At a glance.
- The art of digital identity theft.
- Advanced Data Protection now available for iOS.
- Trends in identity theft.
The art of digital identity theft.
ABC News offers an interactive article that demonstrates just how data breaches allow hackers to create a multifaceted picture of a user’s digital identity by gathering bits and pieces of data from multiple leaks. By entering an email address, readers can see how many data breaches their data have been involved in, and what pieces of data have been exposed. Digital rights advocate Samantha Floreani describes what she calls a “mosaic effect”: “Maybe you were part of the Optus breach and X, Y and Z details were leaked,” she says. “Maybe you were also part of another breach that you have no idea about.” With each additional breach and each new piece of data, the odds of having your identity stolen increase. Floreani’s data was caught up in seven breaches, and Troy Hunt, the Australian cybersecurity expert who runs the Have I Been Pwned website, has been in twenty-eight. Despite the fact that he’s made it his business to inform the public about breaches, even Hunt was surprised by where his data appeared, demonstrating that once users share their data with a platform, it’s easy for it to be passed on without their knowledge. Data enrichment services compile massive databases of personal information covering everything from basics like age and email address to religion and education level, but some experts question whether this practice is legal. A 2022 research paper from Katharine Kemp, a data privacy law expert at The University of New South Wales, notes what she calls Australia’s “forgotten privacy principle,” which states, “Data must be collected directly from an individual unless it is unreasonable or impracticable to do so.”
Advanced Data Protection now available for iOS.
The Electric Frontier Foundation (EFF) shares a tutorial on activating Advanced Data Protection on Apple’s iOS. Prior to 2023, Apple offered end-to-end encryption for only some iPhone data like passwords or health data, but in January of this year the company globally released an added layer of security that also protects iCloud backups and other important files. In order to take advantage of this new feature, users must first enable two-factor authentication for your Apple account and update all Apple devices to iOS 16.3 or higher. Though not perfect (mail, contacts, and calendar events are not encrypted, and encryption isn’t always maintained when a document is shared with another user), Advanced Data Protection is a step in the right direction, and EFF hopes that Google, Microsoft, and other heavy-hitters will soon follow Apple’s example.
Trends in identity theft.
In a new report, the US nonprofit Identity Theft Resource Center (ITRC) examines incidents of identity theft reported in 2022 and the first quarter of 2023. Overall, the number of incidents was essentially on par with 2021 at 14,817 cases. The majority of incidents involved compromised credentials, and Identity misuse was primarily the result of account takeover or new account creation. Nearly half of non-governmental and non-financial accounts were misused, and social media accounts comprised 72% of non- governmental/financial account abuse. 80% of identity compromises involved cybercriminals using identity credentials as part of a scam, and Google voice scams were the most common, making up 61% of reported scams. As far as methods, identity scammers have improved their social engineering tactics to become even more adept at faking a personal relationship in order to take over a victim’s social media account. As well, driver’s license scams have become more popular, as DMV accounts made up 15% of government accounts that were misused, compared to just 4% in 2021.