BACKGROUND:
Twitter has suspended a hacker who allegedly stole all of the data from Argentina’s database holding the IDs and information of all 45 million citizens of the country. A threat actor using the handle @aniballeaks said they managed to hack into Argentina’s National Registry of Persons — also known as RENAPER or Registro Nacional de las Personas — and was offering to sell the data on a cybercriminal forum.
<p>We look to government to help regulate on our behalf the misuse of our personal data. In many ways, governments have established themselves as the guardians against the careless handling, processing, and storing of our most personal and sensitive information. So when governmental entities themselves become targets of hackers, we can’t help but note the irony.</p>
<p>In this case, the data breach that the Argentinian government recently sustained demonstrates a number of common themes: porous perimeter caused by human mistakes, highly sensitive personal information that was poorly protected at the data level, and public fallout that affects celebrity and non-celebrity citizens alike. Data privacy breaches are the great equalizer, negatively affecting every data subject in the exact same way. Governments need to lead the way with better data-centric security, accepting the fact that sensitive information may fall into the wrong hands at some point but ensuring that it cannot be compromised in that eventuality through the use of protection methods such as tokenization or format-preserving encryption. We want government to be an example of effective risk management and data protection, not the opposite.</p>
<p>Cybercriminals will stop at nothing and governments need to come to the realisation that data loss is no small problem that can be brushed under the carpet. Data leaks involving extremely sensitive information can be very dangerous in the wrong hands, and we are seeing more and more finding its way to the dark web and criminal market places. Human error still plays a huge part in the compromise of data so better safeguards need to be put in place to stop these attacks with better training and authentication methods to mitigate the constant barrage of attempts.</p>