How Blockchain Can Improve Personal Privacy Online


3. Cybersecurity and privacy breaches

Cybersecurity has become increasingly important for governments and businesses alike. Information security—one component of cybersecurity—focuses on protecting the integrity and privacy of data as it is captured, stored and used. The people, processes, and technology associated with data work in concert to create and maintain security.

Despite advances in security protocols and software, privacy breaches are on the rise. According to Risk Based Security’s 2020 data breach report, “The total number of records compromised in 2020 exceeded 37 billion, a 141% increase compared to 2019” [1]. Personal records of system users are regularly compromised, and millions of these records, including names, emails and passwords, have been subject to data breaches, in many cases even including addresses, birth dates and financial information [1].

A data breach occurs from unauthorized access to an organization’s database, enabling cyber hackers to steal sensitive personal information such as passwords, credit card numbers, social security numbers, and banking information [2]. These well documented breeches have had adverse consequences, including credit card fraud, and identity theft, which can have lasting negative effects on personal credit, often taking months, if not years, to remedy [2]. Some of the Largest, most recent cyber hacks include the 2013/14 breech of Yahoo’s database by what is thought to have been a state-sponsored cyberattack, impacting over 3 billion users. The hackers collected consumers’ names, email addresses, telephone numbers, dates of birth, hashed passwords and unencrypted answers to security questions.

In 2017, the credit reporting agency Equifax was subject to a cyberattack in which affected an estimated 143 million consumers. System administrators weren’t aware of the suspicious activity for two months and did not report the breach for a full month after its discovery. It is believed that Equifax was breached by Chinese state-sponsored hackers engaged in espionage [3]. The collective financial impact to individual victims is not known, nor is it known what security and strategic damage was incurred by the state, but these cases highlight the potential risk when PII are housed in a centralized data base.

Most of the data gathered and stored are in the control of governments and corporations, which have gathered volumes of personal information that they are responsible for securing. At the same time, these organizations may be monetizing these datasets, either by using them to improve their own operations and offerings or by selling them to third parties. The volume of data generated and collected is increasing exponentially, enlarging the footprints of users. Data consolidators are able to link data elements across data sources and combine data in ways that were never anticipated by the parties that collected the information nor by the users that provided it.

Figure 1, which uses from data provided by Statista [4], shows the cost of amassing these large databases. Statista, a statistical research firm, tracks cybersecurity failures and trends. A recently published Statista report reveals that these events are increasing, especially in the past five years, underscoring the need to improve how data are secured. It should be noted that in 2020 a massive cyber breach by what is thought to be Russia could result in higher numbers for 2020 especially in the records exposed category as it is thought to be significant. The extent of the breach is still under investigation at the time of this publication.

Figure 1.

Cybersecurity breaches and record exposure.