What can happen if personal data is sold

To put it brie y, a data leak puts you at risk, personally, professionally, mentally and also financially

By MARK RAO & LYDIA NATHAN / Pic By HUSSEIN SHAHARUDDIN

We just recently found out that sensitive information of 4.6 million Malaysians were stolen and offered for sale in the biggest data breach the country has ever seen.

The implication of data such as phone numbers, identity card numbers and addresses in the hands of criminals is vast, to say the least, but for the most part, ordinary Malaysians have not reacted in the level of outrage that this data breach deserves.

Of course, by the time you find out that your personal data has been sold, it’s already too late to do anything about it — but there are grounds to be concerned.

Depending on the data stolen, cybercriminals make money off them by selling them in the illicit part of the Internet to other criminals who use information for scams, identity theft, credit card fraud and tapping into personal financial accounts.

In the case first alerted by Lowyat.net, the majority of data stolen was from telcommunication companies that include information which can be used to clone your phone, track your whereabouts, trace your calls, read your messages, as well as get private and vulnerable photos and videos of you.

In a foreign example, T-Mobile found a bug on their website that made the personal data of 76 million customers accessible to potential hackers who could, among other things, alter serial numbers that make a mobile phone untraceable if it were to be resold on the black market.

Kaspersky Lab global research and analysis team chief security expert Alexander Gostev said given the vulnerabilities, there is very little users can do to protect themselves.

“If a user believes that they may possibly be a target for a potential attack, the best choice they have is to change their mobile number,” he told The Malaysian Reserve in a statement.

Furthermore, in today’s day and age, most people are doing their banking over the Internet.

By simply providing the bank with your name and address, a criminal is able to make subtle changes to your financial accounts without you realising it.

A criminal can open up an account and use that to get loans, credit cards, as well as apply for special benefits — leaving you with a mountain of debt that you may not be aware of.

InfoWatch Group international business development chief Vladimir Shutemov said people should also be wary on what they do on mobile phones.

“It is important to attentively monitor any calls, SMS or banking operations using a mobile phone.

“You should always monitor all your accounts balance frequently,” he said.

Shutemov urged people who have concerns on this matter to change their mobile devices’ passwords regularly.

Another concern that can certainly be more severe is identity theft. A serious offence, identity theft has been around long before the Internet existed.

The only difference is, these days the web and its capabilities give criminals a better tool to acquire information without the need of making any face-to-face interactions.

This is when a criminal makes use of your identity and poses to be you — which could, in the end, lead you to be charged or even arrested for something you did not do.

Due to the illicit and incognito nature of the data hacking trade, it is difficult to ascertain just how much damage the 46.2 million data breach can entail, as well as how much hackers could stand to gain from it.

Beyond the spam messages and suspicious links to quick-rich schemes cluttering our inboxes, cybercriminals can spread all types of malware and you can become a victim of phishing attacks.

Therefore, access to our personal data — mobile numbers, email addresses or the serial numbers of our devices — can cause very real consequences to our privacy, as well as personal financial information.

In the end, tackling this issue will likely require both industry-wide collaboration and better individual awareness, though the lack of transparency surrounding data and cyber crime in Malaysia could prove to be its biggest stumbling block.

To put it briefly, a data leak puts you at risk, personally, professionally, mentally and also financially.