What happens to the victims of data theft, once hackers get hold of their identity? We were tempted to say “digital identity”, but that would not have been complete. Once the personally identifiable information (PII) or sensitive personal information (SPI) is in the hands of malicious entities, it can affect the real-life identity of the victim. Social security, banking, travel – here’s just a few palpable and non-digital aspects of identity theft victims that may suffer.
Broken identity and the seemingly impossible dilemma
When cyber-crime strikes and individuals see their personal data compromised, some damages can be controlled, while others cannot. As with physical theft, the victims use means of blocking their online accounts wherever possible. This measure is better enforced sooner than later. This reduces the time in which the hackers (or the subsequent data buyers) may act on behalf of the victim.
Nevertheless, what happens when hackers manage to steal biometric identification data? Somebody’s fingerprint, facial profile or iris scan is unique. Once compromised, how can it be replaced? This is the more critical side in digital data theft. What about the information that isn’t replaceable? Issuing a new set of papers after data theft is one thing. Yet there’s no way of getting a new set of fingerprints to compensate the fact that some criminal is able to use using the victim’s.
As if waiting for the matter to be cleared out by the police and being unable to make use of one’s identity were not enough, there are elements that cannot be repaired/replaced once damaged.
Therefore the dilemma consists of the intricate, if possible way, for a data theft victim to take his/her life back. As FBI lists, fraudsters go for “names, Social Security numbers, and dates of birth”. They will target “Medicare numbers, addresses, birth certificates, death certificates, passport numbers, financial account numbers (i.e., bank account, credit card), passwords (e.g., mother’s maiden name, father’s middle name), telephone numbers, and biometric data (e.g., fingerprints, iris scans)” as well. Supplementary meaningful personal data may catch their interest. Depending on each target, membership cards, access cards or tokens may lead to important contacts to whom the victim had access to.
Will trusted identity fix the broken identity issue?
Traditional approaches in security are no longer sufficient. Due to the need to dissociate the genuine from the fraudster, the concept of trusted identity emerged. Initiated by the US government in 2011, the NSTIC project is intended for secure transactions. This National Strategy for Trusted Identities in Cyberspace should reduce the amount of disclosing information, as well as the risks.
The layman presentation from of above source is rather ambiguous. However, the concept remains as an open proposal in what online identity is concerned. Reducing the amount of data that has to circulate to and from with every authentication sounds appealing. NSTIC makes use of a due to a special online environment that complexly establishes trusted identities for each participant.
However, we find that the same notion turned into universal biometric adoption in 2015. Information Week quickly dismisses it as being the appropriate solution, due to exactly the same thing we’ve mentioned above. Once compromised, biometric-reliant login credentials can never be replaced. Add to that the fact that, depending on the stakes, there would be cyber-criminals capable of taking someone’s finger or eye in order to pose as them.
If trusted identity anchors itself in biometrics, it becomes exactly what the latter is. An ambivalent combination of extremely personalized credentials with high risks. Once stolen, the victim loses the possibility of ever employing that biometric parameter as a password.
Encryption – an old friend
Of course, encryption is not a post-event solution. It only helps if set up previous to any cyber-incident. When personal data travels in the digital environment in its encrypted form, this may serve as a shield, even in cases of theft.
As the LastPass team stated when they suffered their famous data breach, the thieves may well get their hands on the data, but it is useless for them because of its encrypted state.
Storing and transmitting sensitive data only in its encrypted form is an option you always want to have. And when you have it – use it. Specialists have explained why this matters enormously time and time again. Of course, in many cases the encrypt-or-not option is in the hands of businesses and organizations. Individuals can often make decisions upon this matter only by proxy. Yet, even so, by keeping informed on which organizations do care about correctly protecting customer data we can shape the online environment for the better. Always make informed choices, in view of preserving your cyber safety.
People can also take care to encrypt the data on their devices. Also protect it while it is stored or travels outside their devices. You may check here a few details on how to do that. Remain informed of the latest available tools – always.
Broken identity reporting guidelines
Once contemplating the seriousness of the personal data theft matter, the realization that there’s little a victim can do after the breach is bound to make an impact.
There are guidelines on what affected people should do in order to let the law enforcement forces know what happened. Incidents should be properly reported. That is, when the victims are aware of what happened. In many cases they might not even know that somebody else is employing their PII. Nevertheless, vigilance always helps.
Once hackers strike, reverting to traditional methods of banking, communicating and identifying oneself are the immediate solutions. In the case where essential data cannot be replaced and it is forever under suspicion of replication, the damage extension is only a matter of chance.
Due to the fact that flawless digital authentication is yet in the making, try and prevent any severe data loss incident. Pay attention, reduce the amount of data-spreading in the online environment. Be careful what digital partnerships you enter your data in, and employ encryption. And for the moment, perhaps postpone biometric authentication, unless convinced of the high degree of biometric data protection.
