Episode 258: Broken Brokers – Optery’s Fight To Claw Back Your Personal Data

https://is1-ssl.mzstatic.com/image/thumb/Podcasts122/v4/ba/d8/2e/bad82e93-4808-378e-51db-7998969753df/mza_14911023975293012637.png/600x600bb.jpg

The Security Ledger Podcasts

The Security Ledger

9 episodes

8 months ago

In this, our 70th episode of The Security Ledger podcast, we speak withXu Zou of the Internet of Things security startup Zingbox about the challenges of securing medical devices and clinical networks from cyber attack. Also: we take a look at the turmoil that has erupted around the OWASP Top 10, a list of common application security foibles. And finally: open source management vendor Black Duck Software announced that it was being acquired for more than half a billion dollars. We sit down with Black Duck CEO Lou Shipley to talk about the software supply chain and to hear what's next for his company.

All content for The Security Ledger Podcasts is the property of The Security Ledger and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Episode 258: Broken Brokers – Optery’s Fight To Claw Back Your Personal Data

The Security Ledger Podcasts

36 minutes 16 seconds

1 year ago

Episode 258: Broken Brokers – Optery’s Fight To Claw Back Your Personal Data

In this episode of The Security Ledger Podcast (#258) Paul speaks with Lawrence Gentilello, the co-founder and CEO of Optery, a startup in the personal data management space. Lawrence and I talk about the growing scandal around breaches at firms like AT&T and data brokers that have exposed the sensitive data on hundreds of millions of Americans to cyber criminals, and how Optery and firms like it are looking to empower consumers to claw their data back from these porous data brokers.

[Video Podcast] | [MP3] | [Transcript]

If you are like me and subscribe to an identity protection service, your phone likely blew up in early August with foreboding messages that your email, Social Security Number and other information had turned up on “the dark web” – that massive constellation of sites invisible to search engines where malicious actors and stolen data congregate.

The cause? A huge breach of the data broker NationalPublicData that likely contained information on more than 130 million Americans, dead and alive, according to an estimate by Troy Hunt of HaveIBeenPwned. Hunt was quoted in a report on the breach by Brian Krebs over at Krebs on Security. NationalPublicData issued a statement on August 12th acknowledging “incidents” that it claims began with an effort to “hack into data” in December 2023, and that led to “leaks of certain data” in April 2024 and “summer 2024. (Umm…for those of us in the Northern Hemisphere, isn’t “summer 2024” now?!) .

The information breached included names, email addresses, phone numbers, social security numbers, and mailing addresses, NationalPublicData said.

And, if you’re like me, this probably isn’t the first time this year that you’ve been inundated with warnings about your personal data being at risk. Just weeks before the NationalPublicData breach came to light, there were similar warnings in the wake of a massive breach of telecommunications giant AT&T. That company acknowledged in mid July that it was the victim of a cyber attack on a third party cloud storage provider in April that disgorged records of calls and texts for nearly all AT&T cellular customers – hundreds of millions of people. That’s an almost unmatched treasure trove of information for nation state actors that could easily be used to help reconstruct their social networks, patterns of communications and even their physical locations, as the Mozilla Foundation noted in its analysis.

Houston, We’ve Got Your Data!

So, “Houston, we’ve got a problem!” Or maybe “Houston, we’ve got your data!” 🙂

Private firms have been harvesting, storing and monetizing mountains of our personal data, gleaned from our movements, behaviors and financial activity online. But – as is abundantly clear- those firms are not particularly careful about protecting that data from malicious actors. Nor are they transparent about how the data they’ve collected is being stored and used.