The Hacker Perspective: Trust No One, Especially Companies


Recently, hackers that have yet to be identified, managed to gain unauthorized access into a server at Experian, one of the big three credit agencies. Interestingly, the server contained personal information, including names, addresses, Social Security numbers, dates of birth, and identification numbers (driver's license, military ID, or passport number) for T-Mobile customers. Over 15 million of them!

There have already been reports from the e-commerce security firm, Trustev, that the data sets from the Experian/T-Mobile hack are for sale on the dark Web. At the moment, I cannot confirm or deny this, but it wouldn't surprise me. You would figure that with all of the recent data breaches, companies would learn. It's the same process over and over again. 

As mentioned in a recent New Yorker article, "a company discloses a data theft, executives express grave concern, and customers are left to reset their passwords and sign up for free data protection, feeling all the while like data pinãtas"[1]. Data is the new currency[2] and companies know this.  Well, why aren't they doing more to protect it?  The easy answer is: they are not willing to spend money for extra data security mechanisms when there are no real consequences if they are hacked and the data is breached. Of course, the FTC and the FCC can investigate the issues but there are no real regulations in place to hold companies accountable for their negligence.

So, what does this mean for customers?  It means that you must be incredibly vigilant when sharing your personal information.  We commonly hear this in terms of social media, but it also applies to sharing your information with companies. Hackers know not to trust companies. They believe that companies will use your data to turn a profit, but will not do anything to keep it safe.  If we look at recent data breach reports, it would seem that this is true.  Unfortunately, until there are regulations with real repercussions, things will stay the same.  However, in the mean time, you should do everything possible to protect your identity.  You may say, "I have nothing to hide", but that's not the point.

Your identity, which you may be taking for granted, can be bought and sold on the black marketenabling someone with criminal intent to use it to open new lines of credit and purchase things (e.g. drugs, weapons, etc) that could have a negative impact on your reputation.  These kinds of data breaches do not only affect adults, but according to the FTC toddlers and teenagers are now becoming victims of identity theft[3]. Sadly, this is the second colossal data breach connected to Experian. In 2014, the Social Security numbers of 200 million Americans were exposed[4]. When will they learn?

 Here are a few things that you can do to protect yourself against data breaches like this one:

  • When you sign up for a retail membership or discount program, consider that this is one way that your personal information ends up in the retailer’s database. Reconsider signing up for such programs.
  • Try to use cash and prepaid credit cards as much as possible. This will keep retailers from having your true credit card. I buy prepaid credit cards all the time. It also makes it hard for your financial institutions and retailers to keep track of your purchases.
  • Use a phone management service like Google Voice. These kinds of services can give you a phone number that will ring all of your phones simultaneously. Using a number from these kinds of services will keep retailers and other unwanted people from knowing your real phone numbers.
  • Sign up for a post office box to use instead of your home address. Mailing stores like the UPS Store can provide mail box accounts for inexpensive rates. Using one of these keeps people from being knowledgeable about where you physically live.
  • Cancel a credit card as soon as you suspect something is wrong. I have no problem canceling a credit card if I think there is a reason to do so. Upon request, credit card companies will overnight a new card to you.
  • When using your debit card to make a purchase, select credit, NOT debit. Using your debit card and entering your pin on the key pad at retailers and gas stations is not a good idea. Using your signature is always better than using your pin.
  • Ensure that your financial institution uses two-factor authentication. This means that they are using an extra layer of security that requires not only a password and username but also something that only the user has on them, i.e. a special pin sent to their mobile device.

 If you want to find out how many times your personal information has been exposed by malicious hackers and possibly on the black market, the New York Times and CNN Money have made sites that could give you some insights:

 How many times has your personal information been exposed to hackers? (NY Times): http://www.nytimes.com/interactive/2015/07/29/technology/personaltech/what-parts-of-your-information-have-been-exposed-to-hackers-quiz.html?_r=0

 What hackers know about you (CNN Money): http://money.cnn.com/interactive/technology/what-do-hackers-have-on-you/

 

1 Comment