Data Breach Today – Infinite Future Harm!

From the Intercept, an explanation of the harm of data retention and theft: Data Theft Today Poses Indefinite Threat of “Future Harm”  <read>

We hear continuous claims that “I have nothing to hide, so who cares if they have my data”. Lets look at what might actually happen:

Benjamin Nuss was one of the nearly 80 million people whose social security number and personal information were compromised in this year’s Anthem data breach. He seems to have taken things in stride, continuing his daily routine of sharing computer time with his brother, eating healthy snacks and making crafts. Benjamin is four years old.

While it may seem trivial to think about the harm a preschooler will suffer from a data breach, the question is not what happens to him now, but what will happen years from now. Data theft poses an indefinite threat of future harm, as birthdate, full name and social security number remain a skeleton key of identity in many systems…

If the hackers pursue next steps in cyberespionage, they are likely to use the records they’ve acquired, cross-hatched with information from credit databases and even social media, to see who is vulnerable to blackmail or bribery for financial or personal reasons…

A first-person article by William Gerrity published two years ago by Slate and the website Zócalo Public Square gives a vivid picture of what may lie ahead for those targeted. In 2007, Gerrity was checking his email after a long day working as a real estate developer in Shanghai. “The message greeted me by a nickname known only to family and close friends,” he wrote, “and it contained a proposal: I could pay 1 million renminbi (about $150,000 at the time), in exchange for which the sender would not forward the attachments to my business partners or competitors.”

In this case, the hackers had obtained confidential business documents, as well as personal correspondence about the death of his mother. The FBI advised him to refuse the request, which he did. But imagine that the request was not for payment in cash, but in federal information. And imagine the trade was not in business documents, but evidence of misconduct or criminal behavior on or off the job. That’s bait, if acquired and used, that could be harder for some to refuse…

In fact, federal officials later acknowledged that the OPM breach included what’s called a Standard Form-86, on which new hires (including military and intelligence officials) must reveal details that could make them vulnerable to blackmail or influence, including prior drug use, financial woes, and criminal convictions. The form also asks for ties to citizens of other countries; thus the hackers, if they are Chinese, would quickly be able to determine who has friends and family in their country…

The possibilities are endless, or infinite as the article says. Lets just say:

  • A teen commits a crime due to negligence, error, or immature intention. It hurts another person, it would be embarrassing and could have a huge criminal penalty.
  • An adult commits a sexual, consenting indiscretion.
  • Even unknown to a person, they make an material error in a business transaction. For instance a mortgage application, or real estate listing that causes another person or organization significant harm.
  • Such could be used to intimidate that individual at any time.  Especially if they become a prominent public or private decision maker. Especially a law maker, chief executive, department head, Cabinet Member, Judge, regulator or President. Or even a person attaining a lower level critical position, with security clearances or control over government contracts.
  • Actually, the individual could be,unknowingly, groomed for that position by others who have that information, ready to use at the appropriate time.
  • Perhaps the individual was setup to commit the crime or indiscretion.  Perhaps it never actually happened, yet there is enough of a long buried false record, created for this specific purpose.

Read the article for more details on the risks and the legal issues surrounding this.  Be very careful before you ever sign on to accepting a settlement in a class action suit for a data breech.



Leave a Reply

You must be logged in to post a comment.