We have a somewhat new breed of hackers out there today. I'm sure by now you have read one of the many articles about what was taken, but pretty much it was demographics on the insured or prior insured. 80 million files is a lot of data. Today's hackers want to make money selling data too.
You might think that's an odd statement to make but it's true. In reading the news today many seemed to think that all would show up on Pirate's Bay but not so. With 80 million files, that's a lot of data to repackage and sell. Repackaging is when a data base is sold from company A to company B who may just happen to have data base C sitting around so they query and merge the two together and now you have a brand new repackaged data base. But let's say there were errors and flaws in either or both, well those move right along with it.
There's no record of who's merging and selling data today and it's a business in the US that is worth $180 billion a year, so see why the hackers want data? They may sit on it for months and do nothing until things cool off.
The big thing right now though is the connection with SSNs and IRS as they don't match up names and SSNs...as a matter of fact 40% of fake tax returns sail right on through and pay off. Those who were breached will face this every year for gosh knows how long.
See the video from 60 Minutes on the Tax Hole
For three years now I have had a campaign going to index and license all who sell data. Why? Well for one, who are they..here's a company you have never heard of that buys our credit card data, scores and analyizes the data and sells it to banks and insurers as well as our own consumer financial protection bureau, so what's up with that one?
Argus- a Big Data Seller-your credit card transactions
This is very serious with Blue Cross and they have other battles as well. They also have sunk in $100 million to create what is called an HIE, a facility that allows hospitals to sore and share records between hospitals. It's not going to be a go now.
Here's my campaign on indexing and licensing all data sellers, so we know who they are. If the files in fact are now in China, well they could be repackaged and sold both there and here. The danger of course is that companies without knowing could be buying breached and flawed data. Remember in the bulk data selling business, they don't care and flawed data gets the same price as good data.
At the campaign page you can read about myself getting an offshore call about participating in a "blood thinner" clinical trial. They had all my information when they called my but there was one big problem, I don't take blood thinners and never have at all in my life, so the data was flawed and I don't know how many times I have been sold and resold on a list of people who take blood thinners. This is where we do not want any of this data outside of medical records and clinical data to be used.
Index and License All Data Sellers
The need is now two fold for licensing, one to help us consumers track down and get the flawed data fix and this is growing all the time with sloppy data work, I see it all the time. The second reason is to make sure that data sold or linked contains a license reference so the buyer is not accidently buying breached and stolen data. Also the thieves could do all kinds of damage and flaw more of it on purpose if they wanted.
So yes, the Anthem folks have a big nightmare that won't go away for a while. I put a paid Identity theft program with a discount up on my site so folks have an alternative as we don't know how good the free credit reporting that Anthem will provide will be.
LifeLock Identity Protection
I know it kind of sucks that we sometimes have to pay for such and the breach was nowhere near our fault so at least if one goes on their own or the free service is not good enough, it's not too costly. Again we can thank the Data Selling epidemic in this too for spurring on crooks who want to sell and repackage data too.
This is just reall nasty stuff and again I hope my campaign catches on real soon as I'm making a big stink about it as I started writing the FTC and a few members of Congress three years ago. We do need a law and the FTC needs that law to take more action as well. This is an intersting page to look at, a visual of all the hacking going on in the world from Norse. Take one look and you'll see how busy the hacking world is out there.
Live Data Attacks Happenig Right now
Thanks for reading and please maybe consider something small or large if you like for my campaign and of course it's not necessary but every tiny bit helps. I've been reall pushing the licensing and it's catching on, finally!