The best way to prevent #dataexfiltration when breached is not to collect or store unnecessary data in the first place. That makes many of the current spate of #databreaches avoidable, self-inflicted incidents for which large companies are never held accountable in any truly meaningful way.

You're spot on when you say that #databrokers rely on large #datalakes of sensitive data they don't need directly. They also rely on large data sets where any typical datum may be harmless in itself, but often becomes sensitive or dangerous when aggregated, and often exponentially more so when connected to intrinsically sensitive data such as #PII, #PHI, or identity.

Setting aside the financial incentives and lack of accountability for the data brokers, how do #businessleaders, #regulatoryagencies, and #electedpoliticians justify this state of affairs to you? It's not like the public and private sectors don't also have data they want to protect, so why allow this shadow industry to prosper? This seems even more mystifying when it's so clearly a double-edged sword even for the brokerages' paying customers!

Important update from @briankrebs regarding the NPD breach:

https://krebsonsecurity.com/2024/08/national-public-data-published-its-own-passwords/

I hope quality reporting like this will foster a healthy discussion about how and to whom we entrust PII, but I won't be holding my breath.

In the article, Krebs provides links to sites that check
if your PII was exposed in this breach.

#infosec #cybersecurity #breach #pii

National Public Data Published Its Own Passwords

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans' Social Security Numbers, addresses, and phone numbers online.

^{krebsonsecurity.com}