Data Breaches: What You Need to Know to Protect Yourself in 2018

Under Armour. Lord & Taylor. Panera Bread. Every day seems to bring another major data breach, with customer IDs, credit card information, and more being accessed and shared by unscrupulous hackers. Are data breaches just a fact of our modern, online life? Are they really that big a big deal? What are companies doing to keep our data safe? And what do consumers need to know to protect themselves in 2018 and beyond? Let’s discuss it.

First Off, What Is a Data Breach?

A data security breach occurs when an unauthorized party accesses, views, or steals protected, sensitive, or confidential information. Such a breach could occur when criminals steal credentials to access confidential data, when they proliferate a virus when they find vulnerabilities in a security network, etc.

Data breaches can occur when a retailer, financial institution, or merchant hasn’t taken the proper measures to protect your sensitive data. For instance, the 2017 Equifax hack — one of the largest breaches ever, with the personal data of 145 million individuals compromised — occurred because the company failed to address a known security flaw.

But most of the time, companies are playing catch-up; the hackers are one step ahead, and enterprises are attempting to address issues as they arise.

So, What’s the Big Deal?

If it seems like data breaches are becoming more and more common, you’re right. “While data breaches were certainly occurring prior to 2005, most of the biggest data breaches recorded in history are reported in 2005 or beyond,” writes Nate Lord in the Digital Guardian.

Here’s a graph, from Statista, that illustrates the huge jump in breaches in recent years:

So if you’re wondering if data breaches are getting more frequent, the answer is a resounding YES. But one result of this increased frequency is a growing acceptance. We’re getting numb to reports that our personal data has been accessed, in the same way, we’re getting used to constant reports of international violence. But complacency in the face of access to your private information is dangerous.

What’s At Risk?

Even though it seems like just another day in the 21st century, treating data breaches as just another minor inconvenience is a mistake. Depending on the nature of the breach, criminals could have access to any or all of the following personal information:

• Name
• Social security number
• Tax ID number
• Email address
• Phone number
• Birthdate
• Address
• Driver’s license information
• Credit card number + expiry date

With this wealth of information, it would be easy for someone to clone your credit card number — or your identity.

In the future, this could lead to fraudulent charges on your credit cards and bad credit… which in turn could impact your ability to get a mortgage, buy a car, rent a home, or even get a job. And even having one minor piece of data fall into unscrupulous hands can lead to bigger problems in the future. Having access to something as relatively small as your email address can eventually lead to bigger issues down the road.

You’re likely familiar with the inconvenience associated with having your information stolen, from having to replace credit cards to having fraudulent tax returns filed under your social security number.

To put it in terms of hard numbers, over 5 million data records are lost or stolen worldwide every single day, according to the Breach Level Index. IBM estimates the average cost for each lost or stolen record to be $141. Do the math, and that accounts for over $700 million lost each day.

What Do We Do?

Most enterprises are doing their best to secure your data. There are a variety of data security regulations that businesses must adhere to, depending on their country of origin and their industry. But companies will always be playing catch-up; as soon as they block one vulnerability, another one is discovered.

“It’s time to acknowledge we can’t trust anyone to protect our data. Instead of whining about breaches, we must improve our own security to survive the aftermath,” writes Paul Muschick in the Morning Call.

In other words, it’s up to the consumer to be your own best advocate. That means keeping on top of data breaches and watching your credit card statements and credit report for unusual activity.

What’s Coming Next?

The good news is that businesses are very aware of the problems with data breaches, and are actively pursuing new solutions, many of which will be enabled by technology innovations such as the blockchain. The distributed ledger technology is widely recognized as a way to combat the centralized data storage that has given way to many of the data breaches we’ve seen in recent years.

Hand-in-hand with the blockchain is self-sovereign identity or SSID. The concept behind SSID is that entities, including people and businesses, can maintain control of their own identity data by storing it on their own devices, and providing it on-demand when needed.

For instance, you could have an “identity wallet” that includes all the information and documents necessary to validate your identity, including, perhaps, your birthdate and place, your citizenship, your driver’s license, your social security number, etc.

Let’s say you want to rent a car, and you need to prove your identity and age. You provide limited access to your identity wallet to the rental car company. You maintain control — sovereignty — of your wallet, and you grant the right to access it only for specific purposes. Once you’ve proven your identity, that access is revoked. The rental car company does not store any of your personal information, so there is no potential for a data breach.

These identity wallets are not just pipe dreams. Organizations such as the SelfKey Foundation are developing decentralized identity management systems that will allow individuals and organizations to fully own and control their digital identity.

While projects like SelfKey’s SSID wallet are gaining in acceptance, the burden to remain vigilant will be on the consumer. Data breaches like Panera, Saks, and Equifax will be the norm until a time when individuals completely own and control their identity online.