EFF: “Every year, countless emails hit our inboxes telling us that our personal information was accessed, shared, or stolen in a data breach. In many cases, there is little we can do. Most of us can assume that at least our phone numbers, emails, addresses, credit card numbers, and social security numbers are all available somewhere on the internet. But some of these data breaches are more noteworthy than others, because they include novel information about us, are the result of particularly noteworthy security flaws, or are just so massive they’re impossible to ignore. For that reason, we are introducing the Breachies, a series of tongue-in-cheek “awards” for some of the most egregious data breaches of the year. If these companies practiced a privacy first approach and focused on data minimization, only collecting and storing what they absolutely need to provide the services they promise, many data breaches would be far less harmful to the victims. But instead, companies gobble up as much as they can, store it for as long as possible, and inevitably at some point someone decides to poke in and steal that data. Once all that personal data is stolen, it can be used against the breach victims for identity theft, ransomware attacks, and to send unwanted spam. The risk of these attacks isn’t just a minor annoyance: research shows it can cause psychological injury, including anxiety, depression, and PTSD. To avoid these attacks, breach victims must spend time and money to freeze and unfreeze their credit reports, to monitor their credit reports, and to obtain identity theft prevention services. This year we’ve got some real stinkers, ranging from private health information to—you guessed it—credit cards and social security numbers. The Winners:
- The Just Stop Using Tracking Tech Award: Kaiser Permanente
- The Most Impactful Data Breach for ‘90s Kids Award: Hot Topic
- The Only Stalkers Allowed Award: mSpy
- The I Didn’t Even Know You Had My Information Award: Evolve Bank
- The We Told You So Award: AU10TIX
- The Why We’re Still Stuck on Unique Passwords Award: Roku
- The Listen, Security Researchers are Trying to Help Award: City of Columbus
- The Have I Been Pwned? Award: Spoutible
- The Reporting’s All Over the Place Award: National Public Data
- The Biggest Health Breach We’ve Ever Seen Award: Change Health
- The There’s No Such Thing As Backdoors for Only “Good Guys” Award: Salt Typhoon
- Breach of the Year (of the Decade?): Snowflake
- Tips to Protect Yourself
- (Dis)Honorable Mentions
Sorry, comments are closed for this post.