A Small Data Breach Can Explain a Big One
A Small Example
A U.S. temp staffing company recently closed down and abandoned its offices in the middle of its lease, leaving behind boxes of files. These files contained sensitive information about the applicants who had used the temp company’s services in the past.
The files contained information on hundreds of applicants. Examples included copies of drivers licenses, social security cards, tax forms and other documents with the applicants’ signatures.
Obviously, this was a huge data breach with the possibility of great harm. Criminals can use data like this to commit identity theft. By impersonating the victims, they can open up lines of credit to fund shopping sprees. Consequently, this leaves the victims with the responsibility for the debt. This can destroy the credit history of the victims. Criminals can seek medical attention or commit crimes under the stolen identities. This can wreak all sorts of havoc that can take years for the victims to fix. It can also take years off their lives due to stress.
Remarkably, in spite of the potential harm this could have caused, this “breach” was, in reality, very small scale.
The Big Losses
The 2017 breach of Equifax entailed the loss of private data of 143 million Americans. The email provider Yahoo saw two breaches, one of which, it admitted in 2017, affected all of its 3 billion users. The data stolen included names, dates of birth, email addresses, passwords, and even security questions and answers. And the list of massive companies who lost the sensitive data of hundreds of millions of users goes on and on: Marriot, Uber, Ebay. . .
Surprisingly, we can become dulled to the vast harm that can come from these breaches. Therefore, it can be helpful to think of the relative handful of individuals whose lives could have been destroyed by the theft of the data from personnel files in boxes. This then gives us the ability to more readily imagine the scope of the harm when it is multiplied a million-fold.