As the Information Age progresses, more and more people are becoming aware of the ways that their personal data can be discovered and possibly abused by unknown parties. Employers can check their workers' Facebook pages and potentially fire them based on their findings, while a Google search might reveal where someone went to school, who his or her family is and where they were born. But even as people become more aware of privacy issues, they still must share sensitive details to enjoy many of the benefits to the digital landscape.
Many consumers engage in eCommerce or buy services online. Reservations are often more convenient to complete on the Internet, such as for plane tickets or hotel bookings. But in all of these instances, a considerable amount of personal information must be revealed to the merchant. Consumers paying with a credit card must provide their name, card number and the billing address. On a personal level, the protective measures for this data might be as simple as a password, which often isn't very secure.
On the large scale, though, companies may have a vast number of records on their clients. This could be as simple as consumer login credentials, but also may include millions of payment card details, addresses and more, all of which can assist thieves in stealing someone's identity, breaking into bank accounts or other unauthorized activity.
Adobe data recently attacked
It seems barely a month goes by without the news revealing another of these incidents, and Adobe announced that it is one of the most recent targets of a security breach. It mentioned that attackers stole the data of 2.9 million of its customers, including their names, credit and debit card numbers and their order history. The company added that decrypted credit card numbers were probably not removed from its system. Understandably, Adobe will be notifying their customers via email and resetting their passwords, and also contacting financial institutions about the event.
If Adobe hadn't spoken up
While there are a number of obvious results from this incident, one of the most significant ones isn't as clear as the need to reset passwords or call the bank. Namely, Adobe had to announce the breach. If it had not, its customers would have continued on with their lives, blissfully unaware that their personal information might be in the hands of data thieves. Even if these consumers had their identity stolen, they wouldn't have known where their details were taken from – and as consumers transition more fully to online transactions, figuring out where the event occurred may be nearly impossible.
Naked Security also reported on the breach and provided commentary on what the announcement might mean for consumers. Because Adobe didn't reveal the encryption information it employed, users are unable to tell how the data was removed and how stringently the company protected customer information. The source recommended that if Adobe customers are using the same password on multiple sites, they should use a different password on every site. Furthermore, the hackers access to Adobe source code could lead to an increase in viruses and malware related to any vulnerabilities the attackers found in Adobe's systems.
The news provider ended by noting that while encryption is a critical protective measure, companies' first responsibility is to keep the data safe from a breach in the first place. This is not always reliable. Because of the risks businesses run when they store customer data, some form of multi-factor authentication can help protect them and consumers against data breaches. The likelihood of consumers using a different password on every site is also unlikely, so businesses should institute stronger verification protocols. Device-based identity management is one way they can accomplish this. Doing so can increase consumer confidence and help prevent some of the breaches reported by Adobe and other companies.