Gemalto has released the Breach Level Index, a global database of public data breaches. The Dutch manufacturer of chips for mobile phones and credit cards recorded in the first half of 2018 leakage of almost 4.6 billion records from companies. This figure is 133% higher than a year ago. Can blockchain help solve this problem?
In total, according to Gemalto, 945 leaks occurred against 1,162 in January-June 2017. Most cyber incidents are recorded in North America (559), Australia (308) and the UK (22). Of the 945 cases of leaks, 256 accounted for health care, 132 - in the financial sector, 86 - in educational institutions, 68 - in professional service provider companies, 61 - in governmental institutions.
As a result of the malicious actions of the attackers, the company lost 3.6 billion data records in six months. The volume of lost data in the case of random leaks decreased by 47%, to 880 million records. Most often, attackers hack companies for identity theft (87.2% of cases). The second most popular goal is to gain access to financial data (here the leakage size is measured by 359 million records for the first half of 2018). Following is the leakage of these accounts - 220 million compromised data samples.
The largest social networks, including Twitter and Facebook, lead the amount of data stolen. They are followed by government agencies.
“Obviously, this year social media has been the top industry and threat vector for the compromise of personal data, a trend we can expect to continue with more and more sectors leveraging these platforms to reach key audiences, especially political teams gearing up for major elections,” said Jason Hart, vice president and chief technology officer for data protection at Gemalto.
The Breach Level Index is a global database of leaks that provides an estimate of the level of a particular data leakage by various parameters. Each leak gets a certain score, so the data leakage severity index is a comparative table of leaks, which allows us to distinguish small and minor incidents from really large and significant leaks.
During the first six months of 2018, more than 25 million records were compromised or exposed every day, or 291 records every second, including medical, credit card and / or financial data or personal information. This is particularly true of the fact that only one percent of the stolen, lost or compromised data was protected by encryption to make the information useless, and a half to one and a half less compared to the first six months of 2017.
Our personal information is currently concentrated on the Internet and in the databases of companies, that is, in fact, an easy prey for intruders. It can be expected that such growth rates of the data generated and collected will continue to weaken the protection of our personal information. So, the problem is indicated, but where to find its solution? And here a distributed ledger technology (DLT) can come to the rescue. Blockchain, in fact, is a public registry stored in several places. The technology can provide anonymity and trust, as evidenced by numerous DLT-based solutions that have already begun to appear.
Still, the Dutch technology company Gemalto, which is conducting a study, has previously submitted a Trust ID Network mobile digital identification application based on the Corda blockchain platform from the R3 consortium. Gemalto stated that Trust ID Network will allow users to verify their identity as quickly as possible. In the future, information can be used to work with suppliers of digital services, in the field of e-commerce, banking, and other areas.
Discover how @Gemalto’s Trust ID Network on #Corda is revolutionizing self-sovereign #digitalidentity. Learn more: https://t.co/Znp4VtrzBG pic.twitter.com/5h2Yn29CDZ
— R3 (@inside_r3) September 19, 2018
The creators of the project believe that Trust ID Network is destroying the weaknesses of traditional identification systems such as lack of user experience, constant increase in transaction costs, complexity of regulation and control. The launch of the application should take place before the end of 2018.
Earlier this year, the technology giant Microsoft announced its intention to use distributed registry technology to create a Decentralized ID (DID) system based on the Microsoft Authenticator application. Microsoft developers believe that blockchain is ideal for storing personal information. They studied in detail these systems and concluded that the DLT and its mechanisms would be the best solution for ID decentralization.
According to Microsoft developers, the blockchain will eliminate the need to provide broad consent for the use of private information for numerous applications and services for collecting and storing information. The identity of users will not be duplicated and distributed among several service providers, such as Twitter, Facebook, Instagram, Google Play and Amazon. Representatives of the company are confident that the destruction of traditional forms of identification is inevitable, and independent decentralized systems will be a worthy replacement for them.
Another well-known project that uses blockchain to protect personal data is the Civic company. It is a digital identity management platform that uses Bitcoin's blockchain. The user is registered in the Civic application, which collects his personal identification data. And, depending on the country, this data is transmitted to a third party - either a state agency or a company that verifies personal data. Once the user data has been verified, Civic transfers all the information into a cryptographic hash and inserts it into a public blockchain, and then deletes the user's personal data from its servers.
If after that the user wants to provide his personal data for authorization in another service, he gives all the information requested for registration, and the service sends this information to Civic, where it is checked using a special algorithm for compliance with the user’s hash previously added to the blockchain. Once the compliance of the user's personal data and his hash is confirmed, the service connected to the Civic platform no longer needs to store the user's personal data for its identification and authorization. Therefore, if the Civic or the company using this service to confirm the authorization of users, will be subjected to hacking, your personal data will not be affected, as they are stored only on your device.
Civic to Offer Secure Identity Verification Services on the Brave Publisher Platform https://t.co/pxK2tCxKQe
— Civic (@civickey) September 21, 2018
Recently, it became known that the privacy-oriented blockchain browser Brave uses Civic identification technology to verify content producers. Passing a special KYC procedure will allow advertisers to securely receive BAT tokens. At the same time, Civic emphasizes that their KYC-procedure is quite flexible, and content producers will not have to provide extra data.
Subscribe to our Telegram channel to stay up to date on the latest crypto and blockchain news.