As Americans do more shopping and banking online, more of their private data is stored on servers and in the cloud. This makes it more vulnerable than ever to cybercriminals, who appear to be having the time of their lives — at the average American's expense.
Forty-seven percent of adults in the U.S. had their private information compromised by hackers in 2014, according to the Ponemon Institute. That's 110 million people being robbed of their basic right to privacy.
Keeping our privacy private is becoming a heavy lift. After all, if a company with the size, wealth and technology expertise of JPMorgan Chase can become a victim of a massive cyberattack, what chance do the rest of us have?
Apple CEO Tim Cook said that people shouldn't settle for the current situation. "None of us should accept that the government or a company or anybody should have access to all of our private information," he said in a February interview with The Guardian. "This is a basic human right."
CNBC presents a look at the various ways that Americans are losing their privacy to cybercrime.
—By Dan Bukszpan, special to CNBC.com
Posted 22 October 2015
When you give your personal information to a retailer, an insurance provider or the U.S. government, it's all up for grabs when there's a data breach. In August 2014, JPMorgan Chase had the records of 83 million households and small businesses stolen, including e-mail and home addresses, and that was just one of several breaches in the last five years that have compromised consumers' sensitive information.
Others include a 2013 breach of Target, for which the company paid its hacked customers a collective $10 million in damages, a 2014 breach of the health insurance company Anthem that exposed the Social Security numbers, email addresses and home addresses of 80 million people, and in the same year, the records of 109 million people were compromised when Home Depot was the victim of a breach.
The IBM Security Services 2014 Cyber Security Intelligence Index is an analysis of cyberattack data from the company's security operations. According to the index, 95 percent of all cyberattacks that it investigated identified "human error" as a contributing factor in that year.
Many of these errors were simple blunders that many of us commit every day without realizing it. They included "use of default user names and passwords or easy-to-guess passwords … and disclosure of regulated information via use of an incorrect email address," according to the index.
A "cookie" is a data fragment sent from a website, indicating what site the user has visited. In October 2014 the news went public that Verizon Wireless had been writing code into its cookies that brought them back to life after users deleted them, earning them the nickname "zombie cookies."
Wired described them as "a kind of short-term serial number that advertisers can use to identify you on the Web," and Verizon planned to use them to share user data with advertisers, making it easier to target products to them. Consumers called it an abuse of power, and Verizon announced this month that it would limit the cookies to Verizon-owned sites only.
It is not known how many businesses use this type of tracking, but the technology isn't new. In 2010 some Microsoft websites were discovered using the technology, which they disabled in 2011 in response to negative criticism.
If authorities are investigating someone whose emails they feel demand closer scrutiny, they can seize those emails. They can also seize the emails of anyone with whom the suspect was corresponding. "The government can't just wander through your emails just because they'd like to know what you're thinking or doing," said Stewart Baker, formerly of the Department of Homeland Security. "But if the government is investigating a crime, it has a lot of authority to review people's emails."
The case of former CIA chief General David Petraeus is a high-profile example of this. He resigned after an extramarital affair in which he was involved was made public, and what gave him away were emails that he sent under an alias to his mistress. The FBI was investigating her in a separate case, and the emails between the two of them were seized, eventually leading authorities to Petraeus.
Speaking of Petraeus, his replacement at the CIA, John Brennan, has just become the latest high-profile "victim" of WikiLeaks. On October 21, WikiLeaks began publishing emails leaked from one of Brennan's personal accounts.
And you might have heard about the government reviewing a pretty wide swath of emails related to a person named Hillary, too.
If you've ever done a Google search for a product, such as a barbecue grill, then visited Facebook and seen an ad for a barbecue grill, it may seem as though advertisers are mining your browsing. According to Clay Calvert, director at the MetroStar Systems consulting company, that's because advertisers are mining your browsing.
"It used to be that when we visited a Web page, you just connected to that one website," he said. "Now it is possible to actually be connecting to 75 different servers through advertisements, and what is disconcerting is that some of these advertisers are connecting you to other servers that the original site doesn't even know about."
Calvert said that privacy is also being threatened by an outdated attitude toward data. He said that it's not enough just to protect a network, since a network can be infiltrated. When that happens, the data has to be better protected. Rights Management Services, which use encryption to limit access to sensitive data, is ideal for keeping private data safe.
The point is, it's no longer enough to just protect the network; the data within the network has to be protected with the same level of vigilance.
"We spend too much time on protecting the network but not the data," Calvert said.
Your smartphone contains an expansive vista of sensitive information that cybercriminals would be thrilled to usurp. Your bank accounts, contacts and passwords are all on it, and any thief worth his salt knows how to access them.
On this front, there's actually been some good news. Consumer Reports, which reported that smartphone theft was on the rise in 2013, reported their decline in 2014, from 3.1 million phones stolen to 2.1 million. It credited the widespread adoption of "kill switches" — allowing theft victims to remotely wipe all of their data from a stolen phone — to this decline.
Facebook passed the 1 billion user mark on a recent August day. These users generate 4.5 billion "Likes" per day, and when one of them "Likes" something, whether it's Bernie Sanders, "Game of Thrones" or a cat video, they're doing more than just voicing approval. According to Walter O'Brien of Scorpion Computer Services, they're disclosing information that is used to infer many things about you.
O'Brien cited a study conducted by Cambridge University and Microsoft Research, which looked at patterns of behavior on social media and used them to extrapolate information about people. He said that according to the study, people of high intelligence "Liked" Mozart, thunderstorms and "The Daily Show," while people of low intelligence "Liked" Harley-Davidson, Lady Antebellum and the Facebook group "I love being a mom."
The study also extrapolated a user's sexual preference from his or her "Likes." Gay Facebookers "Liked" Kathy Griffin, Adam Lambert and the musical "Wicked," while heterosexual Facebookers "Liked" Foot Locker, Sports Nation and The Wu-Tang Clan.
In June 2015 the hacking of password management company LastPass became public knowledge. Most experts recommend using exactly such a service as LastPass to create strong passcodes, as most people on their own can't come up with a string of characters long enough and random enough to foil criminals.
In the case of LastPass, the company said that its protections are so strong that almost all of its users' data remained safe from the attack. "We are confident that our encryption measures are sufficient to protect the vast majority of users," LastPass CEO Joe Siegrist said on the company blog. Be that as it may, if the attack points to a larger trend of criminals targeting security vendors, then the scope of attacks against individuals will widen.
The consumer has a few tools, such as encryption software to protect emails, as well as steps to take to minimize damage after private information is compromised, courtesy of Norton. Still, the data shows it's hard to escape the conclusion that average Americans are losing more of their privacy every day.