Hackers are just one part of a supply chain in a multimillion-dollar black market for stolen data.
For many years, I personally never had to deal with the consequences of a data breach. There have been several disclosures of data breaches in some of my personal accounts over the years but never an adverse effect until recently.
We were made aware of fraudulent charges on one of our credit cards, and we were able to determine who most likely had the breach as there was only one company that had our credit card number, personal information and a seldom used phone number. When we called, they admitted that they had had a breach.
The outcome was over $7000 in fraudulent orders online. It was a local "gang" who ordered online and had deliveries for pickup at UPS or FedEx. I spent the better part of 2 days contacting companies to stop delivery and checking for some identifying information to try to find out where our information had gotten leaked or stolen.
Worse than a credit card breach, one's identity can be compromised as someone poses as you. Sometimes this is very damaging and could take years and many hours to fix. At best, like for my wife and I, it took several days.
The credit card company may pick up most of the charges, but by acting quickly I saved the credit card company several thousand dollars. Plus it discourages such theft. We later were told by the credit card company that they had a department that took care of getting the charges cancelled, but by calling the companies myself, I was able to stop some charges from going through at all.
Misuse of Personal Data Is Widespread
The misuse of personal information is very widespread and a huge problem. It is estimated that some data consolidators and brokers combine multiple sources and produce a database entry with as much as thousands of data points tied together by key fields like your name, phone number, email address, etc. In our case, there was enough credit card information to create a fake Florida driver's license with a different picture and different birth date and year.
Granted much of the information that is collected about you online is used for advertising geared towards you. Frankly I find advertising directed to me virtually useless and annoying as it is usually for something I just bought or something I looked up but decided not to buy. I highly dislike Google using its information to give me search results they think I might want. Therefore I don't use Google very often.
But there other very good reasons to avoid having your data available to any Tom, Dick, or Harry, good or bad. Do you want your health and afflictions public knowledge? How about incorrect information added to your data record? Even your political party registration is public information and available online to anyone who bothers looking.
I am now a registered Democrat after being a registered republican for many years. However I am really neither -- I am an independent. But in Florida, I have to register as a Democrat or a republican to be able to vote in a primary. I have no intention of ever voting for a republican as I can no longer depend on what they say, their intentions, or their loyalty to me as a voter, or to the US as a whole. Just being a republican in name is a disqualification in my opinion. And it is much less likely for one to be vandalized by a Democrat for being a republican than the reverse, thus another reason to keep the voter affiliation from being common knowledge.
Get The Latest By Email
What You Can Do
Expecting corporations to behave in a pinch, or if vast profits are to be gained, is ludicrous. So the only fix for the misuse of data is by governments and especially in the US since the Supreme court has waged war on the people and allowed corporations and other legal permission to bribe politicians.
Add to the Government’s to Do List
1. Eliminate and return to previous limits on campaign donations for individuals and eliminate corporate donations entirely. Eliminate all donations within 4 to 5 years.
2. Return to the FCC Fairness Doctrine that was eliminated by the Reagan administration in 1987. The absence of this rule is actually what gave rise to Rush Limbaugh's very toxic talk show. The Fairness doctrine kept the media honest by requiring some of their airtime went to discussing controversial matters of public interest, Stations were given wide latitude as to how to provide contrasting views.
3. Make it illegal for businesses and individuals to consolidate data and then sell it to others, including the government. Have very steep penalties for serial violators.
4. Legislate opt-in rather than opt-out to be the default of your data collection.
Some Ways of Protecting Your Data
1. Use an ad blocker but whitelist those companies that truly depend on your support. I use both an ad blocker and ad blocking browsers such as Firefox and Brave.
2. Keep your passwords both easy and hard. Most passwords are guessed or an easy one is broken by an algorithm. I use a nonsense phrase starting and ending with numbers with underscores in between letters. Then begin or end with a hint to the site you're on, I.e. EB for Ebay. Don't save the entire password. Add the last few letters or numbers when you actually login.
3 Resist giving out your name, phone number and email. Use fake ones where you can.
4. Opt-out of data collection where you can.
5. Don't use Google, Bing or others that retain your browsing information. I default to DuckDuckGo, Brave, or Startpage. There are many others.
6. Use a virtual private network service to protect against "man in the middle' attacks. VPNs also prevent your internet provider from spying on you.
7. Don't open links in emails. Look at the link and go directly to their website. If not possible make sure to check first where the link is actually going.
8. Don't use apps particularly on your phone for websites. Make sure you need that app and turn off activity you don't want them to have. Use links that operate like a bookmark to get to your favorite webpages .
9. Don't necessarily fear a browser warning concerning an insecure https warning. Mostly it is a website with a self-signed certificate unless it an e-commerce site or one you have to give sensitive information.
There are many ways. Use the methods that are easy for you and that are the best chance of behaving in an easy, memorable, and consistent manner. By all means don't use password like12345, 54321, or something else easy to guess especially if someone knows your address and/or birthday.
Governments Stand Aside While Darknet Markets Generate Millions In Revenue Selling Stolen Personal Data
It is common to hear news reports about large data breaches, but what happens once your personal data is stolen? Our research shows that, like most legal commodities, stolen data products flow through a supply chain consisting of producers, wholesalers and consumers. But this supply chain involves the interconnection of multiple criminal organizations operating in illicit underground marketplaces.
The stolen data supply chain begins with producers – hackers who exploit vulnerable systems and steal sensitive information such as credit card numbers, bank account information and Social Security numbers. Next, the stolen data is advertised by wholesalers and distributors who sell the data. Finally, the data is purchased by consumers who use it to commit various forms of fraud, including fraudulent credit card transactions, identity theft and phishing attacks.
Continue Reading on InnerSelf.com