Data Privacy Day is right around the corner! This international celebration occurs on January 28 and promotes advocacy for privacy and data security awareness — particularly the protection of personally identifiable information (PII).
EZShield is proud to be a Data Privacy Day Champion. And in doing our part to promote this event, it seemed like the perfect opportunity to get #PrivacyAware with a transparent analysis of the current data security landscape and derive learning lessons as we move ahead.
Data Breaches in 2017
Data breaches lie at the heart of the data security debacle. A data breach occurs when sensitive, confidential or protected information is exposed. Exposure can either be accidental or malicious in nature.
There were 1,579 reported data breaches in 2017, up 22 percent from the year prior. While it seems like only a modest increase, the size of these attacks were unparalleled. In total, data breaches exposed over 178 million sensitive consumer records in 2017 — a 376 percent increase from 2016.
Information exposed by data breaches in 2017 included names, Social Security numbers, email addresses, bank account information, online account credentials, medical records, and other pieces of sensitive consumer information that companies often keep on file.
However, a data breach doesn’t always include personally identifiable information. The recent exposure of consumer behavioral data from Alteryx has sparked concern over a potential increase in social engineering scams. With behavioral data, hackers can use the breached information to facilitate highly-targeted scams that reflect a victim’s personal interests, beliefs and preferences.
The Equifax Data Breach
The Equifax data breach was the main driver of this growth. If not for this organization’s single security incident, the number of sensitive files released last year would have decreased by 20 percent.
Hackers stole more than 145 million consumer records from Equifax, including Social Security numbers. The attack impacted three in every five American adults. Post-breach resolutions cost Equifax upwards of $200 million, and consumers have spent an estimated $4.1 billion on credit freezes following the attack.
It was a poignant reminder of how little control consumers have over their information. A simple act, like applying for a credit card, results in the mass sharing of highly-sensitive data. No company is immune to security incidents, and it’s up to consumers to proactively protect their information.
The Uber Security Scandal
Equifax was far from the only offender in 2017. Uber also made headlines as a result of its own data breach. Yet, it included quite the scandalous twist.
In October 2017, Uber disclosed a data breach in which hackers stole company records on 57 million individuals. The attack exposed both customer and driver information that was initially compromised exactly a year prior.
The hackers first reached out to the company to request ransom money. However, Uber did not report the data breach in a timely fashion, per data privacy regulations. Instead, Uber reportedly paid the hackers $100,000 to delete the data and keep the breach quiet.
Unfortunately, Uber is not a one-off account of corporate misconduct. In fact, the majority of data breaches go unreported. And even reported events often lack key information, including the size and scope of the attack.
New legislation hopes to change breach notification requirements to provide consumers with more transparency. These proposed measures would allow consumers to act quicker in the event their information is compromised.
Growing Risks Facing Consumers
Data breaches in 2017 are not the only point of concern. Today’s data security climate is changing dramatically and involves major players across the board. Let’s explore a few of the growing concerns in this space.
Experts forecasted that 8.4 billion connected devices worldwide would be in use last year — up 31 percent from 2016. These devices, often referred to as Internet of Things (IoT), include popular wearable and smart-home technology. While these devices may seem “smart,” hackers have become skilled at cracking their often lack-luster security controls. Ultimately, it can give criminals a rather intimate view into their victims’ lives.
Scammers have perfected their craft. They are highly skilled at creating tailored phishing campaigns, using data found on social media profiles or from data breaches. This personalization helps legitimize their scams, forcing consumers to play it smart — especially online.
Today’s most heated political debates now reside in cyberspace — and consumer casualties are just part of the strategy. Mass cyber espionage campaigns will continue to happen. Therefore, companies must recognize this threat is real. It’s up to them to protect consumer information accordingly, and guard against the potential data exposure risks.
The Data Lifecycle: Where Does It End?
There’s a lot of data out there, but where does it all go? Some is used for cyber espionage, but most is obtained by common hackers and used to commit identity theft or fraud.
Hackers are not always the ones ultimately perpetrating these crimes. They often act as a middle man and sell stolen data on the online black market to would-be perpetrators.
EZShield has seen this growth first-hand. We proactively protect our users with advanced monitoring services to more quickly detect and alert users to potential threats — including the online sale of PII through Internet Monitoring.
Internet Monitoring scans known black market websites for instances where a user’s personal information was sold or traded by criminals. If personal information is detected on these websites, EZShield quickly alerts the individual and administers proactive security measures to resolve the incident.
Last year, the number of EZShield alerts doubled. The largest growth was seen in Internet Monitoring alerts, which rose 120 percent from 2016.
However, these figures are not a representative statistic. Our comprehensive “secure, monitor, restore” approach to identity protection aims to prevent the compromise of customer data rather than simply reacting to an identity theft or fraud event after-the-fact. Also, consumers without identity protection services tend to be at a greater risk of being victimized.
It’s Time to Champion Data Security
It was a poor year for data security, but that doesn’t mean 2018 has to share the same fate. Together, we can learn from past security woes to build a more secure future.
We invite you to join us in our 2018 Data Privacy Day celebrations. Be sure to follow us on Twitter as we share privacy best practices using the hashtag #PrivacyAware.
EZShield is also offering helpful resources to spread the word about data security. Check out our top resources in honor of this great event:
- 2017 ID Crime Report
A complete analysis of security concerns and data breaches in 2017
- ID Security Infographic
The perfect social media share – don’t forget to use #PrivacyAware
- Live Fraud Feed
Partners can offer the latest fraud, breach and scam news right on their website
Consumer and small business protection tips from EZShield experts
Check out Stay Safe Online’s Data Privacy Day page to learn how to get involved. Here you’ll find ways to champion security changes at work and home. Simple steps can make a big difference in protecting your privacy and the privacy of those who entrust you with their personal information.
For more information on EZShield Identity Crime Protection and how we can help you build a more secure future – schedule a demo of our services today.