Recent Privacy Breaches Pose Identity Theft Risks

5 September 2015

In the modern world, it’s almost impossible to avoid giving away personal information to the many companies we do business with daily. That’s why it’s so alarming when a major privacy breach happens: Individuals can do almost nothing to prevent these breaches, leaving their information up to companies to protect.

“What people should think about is just acceptable risk. Any time you’re using a computer or giving away information of any kind, there is the risk that [that information] can be misused,” Andrew Hills, director of a non-profit that researches privacy and security, told the CBC.

Even companies whose reputations are built on secrecy aren’t safe from data breaches and hacking attacks. Recently, cheating-themed dating site Ashley Madison, whose front page is set against an image of a woman making the “shush” gesture with her finger to her lips, was the victim of a major privacy breach. The company, which advertises its services to married people with the slogan “Life is short. Have an affair,” estimates that about 37 million accounts’ information has been compromised.

Ironically, the hackers who stole and released the information are claiming to have done so to make a point about privacy. Ashley Madison charges users a $19 fee to have their information fully deleted from the site, and the hackers claim the company never deletes information even once the fee is paid. The Full Delete feature, they claim, is nothing more than a scam.

“Full Delete netted ALM [Avid Life Media, the firm that owns Ashley Madison] $1.7mm in revenue in 2014. It’s also a complete lie,” the hackers wrote in the statement they published online. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name[s] and address[es], which is of course the most important information the users want removed.”

The hackers are currently demanding that Ashley Madison and a similar site also run by ALM, called Established Men, be taken offline immediately, or they will publish the information they’ve collected for all to see.

Meanwhile, closer to home, the Saskatchewan Cancer Agency has just announced that two employees have been disciplined for viewing 48 patients’ personal information that they were not authorized to access. According to the agency, the two employees viewed this information over the course of six months. The records included names, addresses, dates of birth, phone numbers and sensitive health information like diagnoses and exam results.

“We appreciate that patients have put their information in the care of our health-care professionals and we deeply regret that we have not maintained their privacy,” said agency president Scott Livingstone in a statement.

The agency claims to be working on stronger security protocols and training for staff on appropriate security procedures, but as of right now, the two employees have not been fired, just reprimanded. It has not been revealed why they looked at the health records in the first place.

To be alerted early on to signs of identity theft and fraud, sign up for a credit monitoring service. This will allow you to know when certain activity appears in your credit files that may indicate fraud.