The Collateral Damage of a Personally Identifiable Information Data Breach


In the previous article in this series on the collateral damage produced by a data breach, we looked at the catastrophic harm that could result if hackers gained access to your electronic health record, or EHR. In this post, we will review the collateral damage that can occur from Personally Identifiable Information Data Breach.

Another area of extreme interest for cyber criminals is Personally Identifiable Information or PII. In this kind of data breach, information like your address, phone number, online contact information, driver’s license number, date of birth, profession, employer, income, family members, and personal habits or interests can be directly associated with your name. In turn, this makes the stolen information even more useful for mounting highly targeted attacks on individuals for any number of purposes.

Cincinnati Police Officers’ Personal Identifying Information Dangerously Exposed

Some might argue that much of your PII is publically available, but it is not available as a complete set. For example, name, address and phone numbers of Cincinnati police officers could be found in the yellow pages, but the phone book doesn’t say who they work for, where they work, or who their family members are. This is why the public exposure in February 2016 of personal data about members of the Cincinnati police force put the officers’ family members at risk.

Potential Collateral Damage of a Personally Identifiable Information Data Breach.

  • Mailbox Theft or Dumpster Diving: A personally identifiable information data breach can lead to a targeted attack since the malicious attacker knows the details around where you live, where you work, who you work for and other such details. This can lead to a malicious person targeting you to access confidential information. Such an attack can also divulge the secrets of your personal life, which can be used for additional targeted attacks, or to identify and locate your loved ones and associates in order to target them for attack.
  • Stalking and Retaliation: Compromised PII can be used by stalkers to locate individuals at home or work and put them in harm’s way, or be used by malicious individuals to discover vulnerable opportunities to retaliate for some perceived offense.
  • Compromised Home Security: Individuals identified as high-value targets of theft may be geo-located through a personally identifiable information data breach, which could lead to break-ins, theft and vandalism.
  • Customer Support Access: Most customer support centers verify the identity of the person calling by asking PII-related questions. By knowing your personal information, imposters can access your critical records. The harm done can range from requesting an unauthorized password change to draining your accounts.

Stolen personal identifying information can be used to target you – or even those associated with you – for direct mail scams or spear phishing attacks, personal or online coercion, slander or blackmail campaigns, or used in any number of other ways that would never be revealed through credit or identity monitoring. Two years of credit monitoring may be helpful when attackers target individual’s credit cards or open fraudulent financial accounts. Most of the damage done in a Personally Identifiable Information Data Breach, however, would not show up on an individual’s credit report, making credit monitoring ineffective in mitigating the damage which can be done.

In the next article, we’ll look at how a compromise in the security of your Social Security number could have very expensive ramifications for you. Check back with us to learn more about how to protect your sacred nine-digit number.

Don’t wait for your organization’s data to be compromised!

Contact ThreatModeler today to develop consistent, end-to-end security.

Comments are closed.