Read the article on Data Breaches and answer the following questions: Discuss th

Read the article on Data Breaches and answer the following questions:
Discuss the implications of data breaches on both consumers and companies. Consider the examples given in the text of Wishbone, Wawa, Verifications.io, People Data Labs, and Oxydata.
Analyze the role of Dark Web in data breaches and cybercrimes. How does the Dark Web contribute to the severity and complexity of these issues?
What are the potential consequences of poor data security for a company like Wawa or Verifications.io? Besides the immediate financial implications, what long-term impacts might these companies face? Consider factors like reputation, customer trust, and potential legal consequences.
Evaluate the ethical considerations involved in the practices of data brokers like People Data Labs and Oxydata. In your opinion, are their data gathering and selling practices ethically justified? Why or why not?
In the context of massive data breaches and the commercialization of personal data, what steps can individuals take to protect their own data privacy? What responsibilities do companies have to protect their users’ or customers’ data?
Submission must be between 750-1500 words in length in APA format, including a title page, and please use at least two academic resources.
Data Breaches
From the beginning of 2019 until mid-2020, data breaches exposed approximately 17 billion records, including usernames, passwords, debit and credit card numbers, home addresses, phone numbers, and other types of sensitive data. The first quarter of 2020 set the record for data breaches, with more than 8 billion records stolen. Some data breaches result from sophisticated nation-state espionage operations; others are carried out by online criminals who plan to sell the stolen data.
Attackers have typically stolen and aggregated consumer data that they have used to break into people’s accounts, steal their money, blackmail them, or impersonate them. In fact, according to Experian (www.experian.com), more than 30 percent of data breach victims later experience identity theft.
In June 2020 attackers took data thefts to a new level. They integrated previously breached databases into a vast, unprecedented collection of 2.2 billion unique usernames and associated passwords and were selling them on the Dark Web. The Dark Web is a part of the Internet that is not visible to search engines and requires the use of an anonymizing browser such as Tor to be accessed.
Because the data came from old leaks, security professionals hope that users change their passwords when they are notified about a breach. Taken together, these massive databases create real risk to individuals by enabling identity theft, credential theft, phishing and spear phishing attacks, credential stuffing, and other attacks. We discuss these attacks later in this chapter. We now take a look at some recent data breaches.
Wishbone
In May 2020 a hacker put up for sale the data on 40 million users registered on Wishbone (www.wishbone.io), a mobile app that lets users compare two items in a simple voting poll. According to the seller’s claims and a sample of the data published online, the Wishbone data included usernames, emails, phone numbers, city, state, and country, as well as hashed passwords. To produce a hashed password, organizations apply an algorithm to the real password to turn plaintext into an unintelligible series of numbers, symbols, and letters. Unfortunately, security researchers revealed that the Wishbone passwords were in a weak hashing format that can be cracked using freely available online tools.
Wawa
Founded in 1964, Wawa, Inc. (www.wawa.com) is a U.S. chain of convenience stores and gasoline stations located along the East Coast. In December 2019 Wawa disclosed a major security breach, stating that hackers had inserted malicious software, known as malware, on the company’s point-of-sale systems. The breach impacted all 860 of Wawa’s convenience retail stores, and the malware had operated from March 4 until December 12, 2019. The attackers stole data on 30 million U.S. customers as well as more than 1 million non-U.S. cardholders. On January 27, 2020, a Dark Web marketplace known as Joker’s Stash began selling card data from the breach.
The retailer further stated that the data included debit and credit card numbers, expiration dates, and cardholder names, but not debit card PINs, credit card CVV2 numbers, or other personal information. However, security researchers concluded that the Wawa data actually did include CVV2 numbers. A CVV2 number is a three- or four-digit number printed on the back or front of credit cards, debit cards, and prepaid cards that you provide for security purposes when making a purchase online or over the phone.
Verifications.io
Email validation companies are an important component of the email marketing industry. These firms do not send out marketing emails for themselves. Instead, they check their customers’ mailing lists to ensure that the email addresses contained in them are valid.
This process entails sending a message to the email address and confirming that it was delivered. Mainstream email marketing firms often outsource the process rather than face the risk of being blacklisted by spam filters or lowering their online reputation scores. In early 2019, security researchers discovered an unprotected, publicly accessible database belonging to Verifications.io, an email validation firm. The data contained 809 million records of detailed, plaintext marketing data.
The data consisted of 2 billion unencrypted records. These records contained 763 million unique email addresses, as well as names, phone numbers, physical addresses, genders, dates of birth, personal mortgage amounts, interest rates, various social media accounts associated with email addresses, and characterizations of people’s credit scores (such as average, above average, and so on). The data did not include Social Security numbers or credit card numbers.
Verifications.io responded that the database contained data gathered from public sources, asserting that the company was not liable for any negative consequences caused by its data leak. That being said, the company took its website and the database offline the same day that the security researchers reported the problem.
People Data Labs and Oxydata
People Data Labs (PDL; www.peopledatalabs.com) and Oxydata (www.oxydata.io) are data brokers. A data broker collects and integrates data from a variety of sources—public records, census and change of address records, motor vehicle and driving records, user-contributed material to social media websites, media and court reports, voter registration lists, consumer purchase histories, bank card transaction records, Web-browsing histories, and many other sources—and then sells the data to other organizations.
PDL claims to have data for sale on more than 1.5 billion people around the world, including personal email addresses, LinkedIn addresses, Facebook addresses and IDs, and phone numbers. Oxydata claims to have similar data on 380 million people in 85 industries and 195 countries.
In October 2019 security researchers found approximately 1.2 billion records of consumer data on an unsecured, easily accessible server. The data contained 50 million unique home and cell phone numbers; associated social media profiles from Facebook, Twitter, LinkedIn, and Github; work histories seemingly scraped from LinkedIn; and 622 million unique email addresses. The data did not contain sensitive data such as passwords, credit card numbers, or Social Security numbers.
Security researchers asserted that the data appeared to come from PDL and Oxydata. PDL responded that they did not know how the data appeared on the exposed server. Oxydata maintained that, although the data on the exposed server could have come from one of its customers, it definitely was not leaked from the Oxydata database.
The researchers did not know who actually collected the data or if the data in fact were stolen. They reported the exposure to the Federal Bureau of Investigation (FBI). Within a few hours, an unknown person(s) took the server and the exposed data offline.
Neither data broker could rule out the possibility that one of their customers had mishandled their data. Further, the two firms could have left the data exposed themselves. This situation emphasizes the security and privacy issues inherent in the business of collecting, buying, and selling data. What is important here is that huge volumes of data are being collected, aggregated, stored, and commercialized without the knowledge of the data owners. Who are these owners? They are all of us!
Final thoughts: Damage from data breaches impacts not only consumers but companies as well. Wishbone, Wawa, and People Data Labs are facing class action lawsuits over their respective data breaches. As of July 2020 it appeared that Verifications.io had gone out of business. At that time, there was no evidence of a lawsuit against Oxydata.