This is a special digest prepared by InfoWatch Analytics Center in recognition of the International Data Privacy Day. This unusual holiday has been celebrated every year on January 28 ever since it was initiated on April 26, 2006, by the Committee of Ministers of the Council of Europe to commemorate the signing of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data on January 28, 1981.
The Data Privacy Day is to raise awareness and promote privacy and best practices of personal data protection, storage, processing, and transfer.
Over the 12 years since the first Data Privacy Day, InfoWatch has recorded 14,300 confidential information leaks from businesses and government agencies, with more than 11,000 breaches (78%) compromising personal data, such as names, mailing and e-mail addresses, passport details, information about education, income, health, political and religious views, nationality, and biometric data.
Despite the efforts taken by regulatory authorities, businesses, and public organizations, an avalanche of breaches is still impossible to stop in the era of global digitalization. Over 30 billion personal data records have been leaked since 2007, with 20+ billion stolen over the last two years alone.
Even a small data leak can hit an organization hard, leading to such adverse effects as fall of stock, dented investor confidence, and weakening market position. Furthermore, companies can become subject to sanctions by regulatory authorities, including large penalties, mandatory audits, cybersecurity infrastructure upgrade claims, as well as class actions by persons whose data were compromised.
Depending on a type and volume of compromised personal information, data subjects may also suffer heavily from data breaches. Thus, if a dishonest advertiser finds out your e-mail address, you will most likely face some junk mail only. However, should a criminal obtain a large volume of your personal information, you may easily become a victim of fraud, with your credentials being used for forgery or credit fraud.
Largest Personal Data Leaks from Organizations
In October 2017, Yahoo admitted that a previously disclosed attack that had occurred in 2013 had affected all three billion of Yahoo’s user accounts rather than one billion accounts reported initially. Digital thieves made off with names, dates of birth, phone numbers and passwords of users. As part of a huge personal data leak discovered in China in 2017, DU Caller, an app developed by a Baidu’s subsidiary DU Group, was found to be automatically gathering sensitive information and uploading it to a public directory. A search function on the app allowed users to find contacts of 2 billion affected people by simply entering a name. In March 2017, MacKeeper security researcher Chris Vickery discovered a publicly exposed database online containing nearly 1.4 billion e-mail accounts tied to real names, IP addresses and often physical addresses. The leak was caused by spamming group River City Media (RCM) that forgot to password-protect their backups. In early 2018, anonymous sellers, over WhatsApp, offered unrestricted access to details of any of the more than 1 billion Aadhaar unique numbers submitted to the UIDAI (Unique Identification Authority of India). The hackers seem to have gained access to the website of the Government of Rajasthan state and stolen personal data of 1.2 billion people to then sell a complete database for as little as $8.
