In-brief: Like Love Canal or the ‘flaming river’ in Cleveland that eventually prompted anti-pollution laws, the casual leak of data on 33 million U.S. professionals is a sign that our online environment is badly compromised. But can we fix it? (Editor’s note: this blog post originally appeared on Digital Guardian’s blog.)
This week brought news of yet another massive leak of personal information: a database of contact information on some 33 million professionals compiled and sold by the firm NetProspex, part of Dun & Bradstreet (or D&B for short).
According to a blog post by security researcher Troy Hunt, the database of US professionals was provided to him by a reliable source and contains personal contact information including addresses, phone numbers and email addresses. The database is searchable by a variety of factors including employer and job description.
The data is a gold mine for businesses and marketers, but also for cybercriminals or nation-state hackers. There is information on more than 100,000 employees of the Department of Defense. Hunt notes that the “job titles” field includes entries such as titles such as “Soldier” (2,700 of them), “Chemical Engineer,” and “Intelligence Analyst” (there are 715 of those listed).More than 33,000 IBM employees are listed in the database, as well as more than 67,000 AT&T employees. Individuals working for Citigroup, Wells Fargo and other Fortune 500 firms are also well represented in the data, Hunt notes.
If this starts to look and sound like a slow-moving crisis, that’s because it is. As we learned with the flaming Cuyahoga River that Time Magazine documented in 1969 and that led to the passage of the Clean Water Act, public sentiment and the desire for action often takes years to crystallize (the same river caught fire on a dozen occasions prior to the ’69 incident, the earliest dating to the turn of the century). Simply put: people can accustom themselves to the most outrageous of conditions and become inured to them. What’s needed is an acute sense of outrage and a desire for change.
Read more on Digital Guardian’s Blog: Don’t Call it a Leak: D&B Unit Coughs up Data on 33m Professionals | Digital Guardian