Note: when a breach claims “stolen data” nothing is stolen.

Stolen implies that the original content is no longer available.

Data is copied.

This is why breaches at Equifax, Experian, Transunion (TLO), etc. have little impact on those corporations.

They can still do business.

Identity Thieves that *copy* data from Surveillance companies are doing this same thing as those companies - using data of our lives against us without our input or control.

We should have control over our data.

This is a political issue.

Technology has only and will only continue to allow this surveillance at massive scale.

Vote, run for office, conduct civil disobedience (if you’re willing to face the consequences), call your representatives and hold them accountable.

And the next time you hear about a breach from these companies, know they mean that their data of their product (you) has been copied by other theives.

Unless the original data was destroyed (including offline backups), nothing was stolen.

Nothing was impacted.

@tinker data breaches aren't theft of data but they are theft of something else, intangible as it may be...

When a data breach occurs privacy and data integrity are stolen. Those things *are* taken away permanently in a data breach.

The twist: The credit rating bureaus are not the victim of such theft. YOU are. Equifax are just the original thieves who were careless with their stolen goods.

@tinker sorry to depress you, but vote because facists are on the rise and may put you into camps..

@tinker sorry for stereotyping the future, big mood strikes again... Nevertheless feel dysmal about it.

@tinker I take issue with the premise. It is stolen. Perhaps the question is whom was it stolen from. But information can be stolen.

It could be that we need a new word. But as time goes on, more and more of our stuff will be bits and bytes.

@Jason_Dodd - I argue that both the corporations and the ID theives stole the data from the people.

While when the ID theives copy from the corporations, it does not affect or impact the corporations ability to conduct business.

When both steal from the people, the people lose their agency.

That’s the distinction I’m trying to make.

@tinker I still don't like it. Let's say I give ownership of my data to a company. It has some advantage having my data. If that data is 'stolen' from that company, it then loses some of it's advantage for having my data.

While I understand the sentiment, I don't feel quite right claiming it's not theft. At the same time, I do see it as different.

@tinker This gives me an idea. In the event of a breach, the company should be required to delete any personal data the intruders were able to access. That should make them a bit more careful.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.