Data breaches and where to find them
Today I got a message from a friend that I rarely talk to nowadays. They were asking how to access something on the darknet, and if I knew how to find what they were looking for.
Yesterday, over 1 million Swedes had some personal information published on the darknet. It is one of the most extensive leaks that has happened in Sweden due to the sheer number of victims. The kind of data varied from kind of basic, like a name or an email address, to actually sensitive stuff like the victim's employer, sick leave, or home address. A lot of what was published is already public in Sweden, but only for regular citizens. People with high-risk jobs or those living under protected identity are by-default excluded from public records, but some are in this leak. Security experts warn that the data may be used to forge highly credible phishing attacks. The data was acquired by a breach of the employee database Miljödata used by companies in both the public & private sector. The attack was known since late August, but it was just yesterday that the data was published as the ransomware was not paid.
As always when these data breaches happen, I'm mostly curious about how the breach was possible in the first place. The exact details on how Miljödata was pwned has not been published yet, but the hackers de-facto managed to get in and smuggle out all this data from Miljödata's system(s) without being caught. Another aspect of what makes a data breach possible is the data itself: some data has to exist in order for it to be breached. Data has many dimensions, but two of them are completeness and timeliness. The less attributes you store, the less complete of a picture will you have of an individual. And as time goes on, the data runs a greater risk of becoming outdated.
Reducing the amount of data you store is always the best option to mitigate the damage caused by a leak. But what really bothers me about this breach are the reports of people data points that are 25 years old. I.e. people who were employed at the start of this millennium could very well have had some personal information leaked yesterday. That just seems excessive in this instance - surely they don't belong in the same database as currently employed people. And if they are in fact in different databases, it means that Miljödata's data segmentation was also broken.
Overall this situation leaves a very uneasy feeling in me. I'm not naive, rather contrary I'm acutely aware that I give out lots of data about myself to all kinds of third parties constantly. But sometimes you are reminded of the fact, and you start to feel uncomfortable. Again. This is not your first rodeo.