“Be Careful Who You Trust” – Hackers may not be the only threat to our personal data, but organisations may be too!

When you pass your personal details to someone you trust, you would expect them to keep them safe. You would expect the same with an organisation who have a professional obligation to do whatever it takes to protect their customers’ details as well. Or you would hope…

But as most people are already aware, this is not always the case.

There were claims that TalkTalk Chief Executive, Dido Harding, was blackmailed for £80,000 or hacked customers’ personal details (from an October 2015 breach) would be released. It was uncertain whether TalkTalk succumbed to the blackmail threat, although they were recently fined £400,000 for the data protection breach. It is the price you have to pay if you inadequately fail to provide sufficient data protection for your customers!

New reports suggest that hackers are not the only real threat anymore, but organisations are also getting in on the action. iNews suggests that tech giants are the ones ‘handing over data’. Reuters claim that tech giants, like Yahoo, built software to scan millions of its customers’ accounts to find inside information on behalf of the FBI. But Yahoo claims that the report was misleading and it only complied with the government’s request for user data, saying: “…the mail scanning described in the article does not exist in our systems.”

Note: there was not a complete denial…

Many organisations profess that they are “law-abiding”. This I do not doubt, but their trustworthiness can be questionable. When Yahoo’s scandal was revealed last month, the tech giant admitted to the “state-sponsored” hacks, which allowed access to 500 million customer accounts. It seems that organisations do not see the need or urgency in upholding their customers’ personal data when their sensitive information is accessed and passed around so easily.

It questions many security procedures that are implemented in organisations. Are they doing enough to protect their customers from the risk of a cyber-hacker? The potential resources that tech giants have seem to be within reach, so why are they not using it to their full potential? Some tech giants may perceive to be offering a ‘secure’ way of storing personal details, but this could be a false sense of security.

Even tech leaders like Apple seem to have security issues. An example is the iDict tool, which almost allows anyone to bypass the Apple iCloud account. Apple enabled a two-step authentication process to access the account – which makes us believe that it is much harder to get access to the account. However, the tool was created as a response for those who had difficulty accessing their iCloud account. The tool pulls from a non-infinite list of popular passwords and uses a brute force technique to attempt to access the account.

It seems that Apple has weakened the security, but at the same time, gives off the impression that there is strong security in place to protect personal details.

We, as potential victims, must be alert to where our personal data is being processed – not just by hackers alone, but by organisations who are capable of passing our data on without our consent, or through their lax security. There is a real threat that organisations will pass on personal data, whether it be knowingly or unknowingly, for the government or for cyber-criminals to use.

The moral to this story is: do not judge a book by its cover. Some organisations may promise to keep your data safe, but behind closed doors, this might not actually be the case.

“Big Brother Style Surveillance” – Yahoo allegedly handing over emails to U.S. Intelligence Officials

“Security Breach that Cost TalkTalk £400k” – The major telecom company fined for the lack of security protection of customer accounts