Too big to trust: How can we trust Equifax, Yahoo, Deloitte, etc with our private information?

Too big to trust: How can we trust Equifax, Yahoo, Deloitte, etc with our private information?

Stan Vazhenin l

They are doing poor job of keeping our personal data safe. Wall street banks too big to fail. Deloitte, Yahoo, Equifax (Experian, Transunion, etc) too big to trust, to care? Do they really care if your data exposed?

“Big data is like teenage sex: everyone talks about it, nobody really knows how to do it, everyone else is doing it, so everyone claims they are doing it. Admittedly, "blockchain world" and "big data" are two phrases that are about as buzzy as you can find in the modern business world. But that's no reason to dismiss either one,” – Vladislav Solodkiy wrote in his new book The First Fintech Bank’s Arrival.

When Yahoo disclosed in December that a billion (yes, billion!) of its users' accounts had been compromised in an August 2013 breach, it came as a staggering revelation. Now, 10 months later, the company would like to make a correction: That incident actually exposed three billion accounts—every Yahoo account that existed at the time. On the one hand, this new information doesn't really change things in a practical sense, because the initial billion account estimate was already enormous. On the other hand, three billion accounts. It took Yahoo three years to discover and disclose the breach, and almost four years to complete the investigation.

The initial drama over Equifax's September data breach has mostly subsided, but the actual damage will play out for years. The company announced Monday that the total number of people impacted by its breach is not 143 million—the amount it first disclosed—but in fact 145.5 million. Its ability to casually misplace 2.5 million lives upended by the breach is alarming. Do we really need Equifax (Experian, Transunion, etc) if they are not protecting our data?

Several days ago Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months. Several days ago a bombshell report revealed that Deloitte was hit by a major cyber attack (major part of Deloitte's business is selling cyber security) that compromised its email system and certain client records. The full extent of the hacking episode isn't clear. The firm confirmed it had suffered a cyber-attack, but played down the significance by saying "only very few clients were impacted." Other sources claimed the hackers accessed the entirety of the firm's internal email database, and all administrative accounts. It appears the hackers transferred or copied a significant amount of that confidential data and had free reign in the network for “a long time” and that the company still does not know exactly how much total data was taken.

The Guardian understands Deloitte clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments. So far, six of Deloitte’s clients have been told their information was “impacted” by the hack. Deloitte has a “CyberIntelligence Centre” to provide clients with “round-the-clock business focussed operational security”.

In June a marketing company Deep Root Analytics working for the Republican National Committee accidentally left sensitive personal details of almost 62 per cent of the US population exposed – reportedly the largest breach of electoral data in the US to date. Along with information on about 200 million US citizens’ home addresses, birthdates, phone numbers and political views, the information also included analyses used by political groups to predict where individual voters fall on controversial issues such as gun ownership, stem cell research and the right to an abortion. “This is deeply troubling. This is not just sensitive, it's intimate information, predictions about people's behaviour, opinions and beliefs that people have never decided to disclose to anyone,” Privacy International's policy officer Frederike Kaltheuner told BBC News.

In July personal data of 6 million Verizon customers was leaked.  Chris Vickery, the researcher at UpGuard, told CNN that the data were exposed by NICE Systems, a company based in Israel that Verizon was working with to facilitate customer service calls.

In the same month Sweden accidentally leaks personal details of nearly all citizens! The data breach exposed the names, photos and home addresses of millions of Swedish citizen, including fighter pilots of Swedish air force, members of the military's most secretive units, police suspects, people under the witness relocation programme, the weight capacity of all roads and bridges, and much more. Swedish media reported of a massive data breach in the Swedish Transport Agency (Transportstyrelsen) after the agency mishandled an outsourcing deal with IBM, which led to the leak of the private data about every vehicle in the country, including those used by both police and military.

Two weeks ago WeChat confirms that it makes all private user data available to the Chinese government. With over 662 million users, the app, besides being the dominant messaging app in China, it is one of the largest in the world. A 2016 survey by Amnesty International ranked it lowest among popular messaging apps with regard to privacy protection of its users. The information that nearly all the private data in the app is accessible to the Chinese regime became evident.

Several days ago a rental appliance company has suffered a massive data breach that has leaked tens of thousands of Australian private customers’ records online, including identification documents, Centrelink records and financial information. Amazing Rentals – a company leasing televisions, fridges and other household goods – was last week revealed to have published 26,000 personal documents involving 4,000 customers on the internet.

Some experts like Akim Arhipov, CEO of BAASIS ID, blockchain-based digital KYC solution, the recent winner of startup-battle Slush Singapore, will tell you we should put it all on a blockchain, decentralizing the system and querying discrete pieces of information as needed. But all these breach should wake us up to how fundamentally broken this system is, and how urgently we need to replace it. Breaches aren’t simply security failures; they’re the inevitable result of a broken identity system. There are so many new innovative technologies – there are so few real innovations from old players.

Recently one lady asked Tinder for her data - every European citizen is allowed to do so under EU data protection law, yet very few actually do. And it sent her 800 pages of her secrets. “The dating app knows me better than I do, but these reams of intimate information are just the tip of the iceberg. What if my data is hacked – or sold?”. Some 800 pages came back containing information such as her Facebook “likes”, her photos from Instagram (even after she deleted the associated account), her education, the age-rank of men she was interested in, how many times she connected, when and where every online conversation with every single one of her matches happened.

What: presentation of The First Fintech Bank's Arrival book

About the book:

Where: INSEAD (1 Ayer Rajah Avenue, 138676, Singapore)

When: 7th October, 13:00

Entrance: FREE -> RSVP here: