It doesn’t seem that long ago that I received an official letter in the mail from the United States Office of Personnel Management (OPM) detailing that sensitive information about me had been compromised. I had been following the news and knew about the breach, so the letter didn’t come as a huge shock. It did make me think about the impact of such a breach, originally reported as affecting 4 million individuals, later estimated to have compromised sensitive information of 21.5 million. Christensen et al (2015). Just this past week I once again learned, along with the majority of the country, that with high probability my identity along with millions of others had been stolen in another data breach. It has since come to light that the cause of the breach was unpatched systems affected by Apache’s open-source Struts software, a vulnerability that should have been mitigated months before the breach took place. Brandom (2017).
While both of these incidents resonate on a personal level, it brings to light the seriousness of data breaches and theft of sensitive data, which remains the number one most damaging computer crime today. This can be especially harmful depending on the type of information. Stealing of passwords is one thing, however loss of social security numbers, fingerprints and other unique identifying qualities that cannot simply be reset is almost unforgivable. Countless others breaches have occurred over the last few years, which not only damage company reputations and harm individuals, they can also bring organizations to their knees in legal damage and harm that they may never recover from. In addition to theft, other methods of holding information hostage in ransomware attacks are becoming more common and damaging to organizations affected. Organizations and individuals must continue to become more vigilant in protecting information assets as these types of crimes continue to threaten and cause harm to many.
References:
- Brandom, R. (2017). The FTC is looking into the Equifax breach. The Verge. Retrieved from https://www.theverge.com/2017/9/14/16306872/equifax-breach-ftc-probe-lawsuit-vulnerability
- Finklea, K., Christensen, M. D., Fischer, E. A., Lawrence, S. V., & Theohary, C. A. (2015, July). Cyber Intrusion into US Office of Personnel Management: In Brief. LIBRARY OF CONGRESS WASHINGTON DC CONGRESSIONAL RESEARCH SERVICE.