Logo

The Modern Warfare of Data Breaching

Andie Smith
October 14, 2020
Tools & Tech

Big data has evolved from modern business intelligence tools to what we know it as today: the gatekeeper and holy storage for analyzing performance across companies and business. We’ve heard enough about the benefits, goal-setting, and advantages taken from becoming a data-driven company and aggregating it well. But what if data has become so widely accessible, popularized, and utilized across industry that it is more precarious than at first glance?

The history of data breaching and cyber-attacks can be traced back farther than the dawn of the Internet. And yet, since 1997, the frequency of data breaching has exponentially increased. 

A few weeks ago, TechCrunch reported a data breach from Shopify support staff that resulted in stolen customer data. Yaguara’s own data engineer, Charles-Andre Bouffard (also known as CAB), had to deplorably admit that data breaching is unfortunately not an uncommon misfortune in our digital contemporary world. Unrelated to Shopify, he claims that these breaches happen at most companies, and they simply keep it under wraps for a few years, or, forever, despite legality of the breach.

As the commonality of data breaches affect everyone from large companies to individual consumers, how will the modern warfare of these cyber attacks affect financial security or financial wellness long-term? Per our last post on financial wellness, Generation Z is growing up and growing into using mobile banking as their primary source of financial accounting. With data breaching occurring frequently, haunting our digital world with threats of an epidemic, precautionary measures need to be taken by digital users and consumers, young and old.  

Defining Cyber Crimes

Cyber-hacking is 2020’s newest and most rewarding profession, whether malevolent or not. TechTarget defines a data breach as a “a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion.” 

On one hand, look at Sims 3, where one of the careers you could enter your Sim in is a “hacker” that can toil away maniacally on the computer all day, making money from one online theft to another.

Most of us have heard of the big heists: when Yahoo had 3 billion accounts compromised, the 2019 First American Financial Corporation breach when 885 million records were exposed, or social media breaches, made known by recent documentaries like The Social Dilemma, which just aired on Netflix. 

The frequency of data breaching is less known, however. According to Varonis, in the last 10 years, there have been 300 data breaches that have exposed at least 100,000 records each. The U.S. had 1,244 recorded breaches in just 2018, and in the first half of that year, 56% of breaches occurred on social media platforms, seemingly a “safer” mobile platform than banking apps. The frequency and severity of these events have made cyber attacks among the top five risks to global stability, according to the World Economic Forum.  

These breaches involve a variety of intent by cyber criminals. CAB discloses that there is an enormous black market for data. It is usually unclear what people sell or steal data for, but it’s usually for malicious purposes: identity theft, creating fake credit cards, leaking famous or powerful people’s personal information, photos, and records, and blackmailing. 

“Companies are treating data like it’s something that does not require a lot of attention, like it’s not extremely sensitive.”

He claims that a lot of workplaces of his colleagues in the field do not build safe infrastructures for data protection. 

The ease of stealing information should worry consumers and digital users. For example, according to a TechCrunch story on a 2014 phishing event involving leaked celebrity nudes, “[cybercriminal] Collins was able to download the backups of the iCloud accounts, and apparently extracted the compromising photos from there....[he] allegedly sent e-mails to the victims that appeared to come from Google or Apple, warning the victims that their accounts might be compromised, and asking for their login details.” 

The ease of accessing personal data can be as easy as imitating a Cloud service. When data is stolen and “gone,” it is still alive somewhere, just stolen and inaccessible by the initial owner. 

And if you assume that you have put up enough safeguards to protect yourself from a personal breach, let us break this down for you: Data moves through a plethora of companies. For example, the data flow into Yaguara is from a consumer buying something on a Shopify store. As a consumer, you send off your data by buying or searching for something on a website, and then you no longer have control over where that data goes and is stored. It is sent off into a chain and flow of other companies tracking, aggregating, and potentially accessing it, and the initial user has no clue or presumptive indicators of where it will go. 

This goes for every application you download on your mobile device as well, as CAB says, “Most applications you download may be free, but the price you pay is signing away your data.”

Large Scale Leaks

Edward Snowden became a household name when he leaked confidential information from the National Security Association in 2013. 

His title is “American Whistleblower” on Wikipedia. While some may consider him a traitor and guilty of espionage, he is vastly considered a patriot and hero for his honoring of posterity in national to individual privacy. In Snowden’s statement after leaking said information:

“The NSA has built an infrastructure that allows it to intercept almost everything. With this capability, the vast majority of human communications are automatically ingested without targeting. If I wanted to see your emails or your wife’s phone, all I have to do is use intercepts. I can get your emails, passwords, phone records, credit cards. I don’t want to live in a society that does these sorts of things...I do not want to live in a world where everything I do and say is recorded. That is not something I am willing to support or live under.” 

In the past decade, the government and its organizations like the NSA have been primarily concerned about making laws to be able to access all data. Their reasoning lies on foreboding footing: in order to catch or intersect terrorist attacks. The World Economic Forum lists cyber attacks and major data breaches as a top tier threat to world stability. So under due process, the government can be evaluated to legally have access to user’s data, which is arguably property of the user, up there with life and liberty. However, for apparent reasons backed by George Orwell or Edward Snowden, it is also an enormous breach of individual privacy. 

CAB claims that the future of cyber security is virtually non-existent on a broad, general scale.

"In the next 10 to 15 years, privacy will cease to exist unless we take action.” 

A Call to Action, Rippling Through the Waves of the Internet

Every website and app a consumer downloads is required to convey and enforce a “privacy policy.” They essentially break down what data the application can collect from the consumer, and how they will use it. However, privacy policies are infamous for their small-print length, and their perplexity. The New York Times broke down 150 of them to prove their dissonance and confusion.  

As a data engineer himself, CAB reveals that there are such things as compliances, rules, and regulations that data engineers should follow. There are such things as the HIPAA (Health Insurance Portability and Accountability Act) that protect medical information, or the PCI Data Security Standard. But, they are not applied across all industries. And, as CAB points out, it's something that most companies cannot afford to do. 

Setting in compliances and safety precautions to protect user’s data requires a copious amount of time, resources, and money. At Yaguara, CAB is currently rebuilding the entire data infrastructure to put up said safeguards. What he argues every data company should be doing is at least hashing all of the PII (Personally Identifiable Information) of consumers the company has data on. 

In fact, Europe enforces a GDPR law that requires companies to not collect PII. Based on GDPR, customers have the right to request their information be removed from databases if saved, and the companies are legally obligated to comply. 

CAB’s call to action involves a lot of moving parts, but is surely in the direction of Europe’s GDPR law.

“We need to redesign and rethink the whole structure of how data moves from point to point.” 

Information is permanent when it’s put on the Internet. It may be gone from one access point to another, but someone, somewhere can still access it. So what does that mean for personal information that you don’t want leaked? 

It’s interesting to examine CAB’s personal ethos on privacy and the way he safeguards his own information and data. Data engineers like himself are attracted to the concept of the dark web, not for the use of drug dealing or other criminal activity (which it is mostly used for), but for anonymity. Additionally, he holds himself to a high standard of privacy by avoiding all social media accounts, using a dozen or so email addresses and phone numbers, and harboring multiple identities online. But this lifestyle comes at a high price:

“I lose the convenience of using those platforms. I can’t see my nephew’s posts on Facebook. But that’s the cost I choose to pay for that privacy.” 

I asked CAB the question: Do you think it’s possible for the world to continue to progress with data technology without stripping most, if not all, of these rights to privacy online?

He was unable to answer this question, as I’m sure it is a dilemma we will see play out over the Internet, throughout the biggest corporations in the world, and in our federal courts. The answer lies in a matter of leveraging the balance of remaining incognito, holding out on our privacy, and also being able to access platforms that make our world turn. To be able to use those platforms for convenience, for what they’re designed to do. 

As our digital landscape turns to the gold and silver market of Influencer social media, where the younger generations are more apt, willing, and societally encouraged to own and advertise their persona online, perhaps we are doomed to regress into a society that strips all of their privacy. The moment you click “Sign Up,” it’s all over. 

CAB calls for something major to happen before people begin to realize that if someone wants your information, financial, personal, and consumer records; they can get it, it’s really just a matter of time. 

A Dash of Hope: What Can You Do and Why?

Everyone should have a right to privacy. Beyond having things to hide, privacy allows us to be our true, authentic selves. The privacy advocate Glenn Greenwald writes in the Huffington Post:

“We all need places where we can go to explore without the judgemental eyes of other people being cast upon us, only in a realm where we’re not being watched can we really test the limits of who we want to be. It’s really in the private realm where dissent, creativity, and personal exploration lie.” 

There is a reason people encourage travelers to travel alone, or why everyone should be single at some point in their lives. Or why Stephen King writes in his memoir On Writing why your first draft should always be composed with the door closed. It’s not a matter of hiding things from our government, or each other, but a matter of owning the right to grow on your own, without the eyes of others. 

With the help of data-connoisseur and expert CAB, we have compiled a resource for protecting yourself from personal data breaches, and educating yourself on the detriments of privacy stripping on a societal/national level.  

As a company that is data-driven and forward-looking, we prioritize the utilization of data properly and safely. As thought-leaders, we intend to report and investigate contemporary issues and news in the technology sector, and providing resources for bettering your individual/company growth and knowledge is at the heart of Yaguara.

  1. Vary and Complicate your Passwords

The number one problem that occurs among digital users is using the same password across a variety of personal accounts. The gargantuan issue with this, argued by our Head of Technology Chad, is that it becomes incredibly easy for a cyber-hacker to access all of your financial and personal information by figuring out one password. Even if the password varies from one number or capital letter to another, the ease of hacking becomes almost comical. 

CAB suggests the tool 1Password. It allows the user to store all of their passwords for all accounts by just remembering one password. This alleviates the pain of having to remember a variety of complicated passwords, and allows the user to store them in a one stop shop. 

  1.  Use a VPN

A VPN (Virtual Private Network) allows users to browse and use the Internet without being tracked and watched. When you’re browsing on a VPN, all of your information is encrypted, so no one can see what you are doing online or interfere with your activity. 

This is important for a variety of reasons. One, it allows users that utilize public wifi hotspots to avoid being hacked. Users can access blocked sites in certain countries (i.e. Facebook is banned in China), or if you want to watch Love Island while on vacation in Mexico, but it’s only accessible through Hulu when in the U.S. Other reasons include wanting to encrypt your online footprint, hide from government surveillance, or keep your location incognito. 

It is important to note that there are a lot of bad, faulty, and malicious VPNs out there that ironically will compromise your data. MakeUseOf has a resource for detecting bad VPNs, and make sure you invest time into shopping around for the right one. 

  1. Consider an Alternate Web Browser

Are you sick and tired of getting Google Ads for a new pair of boots you were browsing for, while scrolling through Instagram, or reading an article on your local media publication? Alternate web browsers, the most popular being Firefox, have built-in ad, tracker, cookie, and fingerprint blocking. These alternatives to Google allow the user to browse the Internet while preserving online privacy. 

For more privacy tools, CAB recommends Privacytools.io for educating yourself on safety precautions and as a resource for digital tools.

Did you find this article helpful? Share it with your connections and engage with us online!