Another Day, Another Data Breach…The Line Between What is Private Data Gets More Blurry!

Another day, another breach. We hope you aren’t getting too numb, cause this is still serious stuff, folks! As I was writing this, a fast food restaurant suffered a large debit and credit card breach. However, it was this recent article about a security breach that exposed data from vehicle tracking devices that caught my eye. This breach highlights some classes of information that most ordinary folks might not deem to be that sensitive, so is it? What do you think?

“The repository contained over a half of a million records with logins, passwords, emails, VIN (vehicle identification number), IMEI (International Mobile Equipment Identity) numbers of GPS devices and other data that is collected on their devices, customers and auto dealerships,”

Another Data BreachWe can all agree that logins and passwords are the usual red flags for sensitive private data. Email? Maybe not so much. VIN numbers? IMEI? What are we talking about?

You’re starting to see more information being security-breached nowadays that doesn’t meet the typical definition of sensitive data. However, today’s reality of big data collection and IoT devices is creating scenarios where “toxic combinations” of data elements, when combined, are like pieces of a dangerous jigsaw puzzle.

Maybe one data element lost may be no big deal, in and of itself. For now. But consider a scenario where bad actors know enough about you—where you live and what sort of car you drive, where you go on holiday break…by inference, when your house is empty. This may sound absurd, however, legitimate companies are using data analytics today to study your buying behavior and preferences. How long before the bad guys are able to use similar techniques to determine the value of your assets? Computing power is getting cheap; anyone can run analytics in AWS, taking advantage of cheap compute power to crunch data, your data. Your stolen data!

Also from the same data breach article, “Interestingly, exposed database also contained information where exactly in the car the tracking unit was hidden.”

This could be quite useful to a multi-million dollar car thief ring! While only speculation, the possibilities are endless. And while this data may not be useful at the moment, this is big money where information can be bought and sold on black markets, and at some point in the future, recompiled to build an interesting picture of individuals. Toxic combinations indeed! Each data element that is lost creates a clearer picture, allowing your identity to be used for purposes that harm you.

“Kromtech noted that the car tracking software monitors everywhere the car has been back as far as 120 days, including a somewhat terrifying feature that pinpoints on the map all of the places a driver has visited.”

The recent credit bureau data breach is another wake-up call, along with this vehicle tracking data breach. Think about the picture that all these breaches can paint, using your personal information. The default state of sensitive data needs to be protected. If you’re a business, it makes sense to re-evaluate the classes of data that could be used to compromise your users. If you’re a user, you need to demand that your vendors act as responsible custodians of your data or vote with your wallet by taking your business elsewhere. Data security is not just a “should have” but a competitive differentiator in today’s hyper connected world. Those that don’t protect data are likely to suffer miserably in terms of reputation and business value. It’s time to re-think data protection.

Voltage didn’t invent the rain; we just try to bring the best umbrella. We’re happy to continue the conversation one on one on how we can help protect your company’s data—contact us today!

Leave a Reply

Your email address will not be published. Required fields are marked *