own life. John Gibson had hidden his membership of the site from wife Christi, confessing in a suicide note that he had used it.
His wife spoke after his death and hit out at the way he was used as a ‘commodity’ simply to make a point.
The ‘database of ruin’ and why Ashley Madison might not be a one off
Fusion technology writer Kristen V Brown wrote of academic Paul Ohm’s ‘database of ruin’ theory in the aftermath of the Ashley Madison hack.
This term describes the data footprint we make on the internet and how that footprint might well contain all sorts of information we don’t want to be made public.
She quoted him as saying: “This might be a secret about a medical condition, family history, or personal preference. It is a secret that, if revealed, would cause more than embarrassment or shame; it would lead to serious, concrete, devastating harm.”
Brown goes on show how Ashley Madison isn’t really a story about the merits of extra-marital affairs, but a warning about what people could do with our data.
“For all of us, there is some data set out there capable of wreaking havoc should it ever be unleashed”
She writes: “It’s tempting to think of it as a one-off tragedy, the kind of thing that happens to people who join a site with a singular purpose of enabling extramarital flings. But a one-off it was not. In a world where the intimate details of our lives are stored on our phones and in the cloud and in the metadata of everything we post to social media, the Ashley Madison hack was a harbinger of hacks to come.
“For all of us, there is some data set out there capable of wreaking havoc should it ever be unleashed. We keep our e-mails in the cloud, along with our lists of contacts and calendars. If you use a fitness tracker like Jawbone, your health data is in there, too. Uber knows where you’ve been and when. Our Amazon purchases and Google searches reveal an alarming amount of detail about what we do and think. There is no light bright enough to shine into all of the infinite cracks and crevices where the intimate digital portraits of our lives are stored.”
Months of misery as hack victims face long term stress
Data breaches, therefore, are now widespread, dangerous and aren’t simply something that ‘happens to other people’. They can also leave a long-lasting stain on the victim’s life.
One TalkTalk customer had his details stolen last February, but was still getting hounded by scammers who scented blood eight months later.
Graeme Smith told the Daily Mail how ‘slick and believable’ conmen pretended to be from TalkTalk to gain access to his bank account, where they stole £2,815. Calls then continued as people carried on preying on him.
He told the Mail: “At its worst, I was getting around two a week and I still get them now," he said. “I think the hackers must pass on your numbers to criminals doing other scams. It’s an appalling situation. You have no idea who has your number, or your identity.”
Businesses see cyber security as a priority, so should you
The BBC has predicted that cyber security will be the number one issue for big businesses in 2016. It’s easy to see why they should come to that conclusion but, as we’ve seen, if they’re worried then customers should be concerned too.
It’s not just the businesses either. The Government wants TalkTalk – in which 150,000 plus customers had details taken – to be something of a watershed. It has committed to spending £1.9 billion by 2020, including the creation of a new cyber force to help combat hackers.
If it’s at the top of the Government and business agenda then that’s a fair sign of how serious this issue is. But individuals shouldn’t leave their security to companies or to politicians – it’s time to realise that data breaches could be extremely serious and that it pays to be protected should they happen. It’s naïve to think you won’t be caught in the storm, the examples above show how real people have suffered. It’s time to care and act.