personal

Editorial Cartoon by Graeme MacKay, The Hamilton Spectator – Thursday August 1, 2019

Another day, another data hack — and truth is, there’s not much you can do about it

When news emerged on Monday evening that Capital One, one of the biggest issuers of credit cards in the world, had been breached in a major data hack where the personal information of more than 100 million people was stolen, reaction from consumers was swift and almost unanimous: another one?

That’s because the hack — in which a former Amazon Web Services employee broke into Capital One’s servers and stole information on up 106 million people, including 140,000 Social Security numbers in the U.S., and 1 million Social Insurance Numbers in Canada — is just the latest in a long run of hacks, each seemingly bigger than the last.

U.S. retailer Target was among the first to be hit in a major way, as the chain revealed in 2013 that credit card data for 70 million of its customers was stolen. Next was do-it-yourself hardware chain Home Depot the following year, where 57 million people were affected.

Hotel chain Marriott was next in the hit parade, in a multi-year breach that dated back to 2014 when hackers exploited a flaw in their cybersecurity to steal credit card details and other data on half a billion customers.

But the biggest one to date was Yahoo’s. The online company admitted in 2017 that an astonishing three billion people had their Yahoo emails breached by online fraudsters.

That same year, credit monitoring firm Equifax revealed that it had been hit, as 143 million people had their information stolen.

For many people, the Equifax breach was emblematic of just how widespread the problem of data theft is, because the information was stolen from a credit reporting agency that also offers credit-monitoring services itself.

This week’s Capital One hack is just yet another reminder of what cybersecurity experts have known for a while:  you’ve probably already had your information stolen, and the only question is whether you know it.

“Assume your data is out there because in all likelihood it is,” is how cybersecurity journalist Brian Krebs puts it.

In and of themselves, none of the major breaches may have been enough for a fraudster to “steal” someone’s entire identity, nor do they mean that the hundreds of millions of victims can expect to have major headaches to worry about for the rest of their lives. (CBC)