Open Notes

Your Data Is Already Stolen

Today would be a good day to steal your data. We are all online in a shopping frenzy and your credit or debit card is heating up from overuse. Your head is already spinning, so I’m glad you’re taking a break to read this. Maybe you’ve already made a mistake that allowed hackers to get your info.

Relax. Your data is already stolen.

The bad guys already have your credit card info, social security numbers, mother’s maiden name, your phone numbers (obviously — all those junk texts explain that) and home address.

Perhaps you’re doing some soul searching right now, wondering why and where you screwed up. Well, let’s track back. You probably don’t use the same password for everything, right? You might even use a password handler like RememBear or Dashlane. Good for you. Keep it up. Won’t help. Because it’s not all your fault.

As Brian Krebs pointed out in a blog about the Marriott data breach, anything you put on line will eventually get hacked, leaked, lost, or misplaced.

I use Anthem as my health insurance carrier. They were hacked. My social security number, along with those of 37.5 million other Anthem clients, went into the wrong hands. Anthem used my social security number as my ID number. Dumb, right? I went along with it. Dumber, yes? I dumbly logged in day after day using my social security number until Anthem got hacked and changed to a different log in system. The Writer’s Guild still uses my social as a log in. Lesson learned? Uh ...

I was in the Starwood Hotels rewards program. After Marriott bought Starwood, I learned, along with hundreds of millions of others, that my data had been hacked from the Starwood Hotel reservation system. The bad guys may have some of my credit card info. I’m still in the Marriott rewards program. I can only hope that Marriott has hardened their systems. But maybe not.

The data insecurity of the Internet is not your fault but you can do something about it. When Marriott asks for your passport number to “make reservations easier” you can just say no. If a site asks to put your credit card “on file” you can wonder if that’s necessary.

Every time I log in, create an account, or register, I question if these nice people really need all that information. Instagram needs my age? Why? They are obviously going to do some marketing with that information, probably marketing that I won’t enjoy receiving. (“Hey, you’re old. How about a casket?”)

We trade ease of use for security all the time. Before you do, a neuron should ping in your brain and trigger the question “why?” Face ID is a really cool feature on an iPhone. Apple says the facial recognition data will never leave my phone. But what if it does? I can’t change my face like I may change a password.

Every once in a while, I like to see if any of the emails I use have been compromised in a data breach. Dashlane, the password manager, will check for you if you have a premium subscription. You can check for free on haveibeenpwned.com. Today, I discovered that the email I use often has been compromised in breaches of bitly, the link shortening service, the graphic design tool Canva, Drizly, the alcohol delivery service, Edmondo, the education networking platform, Forbes, Lumin PDF, and Wattpad. I picture myself a few months ago guzzling Japanese whisky ordered from Drizly, posting Canva graphics on my socials, checking my Edmondo profile and writing a story for Wattpad and somehow, because the Hakushu 12 Year Old was so good, opening myself up to a breach. The wave of guilt I would feel would only be mitigated by having another glass.

Let’s get real. The real mistake I made, or anybody makes, is in trusting a company to safeguard your data. The lesson is to give them as little of it as you can.