Ah, another year has passed and we’re ready to jump into the future of 2019. First, let’s take a look back at our predictions from 2018 that came true. We discussed the potential of AI to stop hacking, scammer’s new techniques to take advantage of social media users and transparency in IoT devices. Of course with the emergence of technology and cybercriminals evolving their techniques, unanticipated challenges have arisen.
2019’s focus will be on data: Data breaches, data abuses, data privacy. Even though ITRC is first and foremost a victim service and consumer education organization, we know that the thieves need our data in order to perpetrate their fraud and identity theft.
Data breaches: Consumers will gain more clarity (about how a specific breach actually effects them. Breached entities will be pushed to be more transparent and less vague about the specifics of the type of data that has been breached. Vague terms such as “and other data” or “client records”, that appear on data breach notification letter currently will no longer be tolerated by breach victims. Thieves are always looking to get their hands on our data and with a little technique called “credential cracking,” we think we’re going to be seeing more security notifications, not just breach notifications in 2019. Here’s what’s going on: following a large-scale data breach, and in order to gain access to your online accounts, a hacker simply uses a large database of usernames and allows the computer to “guess” the passwords for each account they are attempting to log into. We’re beginning to see companies send security notifications to their customers that their username/email credentials are being used – possibly by an unauthorized user – to login to their platform even if there is no account (i.e. Warby Parker & Dunkin Donuts).
Data Abuses: The public will gain more insights into data abuses, not just breaches. More incidents, like the Facebook/Cambridge Analytica event will come to light. As we as consumers demand more transparency, and as regulators probe deeper, the ongoing act of using our data for other than the purpose for which we have given consent will come out of the shadows. Consumers will also start paying more attention to the notifications they receive from businesses that say their information was shared with third parties and what that means for them.
Data Privacy: Consumer empowerment around privacy and data privacy is top of mind in a way that it has never been before. Other states will follow California’s lead and pass their own data privacy legislation in the hopes of empowering consumers and keeping industry in check. Especially seeing as California, Florida, Texas, New York and Pennsylvania (in that order) had the highest numbers of cybercrime reports last year. This will likely not provide the much needed long term solution, or the necessary cultural shift. Just look at the condition of the state by state data breach notification laws, and the years-long discussion (that’s at a stalemate by the way) of a more universal regulation and process. Will we start that cycle over again here? Probably. Until the public has a concrete understanding of the complex relationship between data creators (consumers), data owners (the platform on which the data was created, generally) and data users (every industry currently operating in the US) these statewide measures will fall short of making any real headway into actually giving us more control over our data or more privacy.
Even though it has been discussed for over 13 years, there is a good chance that 2019 will be the year that a federal data breach notification law will become a reality. Of course, predictions are just an educated guess based on previous events and information. Industry, policymakers and the public alike will have to wait and see how 2019 will be impacted by identity theft, cybercrime, hacking and data breaches. One thing we can be sure of though is that the ITRC will be here, working to fight back against the latest techniques to commit identity theft and scams.
Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.