Governmental Institutions Around the World Fail to Protect Their Citizens’ Data Why Aren’t Authorities Capable of Protecting Your Data?
September 2019 by Daniel Markuson, the digital security expert at NordVPN
More and more governments around the world are discussing encryption backdoors to help them fight various criminal activities. However, the data breaches, hacks, and cyberattacks, which we hear about every day, affect not just private companies. Governmental institutions suffer from them too. Due to various software system flaws, millions of unsuspecting citizens have been affected only this year.
Daniel Markuson, the digital privacy expert at NordVPN, says that some governmental institutions believe they are too small and insignificant for hackers to attack them. However, recent events in Baltimore, Florida, and Texas defy this belief. In May, Baltimore struggled with a cyberattack that froze thousands of computers and disrupted real estate sales, water bills, health alerts, and many other services. A few Florida municipalities had to pay hackers a ransom of $1.1 million after municipal employees were locked out of their email accounts and important files. Just recently, in August a ransomware attack hit local governments in Texas, affecting up to 23 entities.
“Out-of-date software used by some governments and a variety of contractors make them an easy target. That’s the most common reason why these institutions get hacked. Updating a digital security system and making it immune to cyberattacks require millions of dollars and high-level skills,” explains Daniel Markuson, the digital privacy expert at NordVPN. “Slow internal processes and complicated procurement procedures add up to the reasons why some organizations are still using unsafe security software. However, data breaches are expensive, and the security of people’s sensitive data should be considered priceless.”
Here are just a few examples of the governmental data breaches that happened this year. They became infamous for the scope and the numbers of citizens affected.
• This May, Ivan Begtin, a co-founder of a Russian NGO called Informational Culture, discovered and documented several leaks from Russian government sites. The personal information and passport details of 2.25 million citizens, including high-profile politicians and government officials, were exposed online and available for download.
• In June, five million of Bulgaria’s seven million citizens had their personal data compromised in an attack on the country’s national revenue agency. Both private and social security information on every adult in Bulgaria was exposed – perfect for identity theft or attacking lucrative targets. Half of the leaked database was posted on several public forums.
• In the late spring of this year, an unknown hacker attacked a US Customs and Border Protection subcontractor and put much of its internal data on the open web for download. The exposed database included photos of travelers’ faces and license plates, surveillance equipment schematics, and sensitive contracting documents. Now, the border surveillance company – the longtime contractor named Perceptics – is suspended from carrying out business with the federal government. However, over 400 GB of data was stolen and 100,000 people were reportedly affected.
Human error is one of the biggest sources of data breaches, according to NordVPN’s Daniel Markuson. Using weak passwords and falling for phishing scams can hurt an organization immensely. The digital privacy professional explains that it is quite easy to leak email and password information when an employee clicks on a virus link, reveals user credentials, or downloads malware attachments. “Just one click can compromise the entire database of an institution,” says digital privacy expert.
Daniel Markuson, the digital security expert at NordVPN, says that we can’t control what information authorities have about us and how they handle it. However, you should take some measures once you hear a company or an institution relevant to you has been hacked. Find out what information has been leaked and act accordingly:
• If the leaked information included your login details, you should change them immediately. Start using a password generator for creating strong passwords. Set up 2-factor-authentication, which requires a second password or PIN, usually sent to your smartphone.
• If your payment details were stolen, you should contact your bank as soon as possible and freeze your card. Check your recent statements for any suspicious activity. Set up a fraud alert with the credit bureau that would notify you if someone tries to open new accounts or take out loans using your card.
• If your ID, passport, or social security number were leaked, inform authorities right away. Prove your identity before anyone else did, issue a fraud alert, and review your Social Security statement and credit reports for any illegal activities or suspicious charges.
Remember, everyone can become a data breach victim. Even governmental institutions that handle our most sensitive information are vulnerable as their cybersecurity is sometimes lacking. Just stay alert and notify authorities whenever there is a need in order to minimize the damage. Hopefully, the authorities learn from the mistakes others endured and start investing more in cybersecurity.