How identity data is turning toxic for big companies
Dr Robert McCausland and Dr Bhargav Mitra look at the growing costs for companies of holding onto personal data.
Google might be in trouble for collecting the personal data of its users, but many companies have a growing incentive to rid their hands of the data that users entrust them with. This is because of growing costs of holding onto it.
A major cause is the rising number of cyber attacks where hackers steal the identity information held by companies, often to sell them on to various black markets. Take the recent example of US giant Equifax, one of the top three companies in the consumer credit reporting industry. It chalked up another 2.5m identity-theft casualties to its existing toll of 143m in October 2017. The firm has suffered a steady stream of identity information loss following a cyber-attack that took place in May this year, where hackers capitalised on weaknesses in its software.
The security breach – as a primary cause – resulted in around US$4.8 billion being wiped off Equifax’s market value from May to September 2017. It also tarnished its image and cost the firm’s longstanding CEO his job.
The Equifax data breach is just the tip of the iceberg. The latest Breach Level Index (BLI) published by digital security company Gemalto shows a mounting figure of around 9.2 billion data-record losses since 2013. The BLI also reports that only a meagre 368m out of the 9.2 billion stolen records were concealed from potential hackers through the use of data-encoding technology.
The rate at which valuable identity information is flying out of the control of firms is alarming – more than 3,500 records per minute. Around 23% of the top data-breaches over the past five years contained consumers’ identity information – like names, dates-of-birth, addresses and account passwords. Corporate victims include big names such as Yahoo, eBay and JP Morgan Chase.
Continue reading on The Conversation.
Dr Robert McCausland is currently R&D Programme Manager at the Centre for Secure Information Technologies where he leads a data analytics engineering activity focused on cyber security.