Brian Krebs (Krebs on Security) has reported in this article that an “identity theft service” called ssndob[dot]ms has breached servers of some of the world’s leading data miners. Through this hack, this company is alleged to have captured a vast amount of personal data which it then sold on to marketers. The data is said to include social security numbers, birth records and credit reports.
Apparently, just about anyone can register and subscribe to the site and dig up personal details on any U.S resident. According to the report done by Krebs, users pay as little as 50 cents per record or up to $15 for credit and background checks.
While I would recommend reading the report in full, there were a few points that really stood out for me in this story.
First, it’s another reminder that the worrying amount of data mining that occurs on a daily basis, sometimes involving major companies. Not only is there a known, “legitimate” market for mined personal data, apparently there’s a vast black market as well.
As we commented earlier in September, Acxiom’s decision to open their data vault showed us just how much of our personal data can be found online. I’m not just talking about the data that is visible, such as on social networking sites, but instead all of the data that we entrust to major companies which is then sold on to data brokers.
The core issue here is that we as individuals don’t have any relationship with these data marketers, so they don’t face any legal or brand risks from how they abuse or fail to protect, our personal data.
The only good news is that the Federal Trade Commission appears to be quite focused on these issues, and on bringing transparency to this marketplace. Based on Krebs’ report, that scrutiny should include not only what these companies hold on us, but how they do or don’t protect that data.
Here is a great infographic (click to enlarge) that I’ve found which lays bare some of the staggering numbers involved when talking about data brokerage.