When surfing the Internet, everything we do generates information, from the videos we like, the songs we listen to, the pages we visit, even the transactions we make. This is how in the era of data analysis our behavior on the Internet becomes a valuable asset, not only for private companies, but also for military organizations where the information generated gives intelligence services planning and prevention capabilities in almost real time.
What is a Data Broker?
Data Brokers are companies that collect data from different sources such as social networks or news sites to generate profiles of individuals that can later be segmented into specific groups to make the marketing processes of interested companies (government or private) more efficient.
Among the methods used to collect information is the use of the now famous cookies. How many times have we not entered a page and we get a message asking us to accept cookies? While some of these are rooted in the functionality of the page, many are responsible for collecting information, these cookies are actually a small amount of text that helps to collect user data and “improve” the experience within the page, within the information collected are:
Device type.
Unique browser identifier.
IP address.
Browser type.
Language.
Country.
Operating system.
Behavior within the page (clicks, articles read, purchases, etc.).
For some Data Brokers the collection and monetization of information comprises their entire business model. This model allows the direct sale of the collected data, as well as letting companies use the collected information to publish more efficient advertisements, which reach the people most likely to consume their products or services.
Security and background.
All companies are vulnerable to a data breach and Data Brokers are no exception, apart from the ethical dilemmas that these practices may have, there have been many data that have been released to the public due to inefficient security measures. It is estimated that in the United States alone more than 200 million people's records have been leaked after attacks against Data Brokers, some examples:
In September 2017 Equifax announced a data breach that exposed the information of 147 million people, costing them around $425 million in compensation to those affected. Cybercriminals exploited a security breach in their web application which allowed them to access their records.
In 2018, researchers found that data broker Exactis exposed around 340 million records to the public via the internet through its insecure server. That same year, data broker LimeLead compromised billions of records because they failed to implement a password to their servers.
In August 2020, one of the data broker's clients was hacked causing people's data to be compromised, as reported by cyber security journalist Brian Krebs who released an investigation. It all starts with data broker Interactive Data, a broker that had collected a huge amount of sensitive personal information, including email addresses, social security numbers, date of birth, physical address, vehicle registrations, etc. This information was traded with a vast number of clients, from law enforcement to debt collection companies. Cybercriminals were found to be using this information for bogus loan applications, costing the U.S. federal government millions of dollars.
Data Brokers with the largest amount of filtered data.
Retrieved from: https://cybernews.com/privacy/top-data-broker-breaches/
In conclusion, the spectrum of data collected is too broad, which generates constant concern about the use that is given to our information and the abuses that may occur, this concern only increases when considering that much of this information is sensitive, populations can be segmented at risk either by their financial status or their health indicators (physical and mental). When information is sold without regulation or oversight, it can be used for unethical purposes. Data brokers, and subsequently their clients, handle amounts of data in the hundreds of millions of records, in some cases even more. The consequences of not having adequate security mechanisms in place to preserve the privacy of the information collected can not only result in millions of dollars in losses for companies, but also in latent harm to individuals who, in many cases, are unaware that their information has been collected. “No data breach is small, if it includes your information.”
References:
Cimpanu, C. (2020, January 14). zdnet. Retrieved from 49 million user records from US data broker LimeLeads put up for sale online: https://www.zdnet.com/article/49-million-user-records-from-us-data-broker-limeleads-put-up-for-sale-online/
EXCELLENCE, N. S. (n.d.). Data Brokers and Security. Retrieved from stratcomcoe: https://stratcomcoe.org/cuploads/pfiles/data_brokers_and_security_20-01-2020.pdf
Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims. (2020, Agust 6). Retrieved from Krebson Security: https://krebsonsecurity.com/2020/08/hacked-data-broker-accounts-fueled-phony-covid-loans-unemployment-claims/
How to stop data brokers from selling your personal data. (n.d.). Retrieved from Kaspersky: https://usa.kaspersky.com/resource-center/preemptive-safety/how-to-stop-data-brokers-from-selling-your-personal-information
Lapienytė, J. (2023, February 14). +200m American records compromised in top data broker breaches. Retrieved from Cybernews: https://cybernews.com/privacy/top-data-broker-breaches/
Newman, L. H. (2019, November 22). 1.2 Billion Records Found Exposed Online in a Single Server . Retrieved from Wired: https://www.wired.com/story/billion-records-exposed-online/
Sherman, J. (2022, September 27). Data brokers and data breaches. Retrieved from Duke, Sanford school of public policy: https://techpolicy.sanford.duke.edu/blogroll/data-brokers-and-data-breaches/