An Indepth Review of The State of Online Privacy in 2022
Anyone who uses the internet leaves behind some sort of digital trail. All of our data, from the most basic to the most private, is accessible on the internet. The risk of data breaches grows larger and larger as time goes on, further eroding the concept of privacy.
If our most private data were to fall into the wrong hands, we would feel helpless, confused, and victimized. And we recommit ourselves to keeping our data safe in the digital realm. During 2022, the state of online privacy was no different as the cyber-attacks kept increasing, and we witnessed many data breaches throughout the year.
Here’s a short round-up of some notable stats and facts related to online privacy and data breaches from around the world:
Data Breach Stats in 2022
The following statistics and acts regarding online privacy and data breaches that occurred in 2022 only will shock you:
1. Flexbooker – January 6, 2022
FlexBooker, an organization that helps people schedule appointments, was the target of a massive attack in early 2022, affecting some 3.7 million people. Passwords, user names, and other sensitive information were stolen and later put up for sale on hacking forums.
FlexBooker’s data was compromised by a hacking group known as Uawrongteam exploited the cloud service it uses. When they got in, they installed malware on the servers and took over the whole thing. Many users abandoned the site in the wake of the incident, cutting into revenue.
2. Red Cross Data Breach – January 19, 2022
A cyberattack on servers housing the personal information of more than 515,000 people who had received assistance from the Red Cross and Red Crescent Movement in January 2022.
Server data for the organization’s Restoring Family Links program, which aims to reunite families torn apart by conflict, migration, or violence, was compromised. Since a nation-state likely orchestrated this attack, the Red Cross shut down its servers to prevent further damage.
3. Nvidia – February 25, 2022
In late February, Nvidia, a major chip manufacturer, announced that it was looking into a possible cyberattack, which was confirmed in early March. Over 71,000 workers had their personal information compromised in the breach. Lapsus$, a hacker group, took credit for breaking into Nvidia’s systems.
4. US Department of Education Data Breach – March 26, 2022
In January 2022, it came to light that the personal information of 820,000 New York City students had been stolen. This included personal details, academic records, and financial profiles. The university’s chancellor, David Banks, has placed the blame on the software firm Illuminate Education.
5. Apple & Meta Data Breach – March 30, 2022
According to Bloomberg, hackers posing as law enforcement officials fooled two of the world’s largest tech companies in late March. Apple and Meta leaked personal information like customer addresses, phone numbers, and IP addresses to the threat actors. Already inside police networks, the hackers sent out fake requests for information.
6. Cash App by Block – April 4, 2022
Block, the Cash App’s parent company, informed the US Securities and Exchange Commission on April 4, 2022, that a data breach had affected 8.2 million customers. Customers’ names and brokerage account numbers were among the stolen data, and the violation occurred in December 2021.
7. SuperVPN, GeckoVPN, and ChatVPN Data Breach – May 7, 2022
Because of a hack that affected multiple popular VPN services, the personal information of 21 million users was exposed on the dark web. Some of the details that were accessible included full names, usernames, country names, billing information, email addresses, and random password strings.
8. Twitter – July 22, 2022
Twitter’s email addresses and phone numbers associated with 5.4 million accounts were reportedly compromised, and the company confirmed the breach in August. Since Twitter patched the loophole that allowed the breach to occur on January 13, 2022, the information theft had to have occurred before then.
9. Optus – September 23, 2022
A “massive” data breach has affected 9.7 million customers of Australian telecoms company Optus. A number of customers may have had their physical addresses and documents like driving licenses and passport numbers accessed, in addition to their names, dates of birth, phone numbers, and email addresses, according to reports disclosed.
10. AirAsia Data Breach – November 11, 2022
The “Daixin Team” allegedly launched a ransomware attack against the AirAsia Group. The threat group informed DataBreaches.net that they had stolen “the personal data of 5 million unique passengers and all employees.” This data set included the individual’s name, birth date, country of birth, location, and answer to a “secret question.”
Data Privacy and Protection Regulations
The value of privacy and data security has been increasing in importance as more and more of our daily business and social lives are conducted online.
The collection, use, and disclosure of personal information to third parties without the knowledge or consent of consumers are equally concerning. According to the report by UNCTAD, legislation to ensure the privacy and security of personal information was in place in 137 of the 194 countries surveyed.
Sixty-one percent of African countries and fifty-seven percent of Asia have passed such laws. Only 48% of the total is from LDCs.
Regarding safeguarding private information, the General Data Protection Regulation (GDPR) established a new standard in 2018. Any company that handled the personal information of any EU resident, including biometric data, was required to comply with this international privacy regulation for data protection.
It was revolutionary, and its influence can be seen in all following developments in this field. Since GDPR was only for the EU region, other regions/ countries had to develop their own online privacy and data, protection models.
The USA also formed a legislative framework for protecting users’ online privacy and data.
Although there are no specific federal laws protecting data in the country, some federal legislation does so. Many US states have enacted their own data-related legislation since the federal authority was decentralized.
The California Consumer Privacy Act (CCPA) is widely regarded as one of the country’s most progressive pieces of legislation. The law grants residents the right to learn the specifics of how and why their personal information is being collected. States including Alabama, Connecticut, Florida, New York, Washington, Illinois, Texas, and Virginia have similar legislation in place or in the works.
Protection of Personal Information Act (POPIA) restrictions in South Africa are just as strict and thorough as those in the rest of the world. From its first proposal in 2013 until the final layers of the Act were finalized in July 2021, the Act has undergone several revisions and changes. Regarding privacy measures, POPIA is on par with the General Data Protection Regulation (GDPR).
To back up and supplement the more than 40 separate laws passed over the years about data privacy, Brazil has the General Data Protection Law. This law unifies the country’s legal framework, provides precise definitions of “personal” and “public” information, lays out strict penalties, and applies uniformly across the board.
To guarantee complete compliance with this rule, businesses must hire Data Protection Officers, implement stringent security standards, and upgrade security measures. On September 18 of this year, Brazil enacted the Lei Geral de Proteço de Dados (LGPD), which establishes a legal framework for the use of the personal data of individuals in Brazil. This applies independently of the location of the data processor.
As its administrative fines are not expected to be implemented until August 2021, the Autoridade Nacional de Proteço de Dados (ANPD) will use this year as a trial run for enforcing the LGPD.
Data protection laws in the European Union (EU) and Canada (with its Personal Information Protection and Electronic Documents Act, or PIPEDA)—are very similar. The Act provides substantial protection for consumers’ personal information and is highly consistent with the five global privacy principles.
On November 17, 2020, the Minister of Information, Science, and Economic Development of Canada announced the Digital Charter Implementation Act (DCIA). It would replace PIPEDA and make some exciting modifications to Canadian privacy legislation if it were to succeed. It includes a potential for even higher fines than the General Data Protection Regulation (GDPR) mandates and a private right to the action.
UK GDPR refers to the UK’s new comprehensive data protection system, which replaced the DPA 2018 with the GDPR. It was established by the Data Protection, Privacy, and Electronic Communications (DPPEC) Regulations of 2019.
GDPR Stats for 2022
- Clearview AI Inc. was fined €20 million due to unlawful biometric profiles.
- Google LLC was fined €10 million in Spain by the Spanish data protection authority for unlawful data transfer to the Lumen project.
- Austria’s data protection agency fined Rewe International AG €8 million for data protection infringement.
- The Greek Data Protection Authority fined Cosmote €6 million for a data leak.
- Interserve Group Limited was fined €5 million by the UK Data Protection Authority (ICO) for a data breach.
VPN and Online Privacy
Facebook is famous for showing us advertising options that are relevant to our searches and activities on the site, although this isn’t necessary. Similarly, Google and Amazon log what you say and track page visits. An encrypted connection between your device and a VPN server gives you the online privacy, security, and anonymity you’ve always wanted.
With a VPN, you can rest assured that none of your online activity will be tracked. A VPN redirects your network traffic through an encrypted tunnel to a remote server. In other words, if someone were to be monitoring your online activity, all they would notice is that you are connected to a VPN, even though your online activity itself would be completely hidden and uninterrupted.
The best thing to do is to choose a premium VPN like Astrill that has military-grade encryption and highly optimized servers spread all around the globe. Also, AstrillVPN has smart features like dedicated IPs, Killswitch/App Guard and Port Forwarding. These features protect users from all types of potential threats and enable them to enjoy digital freedom.
Emails and Online Privacy
You probably already knew this, but your email isn’t secure. It’s one of the least secure channels of communication out there. On the other hand, phone calls are rarely recorded and archived; even if they were, your employer and law enforcement would have to go to court to access them.
There are several places where emails can be found: the computer of the sender, the server of your Internet service provider (ISP), and the recipient’s computer. Other copies may exist elsewhere, even if you delete an email from your inbox. Both businesses and law enforcement have much greater access to email accounts than they do to phone information. Finally, remember that emails can be saved for a long time owing to their digital nature, so be careful what you put in them.
What information companies can send over an email and what security measures they must take are governed by several privacy and compliance laws and regulations. Here are a few:
- Health Information Portability and Accountability Act (HIPAA): HIPAA requires healthcare institutions to limit the amount of Protected Health Information (PHI) communicated via unencrypted email, ensure its integrity, and guard against unauthorized access. HIPAA compels healthcare organizations to keep all correspondence with PHI.
- Payment Card Industry Data Security Standards (PCI DSS): All emails containing credit cardholder information must be encrypted, as mandated by the PCI Security Standards Council. All service providers must have a document describing their cryptographic architecture.
- The Gramm-Leach-Bliley Act (GLBA): Financial institutions are obligated by the GLBA to provide customers with information about the data they collect and how it is used, allow customers to choose not to have their data shared, and provide details about the steps they are taking to ensure the security of their data.
- Electronic Communications Privacy Act of 1986: According to the Privacy Act of 1986, email providers cannot disclose customer information without a court order. The government needs a warrant to force providers to reveal customer information, and the procedure for getting a delayed notification order has been updated.
- FINRA and SEC 17a-4: Brokers and dealers must keep client and business-related electronic communications for at least three years on non-rewritable and non-erasable storage per FINRA and SEC Rule 17a-4.
Some General Online Privacy Stats
- Every 39 seconds, another website is attacked online.
- Almost three-quarters (73%) of American internet users are unaware of federal laws protecting their personal information.
- Only about 37% of all sites employ encrypted cookies.
- Nearly 10% of American online adults think privacy on the internet doesn’t exist.
- Statistics show that over half of all internet users have been the target of online harassment.
- At least one-third of all internet users regularly alter their passwords.
- About three-quarters (74%) of American internet users are more cautious about sharing personal information online than they were a year ago.
- Only one in eight people online would give out their contact information to avoid having to pay for stuff.
- Roughly 86% of U.S. citizens have tried to minimize or eliminate their online traces.
- There are more than 20% of internet users have had their accounts hacked.
- Cyberbullying affects 42% of Instagram users.
- The vast majority of people who use mobile devices are fine with having their data collected in exchange for free digital goods.
A digital footprint is left by every single person who uses the internet. Social media friends, employers, hackers, and governments can all potentially access some or all of our personal information. Each day brings more opportunities for data breaches and less of a sense of privacy.
The internet’s potential is both enormous and mostly uncharted at the moment. A potential cybercrime hotspot, despite its widespread use for communication, leisure, and commerce. Looking at all these stats and trends, it’s important for all of us to take our online privacy seriously and employ the necessary measures.
Author: Arsalan Rathore
Arsalan Rathore is a tech geek who loves to pen down his thoughts and views on cybersecurity, technology innovation, entertainment, and social issues. He likes sharing his thoughts about the emerging tech trends in the market and also loves discussing online privacy issues.