Even though 2019 is just past the halfway mark, the news for data privacy and security so far hasn’t been the greatest. Billions of data records containing names, email addresses and even credit card and social security number have already been compromised.
So far from what we’ve seen, most of the data loss seems to stem from the fact that companies can’t properly secure data. Experts believe this to be the result of increased data migration to Cloud environments along with heightened attacks against these platforms.
Yet according to Maya Horowitz, Director of Threat Intelligence and Research, Check Point Software Technologies, companies themselves could be part of the problem rather than the solution.
Horowitz recently commented that “Lacking security practices such as misconfiguration and poor management of cloud resources, remain the most prominent threat to the cloud ecosystem in 2019, subjecting cloud assets to a wide array of attacks”.
What Have Been the Largest Data Breaches This Year?
1. Facebook: 540 Million Data Records
Facebook isn’t a stranger to most on the Internet and sadly has been the target of multiple data breaches before. This year their user data was exposed on the Amazon Cloud service and was leaked by two apps which stored user data on unsecured servers. More than 540 million user records were leaked before it was discovered.
2. TrueCaller: 300 Million Data Records
TrueCaller is a call management mobile application that is most known for its comprehensive call-blocking features. Security experts very recently claimed that the company lost millions of data records belonging to users in India. Although TrueCaller has denied these claims, other sources have stated that the data records have been found available for purchase on the web.
3. Flipboard: 150 Million Data Records
Popular news aggregation site Flipboard managed to lose over 150 million records over two separate incidences earlier this year. The company came clean and disclosed the information, although it claimed that passwords were encrypted and remained safe.
4. Canva: 140 Million Data Records
Canva is an online graphic design tool that lets users easily create simple yet compelling designs with a drag and drop interface. It was attacked by a hacker who managed to steal over 140 million data records before the hack was detected and stopped.
5. JustDial: 100 Million Data Records
A local search service for India-based users, JustDial had an unprotected database leak which resulted in over 100 million data records with a ton of information being lost. Info that was leaked was comprehensive and included names, email addresses, occupations and lots more. Apparently, the database was left neglected and the company could not even be contacted to be informed of the leak.
Is Digital Privacy and Security Dead?
If by now you’re shocked at not just the numbers of data records being lost, you’ll probably also be speechless at how it happened. Companies are not just being targeted by hackers, but they are also losing data through sheer negligence like in the case of Facebook and JustDial.
To take things a step further, data provided to financial institutions aren’t safe either. In fact, banks and other financial institutions are even higher up the list of hackers and are constantly being targeted. The problem is that hackers seem to be succeeding when they care to try.
The biggest star of this year has been First American Financial Corporation, which had a leak of over 885 million user records. The information that was leaked stretched back to 2003 and included not just personal data records, but also financial.
The hack doesn’t always directly target a financial institution though. More recently a group of hackers stole over a million credit card records of US and South Korean users. They records weren’t stolen from a bank, but hackers instead targeted Point of Sale (POS) terminals and directly stole the information from merchants as it was being processed – before it was encrypted.
According to data in the 2019 survey on “The State of Software Security in the Financial Services Industry” by Synopsis, although companies have been more effective in detecting and containing cyberattacks, many have found themselves lacking in the area of prevention.
Enhancing Your Own Digital Security
While we as consumers can’t do much about how the companies store and protect our data, it doesn’t mean that we are totally blameless. Careless attitudes towards our own personal information contributes more to the situation than we might think.
By taking personal cybersecurity into our own hands, we can at the very least ensure that our data is safe in our own hands. At least until the onus of security is transferred over to the companies or services we use.
The first thing you can do is to check if you’ve been the victim of one of the numerous data breaches that have already occurred. HaveIBeenPwned is a great resource to do this. Simply visit the site and enter the email address you’ve been using to register your accounts online. The site will search its databases and tell you if your information has been leaked and from where.
Aside from that;
- If you’ve previously signed up for services or accounts you no longer use, make sure that you delete those accounts. Email site administrators and request that they also remove all records of your account that they can. They are sometimes required by law to retain some information, but also must remove records on your request.
- Always use strong and unique passwords for all your accounts. Where possible, ensure that your passwords are at least 8 to 10 characters long and include a combination of upper and lowercase characters, digits and special characters.
- Never provide information to a website that doesn’t have an SSL certificate installed. Many browsers recognize this and identify insecure websites somewhere in the browser address bar.
- Install an Internet security application from a reputable provider. There are many gig names in Internet security include Norton, Kaspersky, Avast and Avira.
- Try to be circumspect about what information you share online, especially with social media sites. Although these sites are meant for sharing, always keep in mind that your personal security and safety is important.
- Always monitor your bank accounts or those you have involving financial investments or otherwise. Notify the banks quickly if you notice any unusual account activity.
- Use a VPN service like NordVPN to encrypt your web traffic and ensure that site have more difficulty in tracking your data. To learn more about VPNs read our Comprehensive VPN Guide or check out our Best VPN Deals page to see what offers are ongoing now.
Conclusion: Take Security into Your Own Hands
The age of digital means that we are more connected now than at any time before. Everything we use, from smartphones to new IoT devices like smart home systems are communicating and exchanging data. Much of it is about our unique behavior and preferences.
At the same times, companies have increasingly shown that they are unable (and in some cases, unwilling) to secure the data of their users. This means that all our data, yours and ours isn’t safe in their hands. While we can only hope that regulators and heavy fines will change their minds and attitudes, we need to take security into our own hands.
We can do this by using being cautious about randomly handing information to external sources. Another way is to ensure we use the right tools to encrypt and mask our online activities. By using a combination of these strategies, hopefully we can remain safe.