“There’s been a lot of data breaches lately, and the numbers seem to be constantly increasing. From the high profile attacks against the likes of Ashley Madison and Sony Pictures, to the lesser known breaches like Kmart Australia and Systema Software, it’s practically becoming routine to read a headline that says, “Company X breached; data on millions of users stolen,” and there doesn’t appear to be a way to stem the tide.But what if I told you that these breaches are better than what we’re likely to see in the future?
Think about the recent OPM breach, where data on every United States Federal employee was stolen. Not only were social security numbers taken, but also sensitive data like fingerprints. Now imagine that instead of the attackers stealing all of the data, they instead modified fingerprint data. Maybe they put their own fingerprints in place of an undercover agent’s. Or maybe they simply change the fingerprints so that when an agent tries to confirm their identity, they’re seen instead as a convicted felon. Perhaps instead of breaking someone out of a prison by force, an attacker modifies the convict’s data to issue them an early release. Or in a more mundane use, simply change your credit card account to “paid in full” or reverse a payment of someone you don’t like.
Considering it takes nearly a year to detect the average security breach, is it really that far-fetched to think that impacting data integrity will soon be more advantageous than simply attacking the confidentiality of the data?”
This is when things will get ugly. Unfortunately, I think something this bad is going to have to happen before the average person really starts to think seriously about data security. Too many people are taking a “I have nothing to hide” approach to data storage and even surveillance. How well will that approach work when someone manipulates the data to make it appear that you really do have something to hide?
This is why many of us are against collecting the data in the first place. If it’s not being tracked, it can’t be targeted.
As far as the stuff that does need to be kept, we need better security in place, as well as better ways for individuals to have the ability to check the data being collected about them, and see what it actually says. I shouldn’t have to wait until I find myself in trouble to find out there is erroneous data out there about me. I can always pull my credit report and challenge that information, I can’t do that with “secret” databases being accessed by the government.