By Cassandra Cross, Senior Lecturer in Criminology, Queensland University of Technology on Tuesday, July 31st, 2018
(QESP Editor’s Note: The following is a reprint of a July 4, 2018 article in The Conversation . The original is available at https://theconversation.cmail20.com/t/r-l-jjlukiit-ihihuyyuhh-k/)
Reports of data breaches are an increasingly common occurrence. In recent weeks, Ticketmaster, HealthEngine, PageUp and the Tasmanian Electoral Commission have all reported breaches.
It is easy to tune out to what is happening, particularly if it’s not your fault it happened in the first place.
But there are simple steps you can take to minimise the risk of the problem progressing from “identity compromise” to “identity crime”.
In 2012 former FBI Director Robert Mueller famously said:
I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.
The types of personal information compromised might include names, addresses, dates of birth, credit card numbers, email addresses, usernames and passwords.
In some cases, very sensitive details relating to health and sexuality can be stolen.
What’s the worst that can happen?
In most cases, offenders are looking to gain money. But it’s important to differentiate between identity compromise and identity misuse.
Identity compromise is when your personal details are stolen, but no further action is taken. Identity misuse is more serious. That’s when your personal details are not only breached but are then used to perpetrate fraud, theft or other crimes.
Offenders might withdraw money from your accounts, open up new lines of credit or purchase new services in your name, or port your telecommunication services to another carrier. In worst case scenarios, victims of identity crime might be accused of a crime perpetrated by someone else.
The Australian government estimates that 5% of Australians (approximately 970,000 people) will lose money each year through identity crime, costing at least $2.2 billion annually. And it’s not always reported, so that’s likely a conservative estimate.
Read more: Cambridge Analytica is more than a data breach – it’s a human rights problem
While millions of people are exposed to identity compromise, far fewer will actually experience identity misuse.
But identity crime can be a devastating and traumatic event. Victims spend an average of 18 hours repairing the damage and seeking to restore their identity.
It can be very difficult and cumbersome for a person to prove that any actions taken were not of their own doing.
How will I know I’ve been hacked?
Many victims of identity misuse do not realise until they start to receive bills for credit cards or services they don’t recognise, or are denied credit for a loan.
The organisations who hold your data often don’t realise they have been compromised for days, weeks or even months.
And when hacks do happen, organisations don’t always tell you upfront. The introduction of mandatory data breach notification laws in Australia is a positive step toward making potential victims aware of a data compromise, giving them the power to take action to protect themselves.
What can I do to keep safe?
Most data breaches will not reveal your entire identity but rather expose partial details. However, motivated offenders can use these details to obtain further information.
These offenders view your personal information as a commodity that can be bought, sold and traded in for financial reward, so it makes sense to protect it in the same way you would your money.
Here are some precautionary measures you can take to reduce the risks:
And here’s what to do if you think you have been caught up in a data breach:
The vast number of data breaches happening in the world makes it easy to tune them out. But it is important to acknowledge the reality of identity compromise. That’s not to say you need to swear off social media and never fill out an online form. Being aware of the risks and how to best to reduce them is an important step toward protecting yourself.
For further information about identity crime you can consult ACORN, Scamwatch, or the Office of the Australian Information Commissioner.
If you are experiencing any distress as a result of identity crime, please contact Lifeline.
Online privacy , Privacy , Hacking , Data security , data breach , Identity theft