Skip to content
CybersecurityTechnologygeneral-newsEndpoint securityCrime-and-justicePolitics

Struggling with Privacy Versus Rights in the Aftermath of the NPD Megabreach (Conclusion)

Exploring further on the NPD Megabreach saga, consider this: what if we collectively shifted our cybersecurity practices towards a human-focused approach, grounded in values and quality, rather than being ensnared in an endless competition marked by cost-cutting and mass production? This, we...

 and  Administrator
3 min read
Embracing a user-focused cybersecurity approach: A shift from cost-effective, high-volume...
Embracing a user-focused cybersecurity approach: A shift from cost-effective, high-volume strategies towards value and quality. Could implementing this approach be the solution we've been seeking, and if so, how might we persuade others to join the movement? This is the question at hand, and one we share your sentiments on.

Data leaks only get bigger

Struggling with Privacy Versus Rights in the Aftermath of the NPD Megabreach (Conclusion)

Last week, we delved into a massive data breach that likely impacted between 100 million to 200 million Americans, with a combination of home addresses, emails, phone numbers, and social security numbers (SSNs) stolen. The stolen data was initially taken in 2023 and sold on the dark web for several months before being dumped online for anyone to download.

While not all the data was current or accurate, approximately half of the adult population in the US may have unnecessarily exposed themselves to stalkers, scammers, spammers, and identity thieves. Unlike previous breaches, this one wasn't related to an official organization such as the Social Security Administration (SSA). Instead, the personal data was stolen from a Florida-based company named National Public Data, or NPD, run by former actor and video film producer, Sal Verini.

NPD is a background check company that scrapes information from non-public sources to build a comprehensive database, leaving many wondering how such a small company acquired so much personal data.

The Dark Side

The question remains, why would hundreds of millions of Americans hand over their most personal data to a company like NPD? While it's not hard to imagine this happening at a country-wide financial institution, even the biggest US banks and lenders don't have that many customers. Employers are required to maintain accurate personal information about their staff, but even the largest US employers have far fewer than 10 million employees. So, how did NPD, a company that appears to have fewer than 25 employees, end up with a database covering so many people?

The short answer is: no one willingly gave their data to this company. The data was scraped from public and non-public sources without consent or knowledge. If you're on the list of affected individuals, you didn't get to choose if your personal information would be collected, used, or sold.

This brings us to the question of data breaches and why we can't seem to put a stop to them. While we collect and process more data than ever before, the number and severity of breaches continue to increase. While there may be excuses, they aren't justifications.

Holding Our ground

Just as we need to address the breach itself, it's essential to question why we seem helpless in the face of data leaks. The increasing amount of data we collect and store online doesn't explain the rise in breaches. In fact, other areas of cybersecurity have successfully combated similar threats. For instance, the field of cryptography has evolved to meet the challenges posed by faster computers and more sophisticated attacks.

Moreover, we need to ask ourselves why we haven't become better at dealing with breaches when they occur and being more honest in our responses. It's concerning that companies like NPD can respond dismissively to data leaks, and many still do not act honorably when a breach occurs.

Combatting the crisis

While massive breaches like NPD's are newsworthy, their impact on victims depends on the type of information stolen. Regulations like the General Data Protection Regulation in the EU and the UK don't specify a minimum size for a breach. Instead, the number of affected individuals, combined with the level of risk to each victim, determines the severity of penalties imposed by the regulator.

To curb data breaches, we need to focus on implementing stronger security measures, imposing stricter sanctions on data brokers, and creating stricter limits on public disclosure of personal data. Users can also support an opt-in internet experience, where consent is sought before collecting personal data. By taking collective action, we can work towards a more secure and human-friendly online environment.

  1. Endpoint security measures should be strengthened to protect sensitive data like home addresses, emails, and social security numbers, especially when they are stored for prolonged periods and sold on the dark web.
  2. The increase in data breaches, such as the one involving National Public Data, raises questions about the effectiveness of current cybersecurity measures in data-and-cloud-computing, particularly in dealing with smaller companies that acquire vast amounts of personal data.
  3. In the face of growing data breaches, it's crucial for education-and-self-development to include understanding the importance of privacy and the risks associated with the careless disclosure of personal information.
  4. As technology advances, political leaders must address the issue of data breaches and ensure stricter regulations are in place to hold companies accountable for data leaks and protect citizens' rights to privacy in crime-and-justice and general-news contexts.

Read also:

    Related

    Latest