Giant Data Leak Exposes Data on 123 Million U.S. Households

This is yet another data breach that would be much less likely to happen if the NSA would primarily do its actual job and protect Americans instead of spying on them and other relatively innocent foreign citizens. Up to 90 percent of the NSA’s budget is dedicated to offense and spying when it should be dedicated to securing vital technological infrastructure and defending the public instead. Unfortunately though, the NSA today is largely an example of the government — compromised through excessive corporate control — treating its own domestic population as the enemy, and that sort of example happens far too frequently in the modern world.

Researchers revealed Tuesday that earlier this year they discovered a massive database — containing information on more than 123 million American households — that was sitting unsecured on the internet.

The cloud-based data repository from marketing analytics company Alteryx exposed a wide range of personal details about virtually every American household, according to researchers at cybersecurity company UpGuard. The leak put consumers at risk for a range of nefarious activities, from spamming to identity theft, the researchers warned.

Though no names were exposed, the data set included 248 different data fields covering a wide variety of specific personal information, including address, age, gender, education, occupation and marital status. Other fields included mortgage and financial information, phone numbers and the number of children in the household.

“From home addresses and contact information, to mortgage ownership and financial histories, to very specific analysis of purchasing behavior, the exposed data constitutes a remarkably invasive glimpse into the lives of American consumers,” UpGuard researchers Chris Vickery and Dan O’Sullivan wrote in their analysis.

A cascade of recent database breaches has left consumers on edge about the security of their personal information. After credit monitoring company Equifax revealed in September that cybercriminals had made off with data on more than 145 million Americans, US lawmakers began efforts to hold such businesses accountable to the everyday people whose data they collect for profit.

[…]

“The data exposed in this bucket would be invaluable for unscrupulous marketers, spammers and identity thieves, for whom this data would be largely reliable and, more importantly, varied,” the researchers said. “With a large database of potential victims to survey — with such details as ‘mortgage ownership’ revealed, a common security verification question — the price could be far higher than merely bad publicity.”

Advertisements

Massive Equifax Data Breach Potentially Affecting as Many as 143 Million People

The recent Equifax exposure of highly sensitive personal data is already one of the worst data breaches in history, and there is still worse to come as that data is exploited by malicious actors.

The advice I have for those affected by this is to monitor their accounts closely to try and prevent any further losses. In particular, know that criminals will use the highly sensitive data like Social Security numbers to go after bank accounts and investment accounts. Withdraw money to prevent it from being stolen as necessary, and also enable two-factor authentication using an authentication method (such as a phone) that hasn’t been compromised by this breach of data. Email accounts often hold a lot of key info on other accounts as well, and therefore those affected should also consider new email accounts or passwords too. And if someone would like any more advice about strengthening their digital security, I’ll freely give them what advice I’m able to.

It’s a sad reality in 2017 that a data breach affecting 143 million people is dwarfed by other recent hacks—for instance, the ones hitting Yahoo in 2013 and 2014, which exposed personal details for 1 billion and 500 million users respectively; another that revealed account details for 412 million accounts on sex and swinger community site AdultFriendFinder last year; and an eBay hack in 2014 that spilled sensitive data for 145 million users.

The breach Equifax reported Thursday, however, very possibly is the most severe of all for a simple reason: the breath-taking amount of highly sensitive data it handed over to criminals. By providing full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers, it provided most of the information banks, insurance companies, and other businesses use to confirm consumers are who they claim to be. The theft, by criminals who exploited a security flaw on the Equifax website, opens the troubling prospect the data is now in the hands of hostile governments, criminal gangs, or both and will remain so indefinitely.

Hacks hitting Yahoo and other sites, by contrast, may have breached more accounts, but the severity of the personal data was generally more limited. And in most cases the damage could be contained by changing a password or getting a new credit card number.

What’s more, the 143 million US people Equifax said were potentially affected accounts for roughly 44 percent of the population. When children and people without credit histories are removed, the proportion becomes even bigger. That means well more than half of all US residents who rely the most on bank loans and credit cards are now at a significantly higher risk of fraud and will remain so for years to come. Besides being used to take out loans in other people’s names, the data could be abused by hostile governments to, say, tease out new information about people with security clearances, especially in light of the 2015 hack on the US Office of Personnel Management, which exposed highly sensitive data on 3.2 million federal employees, both current and retired.

Also horrible is that if consumers try to check Equifax’s site to see if their data was stolen, they quite possibly will waive their rights to join a class action lawsuit and sue Equifax.

Waiver-of-Rights

Notably, Public Citizen is now getting involved in this struggle to protect consumers.

PublicCitizen

If needed, placing a freeze on credit files doesn’t take long and should be relatively inexpensive too.

Freeze-credit - Copy

The data checker by Equifax is apparently not worth much either.

The checker, hosted by TrustedID (a subsidiary of Equifax) that millions of users are checking to see if their private information has been stolen doesn’t appear to be properly validating entries.

In other words: it is giving out incorrect answers.

Those affected by this should move quickly and should be careful about revealing their sensitive data in the future. There will be more terribly damaging data breaches to come, unfortunately.