The scariest data breach article I’ve read in ages


As you can imagine we read a lot of data breach articles every day and it never ceases to amaze me how often data breaches occur and often for the silliest of reasons!  But, to be honest, they don’t generally worry me.  Am I immune, in denial or just complacent?  It’s not as though I haven’t experienced my fair share of data breaches:  TalkTalk more than once and EasyJet just recently.  My credit card gets cancelled every few years as a result of fraudulent use. It happened again last week. 

Whilst inconvenient, I have always changed my passwords, been refunded and moved on.  But what I read was different.  Miguel Gomez wrote this article in which he started by listing the dark web prices of various pieces of personal information. It read like a restaurant menu.  For starters I’ll have a cloned VISA card with a pin for $35 or maybe a stolen online bank login with a minimum balance of $2000 for $65.  Main course would be a $3000+ PayPal transfer from a stolen account for $156 with a hacked Facebook account as a side for $75.  And finally I can get revenge on a company that has annoyed me by arranging a 24 hour DDoS attack with 10-50K requests per second on an unprotected website for just $60 ($200 for a protected website).  I like to think of that course as just desserts!

Seriously, is it that easy?  My whole online identity could be stolen.  No wonder it’s now such big business.  But the scary bit for me is how easy it appears to be to buy my personal data.  Suddenly every data breach really matters.  We live much of our lives online now, especially since the Covid-19 lockdown.  Bank accounts, insurance, savings, shopping, holidays, tickets, photos, communications …the list is endless.  It might be easier to consider what we don’t do online.

There is plenty we can do to reduce our exposure to data breaches and Gomez lists some of these in his article as do we in this article, but my data breaches were down to the carelessness of the organisations that held my personal data.  GDPR, CCPA and every other data privacy regulation are there to protect us and the local supervisory authorities need to raise their game to enforce them.  Otherwise we will lose confidence and revert to the old ways of doing things, which is easier said than done, but may become necessary if the digital world isn’t safe for consumers.  So, value your privacy and hold organisations that don’t to account.  Easyjet is facing an $18bn class action suit and I might just join it.

Published 17 July 2020