Is Anything Secure?
It wasn’t that long ago; I remember I would get a letter from some company, I had done business with, informing me they had experienced a data breach and that my personal information might have been exposed; this letter would cause me to panic, obsess over what I needed to do, and create all kinds of unnecessary worry and anxiety. Looking back, no matter how hard they tried, the letter sent to me didn’t offer comfort, but I was eager to read what they said to learn what was next. Honestly, after reading what they outlined, and offered to provide on my behalf, my stress was only heightened. I realized I was going to have to sign up for a tracking service from a company I had never heard of, and put my credit report on my radar and pay attention. Processing their words that assured me they had it under control, seemed a little late.
Just a few years later, what used to be a rare occurrence that introduced a new threat to me, has now become a common event that hardly registers. I couldn’t be certain, because I don’t take time to register when I am notified, but I think I have received four ominous letters this year. I have reached the point in life where the only thing in my mailbox are bills, requests from Trump for money, and notifications that my information is accessible to the world to diddle with me.
According to IT Governance USA, in the six-month period from November 2023 to April 2024, there have been 2,741 publicly disclosed breaches covering 6.9 billion records; notably included in those numbers are recognized companies like, AT&T, Loan Depot, Comcast, Kaiser Permanente, Optum, Xfinity, and Delta Dental. It seems no one is immune or able to protect the data they have.
If you haven’t received a threatening letter from a company sharing the good news, you are very lucky; or more likely living under a rock. Statistically, at this pace, it appears impossible anyone can escape the data breach lottery. I say lottery because having your data exposed doesn’t mean you are doomed; it just means you are available for abuse. It feels a bit like waiting each year to hear if the IRS is going to audit you; it’s not altogether clear how they choose people, but if they choose you, it can leave a mark.
Like the IRS, having someone steal your identity and attack your credit is a miserable process. No matter how optimistic and confident the company who lost your data sounds when they chronicle all they will do for you, getting your number called in the fraud lottery stinks. My initial tangential knowledge of this subject was enough for me to know I didn’t want to go through it and was the source of my anxiety in the early years. Today I still don’t want to experience having my data in the hands of some person with evil intent, but I must admit I am numb to the notifications, letters, and offers to protect me. I don’t know if that is good; I guess I have accepted reality and fighting it seems impossible; instead of fighting, maybe I am better off perpetuating the fantasy that I am immune and there are any remnants of privacy still left.
Accepting the truth feels like the only reasonable approach; US citizens no longer remain under the radar. Not only are we under constant threat from some unknown person who finds joy in spending their entire life trying to steal from people, but we also are complicit in sharing our data; social media being the simplest example, Alexa in your home always on call is another, your phone serving as a tracking device on every step you take doesn’t help, and search engines know all there is to know about you; there are unlimited ways we open the door for others to enter our private domain.
I don’t see this changing, and I don’t believe we can ever go back. We have consented to having companies, the government, and unnamed computer wonks collect everything about us, process that data, and if financially rewarding, sell it to the highest bidder. It is overwhelming, and the source of me waving a white flag. No longer is the goal to keep squatters from entering my house; they can’t be kept outside; the goal now is to get the unwanted out of the house when they get in.
When the internet became a thing, the business community hailed the ability it would give companies to scale; it has delivered on that promise in spades. What wasn’t predicted was how it would also allow other things to scale; things that aren’t so good. Things like theft, misinformation, government control, and exploitation of people. I guess you take the good with the bad.
Historically, the good benefits find a way to outdo the bad. Sure, early on, an innovation that was used by bad actors for bad outcomes might have an edge, but in time the good would catch up and provide a calm balance that highlighted the innovation with controls. I don’t think we will be able to see this rebalance occur with data and its security; things move too fast. It is an hourly race with no rest breaks to collect yourself; and we are losing.
Do you ever wonder where this is going and where it will end up; I do. How do people live in the future when their identity and behavior is so well understood that they no longer are a product of their own efforts, but influenced by other forces that can’t be seen, managed, or avoided? I don’t know; it feels like we are spinning very fast with little hope of slowing the vortex down.
Getting a letter from a company saying there was a breach is how the average person hears about this, and likely is the full extent of what they know; but it doesn’t begin to capture the intricate interconnected web of data that is stored about the person who received a formal letter of notification. Because there is such a large gap between what we are told and what is happening, I have concluded there isn’t much we can do, and I have little to no confidence our politicians will help.
I for one dread my local mailman stepping onto my front porch (although he is a nice guy); when he shows up, I don’t have much to look forward to. Am I going to be told that some company I trusted has lost my private data to some hacker (likely from another country), who now knows all my identifying information, or is the best I can hope for, a plea for money from the RNC?
I am sure the companies who have had a breach, spent millions of dollars to prevent the attack on them, and I know they are distressed when they lose data and likely client trust; but I am not sure holding them accountable makes things better; I’m not sure anything makes this situation better, and that is sad. It is sad that with all the benefits we have experienced from innovation, we are faced with a very real question, is anything secure?
