Editor’s note: Wired for Safety is a column on cybersecurity and other tech issues. Duane Dunston is an assistant professor of cybersecurity and networking at Champlain College. He received his bachelor’s and master’s of science from Pfeiffer University. From 2001 to 2011 he worked in cybersecurity for NOAA. He is a doctoral student at Northeastern University with a concentration in Curriculum, Teaching, Learning, and Leadership. His other activities include “You Have A Voice,” a project to develop an electronic screening assessment to identify human trafficking victims.
[H]appy Cybersecurity Awareness Month! What? You didn’t know?
I would like to start this week by asking readers to let me know what topics on cybersecurity and privacy you want to learn more about. Usually, I find a recent hot topic and provide some information about it. However, I want this information to be meaningful to you so please send your suggested topics or questions. If there are enough questions, I could have a periodic Q&A post. (Leave questions in the comments section or email ddunston@vtdigger.org)
This week there was news of another massive data breach by Facebook affecting around 50 million accounts (for scope, the state of California is just over 40 million people. Data breaches occur more often than the general public knows. We only hear about the massive breaches by the large companies. We don’t often hear about the smaller ones that occur virtually every day, like the Department of Health and Human Services list or the compendium of breaches tracked by Privacy Rights, or the Vermont attorney general’s office list of breaches that affected Vermonters. Why? Because the number of records breached isn’t 50 million and the companies are not as well known as Facebook. The impact of those affected by a breach, though, are real. Some focus too much on the numbers of records calling it “smallish” and not considering the impact of those affected by the breach.
A breach affecting Aetna was a breach of confidentiality by exposing sensitive information of its clients. The organization that sent letters on behalf of Aetna used an envelope with a transparent window. The window displayed the person’s name and mailing address and information in the body to show it was for a change in the person’s benefits for their “HIV” medication. The impact on one person is documented in the legal complaint. It caused stress, anxiety and a family crisis for the plaintiff who filed the class action lawsuit. Some people make it known they have HIV, while others are not able to or don’t want to deal with the public stigma attached to it. This case is but one example of the impact of a data breach.
If your data is breached, the adage of “I have nothing to hide” has already been addressed here. How many times have you called a utility company or bank to verify yourself and all that was required was your Social Security number or its last four digits, or your phone number or home address (the latter two being relatively easy to obtain)? Those are valuable artifacts for identity thieves — artifacts that are often in a data breach. Few consider this until they are affected by it and realize the inconvenience and money it can cost to fix the problems it causes.
If you feel you have been affected by a data breach, visit the federal Identity Theft website to walk you through a response process.
