How much "private" information should you keep on your clients, customers and members?
Event management company Allianceforbiz.com found itself on the receiving end of an "antisec" (anti-security) hack last week.
A known hacker called, yes, "Thehacker12" nabbed sensitive data from the website. The result: personal information, including user names and passwords, for 20,000 people (most of whom were government employees or contractors) was released online.
There's precious little that we can do to absolutely prevent hackers from accessing private data (they're always innovating and will always find a way), so perhaps this story should cause us to rethink the amount of personal information collected on our clients, customers and members. The more we provide and gather information, the greater the chance it will land on Pastebin as a giant tabbed mess of passwords and email addresses.
When the shadowy online group "Anonymous" released customer data (including names, addresses, phone numbers, email addresses and passwords) from the hacked San Francisco mass transit site mybart.org, earlier this summer, important questions were asked. Not only questions about how vulnerable this information was, but, indeed, why BART needed this information in the first place. If it's sensitive information and we understand--now more than ever before--that no information is absolutely secure online, then perhaps the degree of personal information we collect about our clients, customers, etc. should be limited.
The only way to absolutely keep data out of the hands of intent hackers is to not have the data in the first place.
Moving forward, will you be examining the type and amount of personal data you collect--and maybe cutting back?