Thursday, August 1, 2024

Protect Your Personal and Private Information?

 Inline image

Protect Your Personal and Private Information?
What, and cut into our corporate profits? LOL, LOL

100%, perhaps not, but most corporations entrusted with sensitive private consumer information, from detailed financial information to very private health matters, cannot spend too much on such essential data and account access without slamming profits. In a world where there are millions of hackers, many of them rather sophisticated, and billions and billions of dollars to be sucked from consumers, a disproportionate number of which are Americans, the approach of most mega-corporations is beyond lackadaisical. The more technologically dependent we are, the more things can go wrong, go wrong, go wrong!!!

But it isn’t just lowly consumers who suffer. Sometimes even the biggest boyz get slammed in a high world where Murphy’s Law – "Anything that can go wrong will go wrong, and at the worst possible time." – sometimes trumps Moore Law (exponential growth in digital storage processing capacity). The massive global CrowdStrike faulty update on July 19th to its security software caused an estimated 8.5 million users, shutting down airlines, hospitals, and even courtrooms.

In wartime, many of these disruptions are literally weapons disabling the enemy. As people have learned the hard way, disabling the massive financial networks that drive global trade or messing with GPS functionality (often used in missile and artillery targeting systems) can be very effective. We see it in the surrogate wars in the Middle East or on the battleground between Ukraine and Russia. It is said that the nation that develops a rigorous plasma computing system coupled with artificial intelligence just might rule the world. Such a system could penetrate virtually any blockchain or comparably sophisticated security barrier, decode the most secret messages and information… and perhaps take over the relevant computer systems everywhere.

That’s big stuff, but as I await yet another new credit card replacement (my n-teenth identity theft), I am acutely aware of how much of what we hold near and dear can be purloined off the Web. If the biggest of big can get slammed, costing billions a day, you can seriously be certain that no one is spending the kind of money you might expect on your privacy. Data from almost 110 million Americans was downloaded by sophisticated “financially motivated” hackers, all from AT&T. Or as Los Angeles Times columnist Michael Hiltzik wrote on July 17th:

“AT&T is one of America’s largest telecommunications companies. Last year it recorded a pretax profit of nearly $20 billion on $122.4 billion in revenues… So why, you might ask, has AT&T been so pathetically sloppy about protecting its customers’ private information… ?... The breach was revealed on July 12, although it occurred in April; AT&T attributed the reporting delay to requests from federal authorities to keep it under wraps while its possible national security significance was under investigation… ‘The latest disclosure of a hack at AT&T might be considered a signpost for “the year of the megabreach.’… It follows AT&T’s announcement in April of an earlier, unrelated breach that may have compromised the Social Security numbers, PINs, email and mailing addresses, phone numbers, dates of birth and AT&T account numbers of 73 million current and former AT&T customers.

“Both AT&T incidents pale in comparison with a massive data breach earlier this year at UnitedHealth Group, the nation’s biggest health insurance and health provider conglomerate. According to congressional testimony by UnitedHealth Chief Executive Andrew Witty and company news releases, a ransomware attack on the company’s Change Healthcare subsidiary has affected as many as 1 in 3 Americans.

“Change Healthcare manages patient payments and reimbursements to medical providers. The ransomware hack crippled medical services nationwide and resulted in the exposure of patients’ treatment details and billing information, including credit card numbers. Patients reported that pharmacies were refusing to fill prescriptions because they couldn’t access insurance approvals, risking the patients’ health…

“Data breaches affecting hundreds of thousands or millions of consumers have become such familiar features of the consumer landscape that the guilty companies respond with a standard playbook replete with promises to customers.

“They [typically] point out all the data that wasn’t compromised — AT&T told customers that the latest debacle didn’t involve ‘the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information.’ That’s a bit like airlines following up reports of deadly crashes by pointing out how many planes land and take off safely every day.

“The companies typically offer aggrieved customers free credit monitoring and identity theft protection for a period of time; at UnitedHealth, that period is two years… Whether those services are useful is open to question — after a 2017 data breach at the credit reporting firm Equifax exposed the personal data of 143 million Americans, the identity theft service LifeLock trumpeted its protective services (at $29.99 a month). What LifeLock didn’t make very clear was that the services it was selling were actually provided by Equifax.” The litigation is rolling in.

Here's the problem. These hackers are incredibly informed and skilled. The money that can be drained from a good hack, either directly or via ransomware, can be dramatic. Add the hackers’ ability to deflect efforts to identify them, bouncing communication from site to site all over the world and to the use of cryptocurrencies to facilitate payoffs that are almost impossible to trace… money which disappears seconds after being transmitted.

“UnitedHealth said it paid a $22-million ransom in bitcoin, but couldn’t be sure that all the hacked information was returned. It also said that it advanced about $9 billion to providers to cover their expenses before their billing could be restored… The company told Congress that it already had in place ‘a robust information security program with over 1,300 people and approximately $300 million in annual investment,’ but of course those figures are meaningless — the question is how much it would cost to actually have a ‘robust’ program in place, since $300 million obviously isn’t enough.

“Yet in corporate America, cybersecurity has been an afterthought, if it receives any thought at all. ‘These companies at some point decide that it’s really expensive to care a lot more about security when there really aren’t a lot of consequences for screwing it up,’ [cybersecurity professional Brian] Krebs told me. ‘You might get sued or have to pay a few hundred million dollars in fines, but these are rounding errors on their profits.’…. ‘Most Americans,’ Krebs says, ‘have no choice but to do business with these companies if they want to participate in the modern society.’” Hiltzik.

I’m Peter Dekom, and among healthcare records, credit card numbers with Social Security digits attached and all that information that sits on and travels with your smartphone, that big company security “cheap out” can destroy lives in oh so many ways… while government and big business simply do not care enough to try meaningfully to stop it.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)