What is your personal data and who is using it?
The term “personal data” is a vague and huge umbrella that can mean anything. From health records, NRIC number, banking details, credit card information, social media post, location data, search engine queries, and the list go on. Data collection can surprise you and is used by companies to analyze the way you use your smartphones.
Many apps and services you use online use your location and cookies to serve up custom advertisements, but they don’t make it clear that companies are buying location data to analyze which stores you frequent. Anyone who witnesses the same iPhone advertisement after stepping into an Apple store will probably know that they are being tracked but has no idea how much details are collected in the name of analytics.
If an app doesn’t cost money to use, most likely you’re paying them with your data which is used to target you with ads which in turn generate revenue.
What happens if the data collected is leaked or hacked?
In the event of a data breach, your data may leak into the hands of criminals who can use it against you. Leaked personal information will stay valid for years and be used against you. As consumers, we need to be mindful when handling personal data over to organizations that provide us with services, and organizations receiving them should take steps to ensure that data collected is carefully stored, used, updated, and destroyed when no longer required.
Why are hackers want your personal data?
Personal data is the currency of the underground economy and literally what cybercriminal trades. Hackers would sell this data to a variety of buyers including but not limited to identity thieves, organized crime rings, spammers, and botnet operators who use the data to make even more money
Spammers who get hold of your email address may use it to send you advertisements that they get paid for per click or impression. Identity thieves can use your personal data to create various schemes to trick you into giving up your bank details or credit card number. The general idea is the more information they have of you, the greater the damage they can do.
Data can also be sold in bulk. If each valid email address is 1cent, a leaked database in April 2021 of Facebook which involved 1.5 billion Facebook users can be sold for 150 million dollars. The more complete the information, the more valuable it gets, and this information gets sold and passed around so someone else can carry out an attack.
A leaked credit card information can also be used immediately before you realized that it has happened and block the card whereas an elaborated phishing and scamming scheme can happen months or years down the road after you have long forgotten that your data was stolen.
What type of personal information do hackers, criminals, scammers look for?
The potential of how your personal information can be used against you is only limited by how creative people with malicious intents can get. Some schemes are more common than others and these are typical information someone with ill intent will want about you.
- Full name
- Passport number
- Employment pass
- Contact number
- Email address
- Your digital footprint
What are ways that personal information can be used against me?
Once collected, the leaked information can be abused by the hacker, criminal himself, or resold on the dark web. There is no limit to what they can do with this information. Here’s a list of common crimes committed with leaked personal data across the globe. These do not just happen in movies or dramas but are very real events that happened.
- Criminal identity theft
- Financial identity theft
- Medical identity theft
- Phishing & Scams
The methods of how each of these crimes can happen to you are for educational purposes to create awareness of how information can be used against you and not meant as a guide to abusing personal data.
Criminal identity theft
When a ticket is received for a traffic offense, an identity thief may choose to put in your name and NRIC as the driver of the vehicle involved in the offense and try to get away with it. Or in the event where identification is requested by an enforcement officer, an identity thief may choose to pretend to be you with a photocopy of your NRIC and claim to not have brought the original with them which may lead to misidentification for a crime that you did not commit. As a victim, it is important to keep a lookout for any strange mail that may be an indication that your identity has been stolen and not pass it off as an administrative mistake.
Financial identity theft
An identity thief may also try to use your personal information to attain goods and services under your name. They might start with changing addresses on your bills to create more supporting documents that they are you, open a bank account and start writing bad checks, take up new credit cards or loans, or even having a replacement credit card sent to an address of their liking. Hence if you’re a victim of a data leak or breach, you should pay extra attention to missing bills or strange charges on your credit cards.
Medical identity theft
Illegal immigrants may have difficulty accessing healthcare should they need it, and your identity may be used to access public healthcare. This could potentially mean that you will be choking up medical bills and having claims on your insurance under your name without ever stepping foot in a hospital. Be mindful of bills and invoices that you may receive and check with the billing office of the hospital (usually can be found on the hospital website) directly should you receive a dubious invoice for a medical service you never used.
Phishing and scams
Under the guise of internet usage research, a study was conducted over 21 days by Semantic Scholar to find out how likely are people from different age groups respond differently to phishing emails. The results were surprising as 43% of the participants fell for the phishing email at least once and 11% clicked on phishing links multiple times. They have also found that older women were the most vulnerable group to phishing attacks and more must be done to warn, train and educate the public.
Phishing emails or phone calls trying to use emotional tactics to get us to bypass logic. In the modern world where we are constantly required to thousands of decisions a day, our brain relies on making shortcuts to help speed up decision making.
Suspicious emails asking for bank account numbers, voice mail warning about identity theft, or deals that are too good to be true are the common ways that attackers use to get the victims to click on a link or download a file. It is much easier for attackers to target the masses than to trick 1 person at a time. Tactics have evolved so much that attackers can make use of your leaked data or simply information on your social media or something specific on your browser history to customize scams with some personal details to make it even more convincing and trustworthy.
What can you do to protect yourself?
Be aware, not afraid. Learn to keep yourself up to date on the best data protection practices within your personal life and at work. Be mindful of what you put up on social media and what information you give to companies in exchange for a $10 voucher. Choose to support companies that put in extra effort to ensure that your data is safe with them.