Data breaches resulted in 267 million records exposed in 2012 – more than 500 per minute or eight per second – and the final tally for 2013 is on pace to be even worse. As more and more organizations fall victim to data leakage, it seems that as long as no financial data is compromised, consumers seemingly don't care. They fail to understand the serious security threat posed by even the most seemingly innocuous breach.
Merchants, daily deal sites, social networks, government agencies and health care giants have all been targeted and compromised. In most cases, attackers are looking for personal records, email addresses and encrypted passwords.
A common misconception is that non-financial data is not “sensitive data” when, in fact, email addresses are one of the most stable elements of a digital identity. As a top target for phishers and fraudsters, these addresses arm “bad guys” with a key to someone's digital universe. Email addresses and their passwords (even when encrypted) are used to access multiple online accounts and, in the hands of a hacker, they serve to better their ability for social engineering. Consequently, these non-financial data points can become the key to unlocking and exploiting an online identity. Customer education alone won't solve this problem.
For businesses that depend on email addresses to stay connected with consumers, there are a few ways to protect their organizations and customers alike:
Purge inactive accounts – inform customers and let them know why you don't want data “sitting around.” Next, assume customers have already been compromised and act accordingly. And, employ a multi-layered, device-based security protocol
Once a consumer's digital identity has been exposed, inaction poses the largest risk. Despite not being able to control how consumers manage their digital lives, organizations can help ensure that the next data breach won't result in grave consequences for themselves or their customers.