Understanding Information Theft

Surrendering to Technology

Embracing technology entails providing personal data to access various services, including social networks, communication apps, hospitals, banks, corporations, and governmental bodies. This necessitates sharing essential details such as your name, age, mobile number, email, and even health status. Currently, our reliance on technology has led to our personal and professional lives being entrusted to major corporations.

Understanding Data Breaches

A data breach involves the unauthorized access or acquisition of sensitive user information by a group without the owner's consent. This poses various risks to users. It's important to note that not all hacking incidents constitute data breaches. For instance, a Distributed Denial of Service (DDoS) attack may disrupt services but not necessarily compromise data security. However, a Ransomware attack qualifies as a data breach as it involves seizing user data and demanding ransom.

Whose Information Is Being Stolen?

Data breaches and theft affect not only technology companies but also all public and private companies and institutions. According to a study, 83% of organizations and companies, including large and small businesses, private and public sector companies, as well as government agencies, have reported their information being stolen more than once.

 

The Health Sector Is the Primary Target 

For the 13th consecutive year, the health sector has been the leading source of data loss. From March 2022 to March 2023, the cost of data loss to the health sector exceeded $10 million, marking a 53% increase over the past three years.

 

How Do Information Breaches Occur?

The primary motivation behind information theft is financial gain. Attackers employ various methods and techniques to obtain users' information, exploiting vulnerabilities in companies, including:
1. - Cyberattacks: Hackers utilize sophisticated techniques and attack programs to identify weaknesses in companies and infiltrate databases to steal information.
2. - Phishing: This is the most common method of personal information theft in Kurdistan. Attackers send deceptive links, posing as legitimate entities, to trick individuals into disclosing their information. Once the link is opened, the information is stolen.
3. - Internal Leakage: Occasionally, employees, often enticed by financial incentives, facilitate the unauthorized disclosure of information within the company.
4. - Third Parties: Some companies sell their users' information to advertising and research firms, known as third parties. While these entities may not misuse the information, they lack the same level of security as the original companies, making them vulnerable to hackers who exploit this weakness.
5. - Unintentional Errors: Occasionally, technical glitches or employee mistakes result in the 
unintentional leakage of user information from companies.

 

How Is This Stolen Information Used?

The use of stolen information varies. For example, some demand money to return the information to 
the company, while others use it for advertising and understanding users' interests in the field. It can also be used for more dangerous activities such as:
- Fake Identity: Stolen user information is often used to create fake identities and carry out illegal activities.
- Fraudulent Transactions: Sometimes, this information is used for fraudulent transactions and loan processes.
- Threatening the User: Attackers may use sensitive information as leverage, demanding a fee for not disclosing it.

 

Do Companies Themselves Publish Their User Data?

No company deliberately publishes its users' information as it damages the company's reputation and may result in serious material damage and legal prosecution.

Do Companies Disclose Information Theft?
In most countries, companies are required by law to admit if their users' information has been stolen so that users can protect themselves. However, sometimes companies delay or are reluctant due to concerns about their reputation.

How Can We Protect Ourselves?

The process of information theft has always existed and comes in two forms:
1. Taking information from the company that holds your data, which is beyond your control. However, companies, despite being constantly attacked, maintain high levels of security, making it difficult for attackers to obtain information.
2. Direct theft from you, which is more common as hackers find it easier to deceive and attack users. 
To protect yourself, remember these points:
- Use strong, complex passwords for all online accounts and change them regularly to prevent theft if your information is compromised.
- Enable secure authentication methods for your phone, such as two-factor authentication.
- Avoid opening suspicious links or providing sensitive information through them. Legitimate companies won't request such details via links. Similarly, do not share passwords with anyone, even if claimed to be from a trusted entity.
- Keep your applications updated and refrain from downloading suspicious ones.

 

A Serious Threat

The digitization of banking and online services in Kurdistan, with the government's intention to open bank accounts for employees, poses a serious threat. If these steps proceed, information theft in Kurdistan is likely to increase. Given the lack of awareness among our people and their susceptibility to deception, conducting an awareness campaign before implementing this process is crucial.