As Bruce Schneier said when linking to this, this is pretty low-tech, but it does highlight a scary misuse of data:
“Mr Fearn said the talent assistant told him they were confused because he had apparently emailed them to withdraw his application on Wednesday.
“They forwarded the email, which was sent from an account using my name.” “
So yes, this is a very low tech example, but an example nonetheless of something I’ve been keeping an eye out for. It’s not the data breach that ends up as being extremely dangerous to individuals, it’s how the data that is being accessed might be tampered with. If a leaky system can display the names of people applying for a job, we can certainly take those names and impersonate those people, creating not just an email account, but wholly fake social media profiles, websites, etc. all in the name of tarnishing the other candidates in front of a potential employer.
Imagine what an actual hacker could do with access to health, banking, criminal, or employment records?
How will you defend yourself when the data says “x” about you after someone planted that information? How many AI tools are going to be misrepresenting you because of bad information about you?
How will we know enough to clean it up?