Why is data theft treated so casually when it has the power to affect all our lives in dangerous and unforeseen ways?
In July this year, a report pegged the average cost of a data breach to a little over R19 crore in 2024, which was supposedly 7 per cent more than the previous year. Representation pic/istock
It’s one of those images that appear with startling regularity online: the names, numbers, and private information of strangers on stained paper used to serve bhelpuri at Juhu. ‘Look at where your data ends up’ the posts say, and everyone smiles, shaking their heads at the casual carelessness with which governments and organisations treat their users’ and citizens’ secrets. There is this implicit acknowledgement that who we are on paper matters as little as who we are in real life, and that our online lives are as cheap as our lives offline.
ADVERTISEMENT
A couple of weeks ago, one of the country’s largest insurance firms admitted to being the victim of a cyberattack that allowed criminals to access health records and other sensitive information belonging to millions of its customers. Names and addresses were obviously taken, along with medical reports, insurance claims, identity cards, and even tax details. That this story didn’t occupy us for as long as it ought to, was testament to how we have all internalised the fact that nothing about our personal lives is truly our own anymore.
I stopped for a minute to think about what that hack meant to those who were targeted. I thought about what criminals could do with information about someone’s health, savings and finances, and what their value was to anyone who wanted to exploit those facts and figures. I also wondered if those who were hacked realised what this loss meant, and how a few newspaper reports and press releases had managed to reduce the enormity of this crime just because of how common it had become within a few short years. Naturally, there were reassurances made about how the firm’s operations and services were unaffected, but did that really matter? Wasn’t it the equivalent of saying a farm is running after the animals have bolted?
A quick search yielded more troubling information about how these hacks are underreported, and what the financial implications are for businesses that are targeted. In July this year, a report pegged the average cost of a data breach to a little over R19 crore in 2024, which was supposedly 7 per cent more than the previous year. What wasn’t spelled out is that while this figure defined the scale of loss in purely financial terms, it glossed over the theft of data stored on public and private clouds.
It’s another thing we don’t talk about as much as we should—clouds, and what we store on them. We have now been trained to give up as much information about ourselves as we can, without a fuss, in exchange for the temporary and meaningless gratification of likes and emojis. We happily tell anyone who wants to listen in about our daily preferences, deepest desires, prejudices and concerns, even what we ate for lunch, because we have been raised to believe that social media is an inescapable part of our lives. As an aside, and as someone who hasn’t been on a social media platform in almost a decade, I would like to point out that its absence has only been great for my overall well-being.
Here’s another piece of information that appears to have disappeared from our collective consciousness. A little over a month ago, the government reportedly blocked websites that exposed sensitive information including Aadhaar and PAN Card details. In October 2023, a US-based cybersecurity firm claimed that personal identifiable information—names, addresses, phone numbers, passport information—belonging to 81.5 crore Indians had been leaked on the dark web and was available for sale.
We seem to have forgotten the barrage of government-funded advertisements about how these new identity cards would simplify our lives, and how they would make it easier than ever for us to access critical services. Compare what was promised with how those cards have been used since they appeared, what they are used for, and how they have become insurmountable hurdles for some of the most vulnerable among us.
We don’t take our data seriously because we have subscribed to the misguided notion that its loss doesn’t affect our daily lives. We fail to see how organisations with access to it can use it against us. Companies react to these cyber hacks with tame press releases about how they are nothing more than attempts at tarnishing their reputation. All that matters is the health of their bottom line. Until they start being honest about the cost, to themselves as well as their customers, we will continue to pay the heaviest price.
When he isn’t ranting about all things Mumbai, Lindsay Pereira can be almost sweet. He tweets @lindsaypereira
Send your feedback to [email protected]
The views expressed in this column are the individual’s and don’t represent those of the paper.