Another day, another high profile hacking headline. In January it was Chinese hacks of newspapers, then it was think tanks, and now everyone from Beyonce and Jay-Z to First Lady Michelle Obama and Attorney General Eric Holder is having their personal data splashed upon the web. There’s one scary truth all these stories should highlight: The only reason your data hasn’t been compromised is because you haven’t been competently targeted yet.
This latest instance of hacking in and dumping someone’s personal data onto the web, a practice often called “doxxing” in hacker circles, is perhaps the strongest case yet for why you should be wary about the security of your personal information.
The full list of the compromised contains big names: Vice President Biden, LAPD Chief Charlie Beck, AG Holder, former Secretary Clinton, FBI Director Robert Mueller in addition to a string of celebrities of varying stature. Undoubtedly, the most prominent were using strong security procedures to avoid the exposure of their personal data. And yet, none of that mattered, thanks to the source of the breach according to NBCNews.com:
“The Equifax credit bureau confirmed Tuesday that criminals have stolen credit reports from AnnualCreditReport.com, the website designed to allow consumers free access to their own credit reports.
The theft suggests criminals have outfoxed AnnualCreditReport.com’s defenses, potentially giving them access to potentially 200 million Americans’ credit reports. According to the Consumer Financial Protection Bureau, 16 million consumers use AnnualCreditReport.com annually.”
AnnualCreditReport.com, a joint project between our nation’s three largest credit bureaus, itself was not hacked so to speak, but the hackers likely used a combination of trial and error and personal information that could have been gleaned from scouring the web or purchasing it from online data brokers to successfully authenticate themselves as the victims. The ease of the fraud raises a host of concerns: Consider that Equifax has assembled a private database of the employment and salary records of more than one-third of working U.S. adults. Plus, Equifax and its customers have previously agreed to pay a $1.6 million dollar Federal Trade Commission settlement for improperly selling lists of consumers late on mortgage payments. Does their data security record suggests an ability to competently secure access to that mountain of sensitive information?