Personal Security After Data Breaches

Your personal security is your responsibility, not the government or other third-party entities. It is up to you to assess whether or not trusting you or them will solve your own issues; I am firmly of the former stance.

Just change the caption on this old pic, "My data has been stolen and NSA won’t arrest the culprits."

nsa-joke-backup-meme-crop

(Warning: I’ve used this pic before.)

2 Likes

I recommend The Ransomware Hunting Team by Renee Dudley and Daniel Golden to learn of the codependency of data breachers, insurance companies, and commercial ransomware mitigation “services” and how some government agencies in some countries ignored the problem when it was still small enough to do something about precisely because it was “too small”. (And the story of a small international band of ransomware crackers and police in a smallish European country successfully partially mitigated attacks.) The Ransomware Hunting Team - Wikipedia

spoiler

The companies sometimes used info actually from the amateurs to break the encryption of ransomware victims but mostly acted as “negotiators” fir “reduced” ransoms. Usually the negotiated ransom was less than the cost of recovering from backup so insurance companies would pay up.

2 Likes

This looks interesting: https://remover.visiblelabs.org/

  • Free to use.
  • Source code hosted on GitHub; buildable yourself, if desired.
  • Works internationally.
  • Completely automated.
  • Sends formulaic deletion request to brokers, with your name and address (only), plus your provided email address (for direct responses from the data brokers).
  • Repeatable every 45 days.
  • Only your email address is stored at Visible once it has been hashed (SHA256), and is deleted after 45 days; name & address is only used to generate the one-time deletion request emails.

I’m testing it.

EDIT: Already getting confirmations of data deletions or “data not found” replies from the brokers.

3 Likes

You should also inspect the other side of the coin.

1 Like

The California DELETE Act is now law! It will be a while before the actual opt-out “button” is available to California consumers, though.

This article contains the timeline: https://www.privacyworld.blog/2023/12/california-delete-act-imposes-new-obligations-on-data-brokers/

2 Likes

10 Minutes of Delete:

1 Like

Just needs an army of Cybermen to go through Big Tech … DELETE DELETE DELETE DELETE …

2 Likes

Security researcher Brian Krebs (KrebsOnSecurity[.]com) has been writing a series of articles on data brokers and data deletion services, and the sometimes suspicious entities behind them.

For instance, the personal data deletion service OneRep[.]com is headquartered in Belarus and Cyprus, not in the state of Virginia, U.S.A., and its founder also launched multiple people-search companies himself.

This article exposes the PRC company ( Shenzhen Duiyun Technology Co.) behind several U.S.-focused people-search sites, apparently created for affiliate revenue purposes, as they redirect to other major, “legitimate” search sites such as Spokeo.

Krebs’ report on Radaris reveals apparent links to:

…multiple Russian-language dating services and affiliate programs. It also appears many of their businesses have ties to a California marketing firm that works with a Russian state-run media conglomerate currently sanctioned by the U.S. government.

3 Likes

That’s wild

2 Likes

Response to Krebs’ report, from OneRep, plus Mozilla drops OneRep integration into Firefox: Mozilla Drops Onerep After CEO Admits to Running People-Search Networks – Krebs on Security

3 Likes

7 posts were split to a new topic: Firefox search by default

You’ve set a different search engine… Right? :wink:

1 Like

A glimmer of hope: Oracle is shutting down its once-$2B advertising business • The Register

“Everyone on Wall Street should take notice that companies who comply with data privacy laws while trying to operate data vacuums and data marketplaces, are bound to lose money,” said Edwards.

2 Likes

Anyone for an anchor pool on data marketplace stock bubble? I bet the data vacuum sucks.

1 Like

I just got notified that my personal information has appeared on the Dark Web, including name, 4 different (very old) former addresses, social security number, one old phone number, and several phone numbers that were not even mine, from a different U.S. state.

Fortunately, I have a freeze in place on my credit file at the major credit reporting agencies, and at bureaus that screen bank account and insurance applicants, although that’s still no guarantee of safety.

I’m glad I “parked” the old phone numbers with my VOIP provider after I changed to a new number. Maybe that will mitigate the risk somewhat, along with the other measures I’ve implemented.

1 Like

Maybe that’s why I get the random incoming call on my L5? (Not necessarily you, some other guy’s data breach.)

1 Like

Could be. You could check your number on the Have I Been Pwned website to see if it has appeared in any breaches. Otherwise, maybe your number is just published somewhere online, or appears in databroker records (or other public records).

1 Like

I’ll also get a security PIN from the IRS, to hopefully prevent any fraudulent tax returns in my name.

1 Like

That doesn’t necessarily have to arise from a data breach. It can just be robodiallers working their way through numbers in sequence.

2 Likes