This post is also available in: עברית (Hebrew)
Sensitive data about military personnel and their families, including information on health, finances, religion, and location, is accessible and up for sale for as little as $0.12 per record. The data was reportedly obtained from US data brokers.
According to a year-long study carried out by researchers at Duke University, data brokerage poses a great threat to the US national security. The researchers discovered that data brokers were advertising data about current and former US military personnel, and set out to discover what kinds of data the data brokers are collecting and selling, and what risks this may be posing.
According to Interesting Engineering, the researchers contacted 12 data brokers and inquired about purchasing information on military personnel and ended up purchasing data from three brokers. They found that many brokers do not bother with extensive identity verification and background checks when selling the data, while there were some with certain controls in place. The researchers reported that one broker required identity verification- unless payment was made via wire transfer, while another asked them to sign a non-disclosure agreement. Some brokers refused sales due to the absence of a website or “verified” company status, while others asked about the intended use of the data.
Ultimately, it seems that anyone with a few hundred dollars could get this sensitive data for both good and bad intentions.
When it comes to the content of the personal data, the datasets the researchers obtained contain details like names, addresses, email addresses, health conditions, religion, and financial data, all readily available from $0.12 per member.
The study concludes that these practices are part of a larger data brokerage ecosystem that collects data on nearly every American, posing a significant national security risk. It is apparent that foreign malicious actors could easily acquire this data (either legally purchasing it or through hacking) and exploit it for purposes like espionage, election interference, profiling, scamming, blackmail, and much more.
The researchers concluded the study by recommending that Congress pass a privacy law to establish controls on data brokers, the Department of Defense assess and control the flow of information to data brokers in its contracts, and Congress to regulate agencies to enforce new laws and regulations.
This information was provided by Interesting Engineering.