Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
privacy_risk_mitigation [2016/04/29 16:06]
peter_sy [Social Media]
privacy_risk_mitigation [2016/05/30 07:46] (current)
wikiadmin [Fraud]
Line 3: Line 3:
  
 In light of [[http://​www.rappler.com/​nation/​politics/​elections/​2016/​128716-comelec-data-leak-filipino-voters-risk-trend-micro|the recent breach at COMELEC involving personal information of 55-million Filipino voters]], we're compiling certain measures below that may help mitigate some privacy risks entailed by the incident. Since Filipino voters are generally young, it can take decades before much of the personal information from the breach becomes obsolete and useless to those who may commit fraud using the COMELEC data. Such data include (at least) fullnames, birthdates, birthplaces,​ addresses, voters'​ ID numbers, fingerprint hashes as well as (in some cases) passport numbers, tax identification numbers, fullnames of parents, email addresses, physical stats (height, weight). It appears to be, by far, the biggest online privacy breach in world history. In light of [[http://​www.rappler.com/​nation/​politics/​elections/​2016/​128716-comelec-data-leak-filipino-voters-risk-trend-micro|the recent breach at COMELEC involving personal information of 55-million Filipino voters]], we're compiling certain measures below that may help mitigate some privacy risks entailed by the incident. Since Filipino voters are generally young, it can take decades before much of the personal information from the breach becomes obsolete and useless to those who may commit fraud using the COMELEC data. Such data include (at least) fullnames, birthdates, birthplaces,​ addresses, voters'​ ID numbers, fingerprint hashes as well as (in some cases) passport numbers, tax identification numbers, fullnames of parents, email addresses, physical stats (height, weight). It appears to be, by far, the biggest online privacy breach in world history.
 +
 +----
  
 #Identity Theft #Identity Theft
Line 8: Line 10:
   * Commercial services. ​ Identity thieves could sign you up for commercial services or some scams.   * Commercial services. ​ Identity thieves could sign you up for commercial services or some scams.
   * Redirected bills. Using the data from the leaked COMELEC database, identity thieves could redirect your business or personal addresses before fully using your identity. So watch out if you're no longer receiving your bills.   * Redirected bills. Using the data from the leaked COMELEC database, identity thieves could redirect your business or personal addresses before fully using your identity. So watch out if you're no longer receiving your bills.
-  * Strange calls or texts. Be wary of calls or SMS messages that could be used to confirm certain information,​ including the telephone numbers ​included in the stolen personal information.+  * Strange calls or texts. Be wary of calls or SMS messages that could be used to confirm certain information,​ including the telephone numbers. 
 +\\ 
 +**See Also** 
 +  * [[Cases of Identity Theft]] 
 +\\ 
  
 ##Social Media ##Social Media
Line 14: Line 21:
   * Privacy Settings. If you're already on social media, adjust your privacy settings to restrict access to important information and pictures. "​Friends of friends"​ access may no longer cut it. Where appropriate,​ you may also use inaccurate information as placeholder data.   * Privacy Settings. If you're already on social media, adjust your privacy settings to restrict access to important information and pictures. "​Friends of friends"​ access may no longer cut it. Where appropriate,​ you may also use inaccurate information as placeholder data.
   * Report. In case a fraudster has already acquired some social media real estate using your identity, report it immediately. How: [[https://​www.facebook.com/​help/​167722253287296|Facebook]],​ [[https://​support.twitter.com/​forms/​impersonation|Twitter]].   * Report. In case a fraudster has already acquired some social media real estate using your identity, report it immediately. How: [[https://​www.facebook.com/​help/​167722253287296|Facebook]],​ [[https://​support.twitter.com/​forms/​impersonation|Twitter]].
 +
 +----
  
 #Fraud #Fraud
-  * Eyes on the card. When paying with the use of credit card, don't let it out of your sight where someone could copy (or take a picture of your credit card) details like expiry, CVV, and credit card number. ​  +  * //Eyes on the card.// When paying with the use of credit card, don't let it out of your sight where someone could copy (or take a picture of your credit card) details like expiry, CVV, and credit card number. ​  
-  * Challenge questions. In online banking, change your "​challenge questions"​ to items not involving information about your parents, birthplace, birthdate. +  * //Challenge questions.// In online banking ​and other financial services, change your "​challenge questions"​ to items not involving information about your parents, birthplace, birthdate. 
-  * Renew docs. Renew government-issued IDs, passports, licenses to help check possible compromised identity. +  * //Renew docs.// Renew government-issued IDs, passports, licenses to help check possible compromised identity. 
-  * Request history. If it happens you request for certain official documents like birth certificates,​ marriage certificate,​ try to inquire also about the history of such requests for your documents from concerned government agencies. See if previous requests were really made by you. +  * //Request history.// If it happens you request for certain official documents like birth certificates,​ marriage certificate,​ try to inquire also about the history of such requests for your documents from concerned government agencies. See if previous requests were really made by you. 
-  * Unexpected calls or visits. Be concerned about unexpected calls or visits from those posing as bank agents, insurance reps "​verifying"​ your personal details.  +  * //Unexpected calls or visits.// Be concerned about unexpected calls or visits from those posing as bank agents, insurance reps "​verifying"​ your personal details.  
-  * Passwords. Passwords that match or resemble data available on the stolen COMELEC database (birth date, names in the family, birthplace, and the like) must be changed. Enable [[https://​en.wikipedia.org/​wiki/​Two-factor_authentication|two-factor authentication]] (if available) for your online accounts.+  * //Passwords.// Passwords that match or resemble data available on the stolen COMELEC database (birth date, names in the family, birthplace, and the like) must be changed. Enable [[https://​en.wikipedia.org/​wiki/​Two-factor_authentication|two-factor authentication]] (if available) for your online accounts. 
 +  * //​Financials.//​ Using the information from the COMELEC hack, your accounts with financial services (insurance, brokerage, ​ funds, banks) could be vulnerable to [[|"​social engineering"​]] aiding financial fraud. Periodically check your personal details with your financial institutions. 
 + 
 + 
 +----
  
 #Take Action #Take Action
-  * **Document**.  ​Violations of the right to privacy without documentation could not be charged. So document them in great details. ​+  ​*  **Pwned?** At [[https://​haveibeenpwned.com|Have I Been Pwned (HIBP)]], check if the email address you've been using for important online services have been pwned or compromised. If so, you need to dissociate the link immediately by using an alternative email address for such online services. (Tip: Avoid [[http://​www.bbc.com/​news/​technology-36275537|Yahoo Mail and other potentially insecure email services]].) But please note, however, that negative results on the HIBP site do NOT guarantee that your accounts have not been compromised. 
 +  ​* **Document**.  ​Your right to privacy ​is stipulated in the [[http://​www.gov.ph/​2012/​08/​15/​republic-act-no-10173/​|Data Privacy Act of 2012]]. Violations of such right without documentation could hardly ​be remedied. So document them in great details. ​
   * **Report**. File formal complaints or report such violations to    * **Report**. File formal complaints or report such violations to 
 NATIONAL PRIVACY COMMISSION\\ NATIONAL PRIVACY COMMISSION\\
Line 35: Line 49:
  
 ---- ----
- 
- 
-