It’s been an ugly six months for identity theft and data breaches
A look back at U.S. security debacles in 2022, combined with a “major incident” this year, is doing nothing to make Americans feel good about the safety of the biometric data they share.
None of the incidents in question seemed to target facial or other biometrics specifically, but businesses and agencies harvesting them have of late sounded pretty confident that there is little need to worry.
TransUnion has published a report claiming that at least 22 million people in the United States were victims of data breaches exposing personally identifiable information in the fourth quarter of last year alone.
Face biometrics on driver’s licenses and passports are among the irreplaceable personally identifiable data, according to the company is known primarily for its credit-scoring service.
“More than anything, this report should give government agencies a sense of where they should focus their efforts to curb fraud and prevent further victimization,” says Jeff Huth, senior vice president of TransUnion’s public sector business, in a prepared statement.
About 14.4 million consumers suffered when exposed to medical identity theft. It was the top category of public sector fraud for the third quarter in a row.
A newer breach is getting a lot of coverage. For the second time since 2019, the U.S. Marshals Service has had to report an attack. Marshals head up the witness protection program, protect judges and transport federal prisoners when they must be moved between facilities.
According to trade publication Nextgov, the service found the break February 17. It was ransomware and data theft involving a stand-alone service system. The witness protection program reportedly was not affected.
What is affected is the personally identifiable data of people who are part of service investigations, “third parties,” and some service employees. Officials have labeled it a major incident.
Almost 400,000 prisoners had their personal data stolen from the Marshals Service in 2019.
Also this month, password manager LastPass is disclosing more details about a number of hacks it suffered last year when source code and customer vault data were lifted, according to technology and culture publication The Verge.
If the identity of the hacker has been discovered, it has not been disclosed. But the company now says the culprit put keylogging malware on a devops engineer’s home computer.
The company subsequently urged its customers to change all the passwords they were paying LastPass to protect with a master passcode.