Forbes Magazine recently reported about a massive data breach that occurred this month involving the data analytics company Alteryx which neglected to take basic security steps necessary to protect large amounts of personal data involving more than 120 million American households. The data had been left unprotected in an Amazon Web Services storage bucket available to anyone with a free account with Amazon Web Services. After being informed of the data breach, Alteryx secured the information, however, it had been available to identity thieves and scammers for a considerable period of time. Alteryx and credit reporting agency Experian, which was the source of the data both downplayed the risk of identity theft because no names were included in the data included in the data breach, but this response is either disingenuous or incredibly naive as 248 data fields for every household were included in the data breach including detailed information about addresses, ethnicity, interests, hobbies, number of children and much more. Any enterprising criminal could leverage this information to discover the names of the affected people and other information about them which would make them quite vulnerable to a variety of scams in general and, in particular, spear phishing, by which people are lured into clicking on malware infected links in emails or text messages that victims click on because the particular email or text message has been specifically tailored to them and their interests. This is just another example of the lack of important laws in the United States protecting people from data aggregators’ negligence and requiring these companies to employ security measures to protect our personal data. Many other countries require such measures by law.
While there is little that we can do to protect ourselves directly from the data breaches at large data brokers who gather huge amounts of personal information on us all, we can protect ourselves from the very real threat of spear phishing by taking the important step of never clicking on links or downloading attachments in any email, text message or social media communication unless we have absolutely confirmed that the communication is legitimate. Even if the communication appears to involve something that interests us or involves us, we should exercise extreme caution because of the increased danger of spear phishing following a long series of major data breaches that make us vulnerable to this type of attack.