A recent report from Duke University's Sanford School of Public Policy has shed light on a concerning issue - data brokers are selling vast amounts of highly sensitive information about American military service members. This includes private data about active-duty personnel, veterans, and their families, encompassing sensitive health and financial details.
Shockingly, these brokers even offer bulk data for individuals within geofenced military facilities like Fort Bragg and Quantico. The implications are alarming, as a Duke University member said the data "could theoretically be used to blackmail or otherwise compromise active-duty military personnel."
This trade in military service personnel data is just one of many examples of what happens in the data brokerage business - an industry that often escapes public scrutiny thanks both to its stealthy operations and the extraordinarily abstract nature of its stock in trade: public data. If someone were to ask you for six facts about yourself, that would be an easy request to satisfy: your birthdate, where you were born, the names of your kids or pets, the brand of phone you use, where you work, your favorite color, your favorite hobby.
There are six right there. But if someone were to ask you for a thousand things about yourself, that would be a bit more difficult. Not because you lack a thousand facts about yourself but because it’s difficult to recall such a large amount on the spot…. unless you have them in a database somewhere, which is what data brokers help you – or anyone else – achieve.
Why Be Concerned About Data Brokering?
We tend to grow deaf to the daily reports of data breaches and ransomware attacks in which hospitals or insurance companies wrestle with the dilemma of whether to pay a ransom in order to get their systems back up and running; or medical data organizations that promise not to share your private medical information with insurance companies – until they do.
After all, what’s the big deal? A piece of information about you, like the results of your last medical test, the fact that you purchased a pregnancy test through a shopping app, or that you impulsively signed up for a newsletter from a politically-aligned organization – surely these can’t be worth anything to anyone. But they are, regardless of whether they are used “honestly” or not.
The Duke University report reveals that data pertaining to military service people may be used to compromise them or people close to them. Social engineering techniques can convince them to reveal secrets or hand over network access credentials by befriending them, threatening them, or simply offering to help them pay for costly medications their pensions cannot cover.
This is a multibillion-dollar global industry with thousands of companies involved. Some are legal, some are criminal, and some occupy a shady grey area where legally scraped data becomes a trafficable commodity. Even the large consumer credit reporting agencies – those who rate the trustworthiness of the rest of us – are not immune to ransomware and data breaches.
Meanwhile, other smaller and lesser-known companies specialize in niche areas, such as selling data to political campaigns for targeted ads. The core distinction of all data brokers is that they collect and aggregate data and then sell the data itself or insights derived from it.
The Fate Of The Data
We, as humans, have a hard time grasping the minutiae of data brokerage. Like the bacteria and viruses that surround us, data is hard to see and understand, and the dangers they are subject to are even more so. Picking up a coffee or tea at a local café is, for us, all about the drink – and maybe a nice snack to go with it. We do not pause to question the safety of the electronic data transfer between our bank’s tap card and the café’s terminal.
We assume it’s safe, that the data, including transaction and location details, is going where it is supposed to go and no further, and that no one else is watching it happen as they stare intently at their laptop screen two tables over. If you assume that all point-of-sale terminals are safe because they are built to industry standards, you might need to re-read this article with that in mind: it’s not the safety of the transaction but the fate of the data that matters here.
But like bacteria and viruses, there are things we can do to block transmission and keep ourselves safer. The question becomes, what amount of threat is sufficient for people to overcome their complacency and take ownership of their digital fate, which is inextricably tied to their mortal selves?
About the Author:
Steve Prentice is a specialist in organizational psychology, focusing on the interaction of people, technology and change. He works as a speaker, author, broadcaster and writer, with clients in IT, cybersecurity, government, healthcare, and law, dealing with cybersecurity, AI, blockchain and the future of work.
Steve is the author of three business books and is a ghostwriter for experts worldwide. He is a visiting lecturer at the at Ontario Tech University, and delivers keynotes, media interviews, white papers, and podcasts on these topics.
He holds degrees in journalism and psychology, and is pursuing a PhD in Psychology, focusing on brain/technology interaction.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.