Your identity is more valuable than money


Cyber theft has long replaced the ‘traditional’ concept of bank robberies. A much more sophisticated method of attack that has been in use for years has accelerated of late as a slew of hacks across the world has proven.

Recent international targets, including the US Federal Reserve, the Central Bank of the Philippines and Qatar National Bank (QNB) in Doha, have all been subject to notable security breaches.

What’s striking, however, is the fact that in some instances, no money is being stolen. In QNB’s case it was a robbery of data – hundreds of customers account details, including their passwords, their social media profiles, were posted onto a whistleblower website. No one really knows what’s behind it, but it proved that data is alomost more valuable that money these days.

Where once the main purpose behind this activity was to make money, hacking and leaking information has now escalated into issues as prominent as state secrets, government intelligence and political gain as part of the ‘hacktivism’ movement.

With safety of the consumer remaining an issue due to the slow-paced movements of the enterprise world versus that of the ever-evolving technological capacity of the hacking world, the public is forced to brace for further and harder hitting attacks in times to come.

Are businesses doing enough to protect their customers’ data?

There are two sides to this, specifically. One is that a business protects your data while they hold it. The other is that a business truly destroys your data when they tell you it is no longer there.

The latter issue was highlighted recently when someone tried to use the New Zealand courts to get access to another New Zealander’s emails. The email owner said they were deleted, so the litigant asked the court to force the ISP to produce the emails, in any way they could.

I’m working on a “When is deleted really deleted?” story, which will be published this week.


– Pete / Al Jazeera


THANK YOU for being a subscriber. Because of you Whaleoil is going from strength to strength. It is a little known fact that Whaleoil subscribers are better in bed, good looking and highly intelligent. Sometimes all at once! Please Click Here Now to subscribe to an ad-free Whaleoil.

  • Lux

    I have always wondered what happens to deleted emails, are they really deleted and if not where do they go?

    • EvoDriver

      Depends entirely on the policy of the server handling your email.

  • ex-JAFA

    Having worked in IT for nearly 30 years, I know that data is at best flagged as deleted, and seldom actually deleted. If, for example, a client wants to be removed from a company’s database, their record is merely flagged as “do not mail” or similar; the data itself remains in the company’s system.

    The reason for this is usually that deleting the record causes all sorts of complications for the rest of the company’s data. With relational databases, which have been fairly standard since the late ’80s, deleting a customer’s record would also delete their transaction history – compromising financial data which must be retained, or complicating issues such as the service history on an item which had been sold to that customer.

    • Slijmbal

      There is a difference between structured and integrated data as held in databases and other data such as emails. I reinforce the comments around logical as opposed to physical deletions for the former but the latter holds a series of objects that can and often are actually deleted without knock-on consequences.

      The question then is whether they are archived prior to deletion. For a business then typically yes but as we all know it’s often difficult and costly to get data from an archive and it’s embarrassing how often the archive process fails when actually required.

      For an ISP – I would make it deliberate policy to delete all emails older than X months and not archive – ditto web trawling history.

      There will be a backup process, which in theory can be used to access old emails but a typical backup process will only go back a pre-determined period also. Rare to be longer periods as there are associated costs.

      So, yes, emails are probably really deleted but there is a chance they can be recovered – the likelihood of which drops off quite quickly.

  • Korau

    Your attention is drawn to the recent heist of $80,000,000 from the Central Bank of Bangladesh account with the Federal Reserve Bank of New York, and then transferred to fraudulent accounts based in the Philippines and Sri Lanka. But for a simple typo made by the crooks the haul could have exceeded $900,000,000. Not bad for a crime that the crooks could have executed in their pyjamas.

    Data breaches happen with monotonous regularity. Here is a list for 2016 that is already over 65 pages in length.

    This is a US only report, and shows 315 breaches covering 11,342,317 exposures. And the years only half done