In the era of data breaches, resist giving it up whenever you can


Face the truth: We’ve lost the battle to protect our personal information.

The latest high-profile data breach involving AT&T is yet another reminder we are at war with cybercriminals.

The telecom reported that hackers had obtained call and text records of almost all of its wireless customers, compromising about 110 million accounts.

Though the stolen data did not contain the content of those communications or expose personal information such as Social Security numbers or dates of birth, the breach still added to the volume of data collected on consumers.

According to the Identity Theft Resource Center, there were 3,205 data compromises last year involving more than 353 million victims, a record high in the United States, a 78 percent increase over 2022.

Because the digital attacks have left me feeling vulnerable, I’ve increased my efforts to limit their potential damage.

Whenever possible, push back when companies ask for information they don’t actually need.

Once, as I was picking up some furniture, the clerk wanted to take my driver’s license and scan a copy into the retailer’s computer system.

He insisted the information was needed to keep a record of the items that were picked up by customers. Nonsense. I had a receipt. But I was okay with him verifying my identity by eyeballing my license.

There was a long line of customers behind me, visibly annoyed — blowing their breath, rolling their eyes. I told the employee, loudly enough for them to hear, that the store’s policy was unnecessary and that it could expose me to identity theft should their system be hacked. Every piece of information that is compromised helps criminals improve their tactics in targeting victims.

I gave the clerk two choices: Give me my order or issue a refund.

He begrudgingly retrieved my purchased items.

One small victory for data protection. But it’s an ongoing struggle.

Here’s what happened to me recently.

My husband and I are going to Cambodia and Vietnam next year. After looking up regional carriers, we settled on Qatar Airways and I decided to sign up for its loyalty program. It’s likely we will take future trips to cities the carrier serves.

As part of the sign-up process, I was required to provide birthday information. However, I mistakenly reversed the numbers for month and day. Spotting my error minutes after registering, I tried to correct my profile, but Qatar’s system wouldn’t allow it.

I couldn’t get help on the airline’s site, so I sent a message via X to @qatarsupport, which promised 24/7 customer support.

In a direct message, I was instructed that I would have to upload two identification documents, such as a passport, birth certificate, or driver’s license.

I didn’t have to provide documentation when setting up the account.

Immediately, I became concerned. How many people have access to the data? Where is it stored? How secure is Qatar’s system?

After several attempts, I couldn’t get direct answers from Qatar through an emailed media request, so I reviewed its privacy notice.

The airline writes it “has taken adequate safeguards to ensure the confidentiality and security of your Personal Data.”

Then, it promised that to prevent unauthorized access, it has “put in place physical, technical and administrative measures to safeguard” my data.

This assurance did not comfort me after reading the following caveat: “Although we use reasonable efforts to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Website or Mobile Apps via the Internet or similar connection.”

In 2013, Target’s computer system was breached, allowing criminals to access to steal credit and debit card information from as many as 40 million consumers. An additional 70 million customers had their names, phone numbers, and email addresses compromised.

This incident affected my personal information.

Almost seven years ago, Equifax announced a massive breach had exposed the personal information of approximately 147 million people. At the time, the company said hackers exploited a “website application vulnerability.” People’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers, credit card numbers, and other personal information were stolen, putting millions of folks at risk of identity theft and other fraudulent activity.

Equifax notified me that my data was compromised.

Every time there’s a data breach, the companies involved tell their customers that they deeply regret the inconvenience it might cause. They pledge to enhance security procedures. However, gaps in data protection continue to lead to stolen data. And, to be fair to the companies, con artists and hackers work full time, sometimes with the help of foreign governments, to outsmart corporate security systems.

So, I will not be uploading my driver’s license, birth certificate or passport to Qatar’s website for its travel rewards program. I found a workaround.

I deleted the one account with the wrong information and created a new one.

I know I cannot win in the race to protect my data. It has been repeatedly exposed.

But every act of defiance, however small, is worth a victory lap.

Resistance isn’t always futile.

Leave a Reply

Your email address will not be published. Required fields are marked *