Yes, everyone has been breached
Your credit cards, health records, Tinder profile... none of it's safe. But you're not alone.
Oh, a company you do business with was breached? No biggie. You probably won't die or be sold to a Russian white slavery botnet cartel. Probably. But your data will.
It's really hard to come up with a sector that hasn't been hit with a big data breach in the last five years. Health insurance files? Check. Classified government personnel records? Check. Hotels, banks, retailers, credit companies, crowdfunding platforms, online hookup sites, video game companies, Hollywood giants, cable and broadband providers... The list is endless.
If that realization makes you weep openly onto the phone you're reading this on (some part of which was breached while you read this), then definitely don't look at the Breach Level Index, a centralized, global database. The counter on BLI's site "Records Lost Since 2013" sits at 3,338,874,326 as I write this.
BLI's 2014 Annual Report said 76% of the 1,023,108,267 global records snatched in breaches came from North America, ensuring that we never ever want to use a computer again,. That puts North America's 2014 total at 777,562,282 records, over two times the population of North America. (According to the UN's Concise report on the World Population Situation 2014, North America's population 2014 was 358 million.)
Wow, you're thinking. Poor Skynet.
Not really. According to BMI most of 2014's breaches saw attackers making off with our identifiable information, like names, addresses and social security numbers.
In a letter sent to T-Mobile and Experian in the wake of the breach, three US senators told the CEO's just how screwed we little people are. "Social Security numbers are hard to change and are tied to tax forms, credit cards, mortgages, bank accounts, health insurance, and medical records," they wrote. "By learning someone's Social Security number, a criminal can obtain credit cards in a victim's name, wire money from a victim's bank account, or even access tax and medical records."
Om Malik's recent missive in the New Yorker on finding out he was in the Experian/T-Mobile breach said, "As one of the fifteen million people who applied for T-Mobile USA's post-paid services during that period, I was particularly aghast to learn about this breach."
And I think we can all appreciate that sentiment. Om has every right to feel aghast, and betrayed, and violated, and incredibly worried about this creating a daisy chain of privacy nightmares -- just like the rest of us.
It's refreshing to see that this is finally happening to people with money and privilege too. Although when it happens to the rest of us, righteous indignation is the last thing we're feeling. We're also not shocked, not in the least. Perhaps it was Om's first breach? Honestly, unless Om lives on a remote Tesla/Illuminati space station, this can't possibly be the only egregious breach his data has ever experienced.
I mean, looking at the numbers, we've probably all had our records stolen at least twice. Or maybe unlike the rest of us, Om really did just have his info stolen and sold on the black market for the very first time, while some other guy got Om's extra slice of our collective crap pie.
The good news, if there's a bright side to whistling past the graveyard of data privacy, is that we're all in this together.
The good news is that having your identity stolen because some megacorporation cares more about shareholders, or image, or hoovering your intimate data and selling it to the highest bidder is now everyone's problem.
We can blame egotistical CEO's, hacker stereotypes, Russian cartels, startup jocks rushing to sell us off, greedy corporations and over-hyped security companies alike ("And China!" -That FireEye Guy). We can blame the government, though they do kind of deserve it for ignoring the internet until 2008.
Finding out our entrusted data got stolen feels more and more like another car alarm going off in the city, an unscheduled annoyance that doesn't really surprise us, but something we really need the responsible party to fix. Just now it's finally happening to Silicon Valley's elite (like Om Malik), and everyone we're inclined to blame, too.
And the fact that the security industry predicted this mess doesn't seem to matter in the least.
