How Mega-Breaches Could Literally Kill You

China hacks security clearance information

(ABC) Although it took a while for the whole story to emerge, we learned that more than 80 million customers of Anthem were exposed in a giant breach that included Social Security numbers (SSNs) and other kinds of sensitive personally identifiable information. A scant three months later, in March 2015, Premera began notifying 11 million members that personal information (this time including Social Security numbers and medical records) somehow found its way into enemy territory.

The revelation that medical histories had been exposed was serious. The potential damage that could be wrought by evil-doing third parties using Social Security numbers was no small thing. The victims of both the Anthem and Premera breaches will be looking over their shoulders for the rest of their lives — forever exposed to the possibility of crimes ranging from credit card account take-overs to tax refund fraud based on the compromise of their SSNs.

With the addition of medical records in the mix, there was the potential for new and more terrifying kinds of attacks — extortion using the threat of leaking embarrassing, private medical information and theft of health care services, which could cause a person to be denied timely health care, not to mention all those other crimes you can’t even imagine until they are announced on the nightly news.

As if that weren’t enough, last June the Office of Personnel Management — the human resources department of the U.S. (including its spies) — announced perhaps the most devastating breach of all. Somewhere between 18 and 32 million records were floating in the wind (possibly higher, but most often pegged at 22 million). More accurately, those incredibly sensitive records were in the possession of a hostile third party. The OPM hack included millions of the most intimate details revealed (or uncovered) during security clearance evaluation background checks for present and former government employees, contractors, family members of candidates, their friends and even employees of airlines.

The latest news from the OPM breach is that the information leaked could lead to espionage for any number of reasons.

The counterintelligence campaign currently underway is specifically designed to warn current and former government employees and contractors whose information was exposed by the breach that their information could be used by an operative to strike up a conversation. Armed with personal details, this operative could quickly form a bond by talking about mutual interests or life experiences. It’s creepy, and the threat is very real. . . . (read the rest)