US Military Members' Personal Data Being Sold By Online Brokers, Report Finds 32
Jacob Knutson reports via Axios: Sensitive, highly detailed personal data for thousands of active-duty and veteran U.S. military members can be purchased for as little as one cent per name through data broker websites, according to a new study (PDF) published on Monday by Duke University researchers. [...] The data about military personnel purchased as part of the study included full names, physical and email addresses, health and financial information and details about their ethnicity, religious practices and political affiliation. In some cases, the information also included whether the person owned or rented a home, was married or had children. The children's ages and sexes were accessible, too.
The researchers bought data on up to around 45,000 military personnel for between $0.12 to $0.32 per record. They also bought data belonging to 5,000 friends and family members of military personnel. Larger data purchases of over 1.5 million service members were available for as little as $0.01 per record from at least one broker the researchers contacted. The researchers called on Congress to pass a comprehensive privacy law and for regulatory agencies like the Federal Trade Commission to develop rules to govern military personnel data purchases.
The researchers bought data on up to around 45,000 military personnel for between $0.12 to $0.32 per record. They also bought data belonging to 5,000 friends and family members of military personnel. Larger data purchases of over 1.5 million service members were available for as little as $0.01 per record from at least one broker the researchers contacted. The researchers called on Congress to pass a comprehensive privacy law and for regulatory agencies like the Federal Trade Commission to develop rules to govern military personnel data purchases.
Everyone's data are being sold (Score:2)
So why would US military member be any different? Did they all religiously avoid using any credit cards, cellphones, ATM, etc and live like monks in a desert? Or did they all have a "military member" tag in their data so data brokers can filter them out? (see the "Evil Bit" for reference)
Comment removed (Score:5, Insightful)
Re: (Score:3, Insightful)
you must be new, people have known about this for a very very long time, but they dont care. They're creatures of convinience and anything is worth giving up if it saves them a few seconds here and there
Re: (Score:2)
interesting.
marketing show offs messing with trained hunter killers
Re: (Score:2)
Re:Everyone's data are being sold (Score:4, Insightful)
The data doesn't have to come from any federal government database.
Ask for a military discount at a restaurant? {flag}
Sign up for a military function? {flag}
Ask your cell phone company for a military discount? {flag}
Use ID.me to verify military affiliation? {flag}
Get a veteran endorsement on your state drivers license? {flag}
Show military affiliation in FB/IG/Pinterest? {flag}
Create an account on "Together we served"? {flag}
Get veterans car tags? {flag}
It's sometimes hard to get outraged at the collection of data that we so freely give away for a 10% discount at Lowes or Subway. I don't like the fact that a company is paying to collect that data but it isn't much different from them collecting my TV, internet, reading, travel, or food preferences. (You think those loyalty cards at supermarkets are not a source of income for the stores for purchasing habits?)
Re: (Score:2)
Re: (Score:1)
Except for the ones that can afford to be more equal than others.
Welcome to the real world. (Score:2, Insightful)
Where all our data is up for sale and the government isn't inclined doing anything about that.
OPM Hack (Score:2)
The same applies to every Federal employee.
China was suspected. Is noone at all being blackmailed from it?
Comment removed (Score:4, Interesting)
Re: (Score:2)
I was captured in that hack. Some identity theft attempts over the ensuing time, but no guarantees that it emanated from there.
However, it did increase the likelihood of getting strange contact attempts. I made a couple reports. Intelligence gathering would be my guess.
Re: (Score:3)
Re: (Score:2)
Congress Should Pass a Law - April Fools!!! (Score:3, Interesting)
Isn't there a "law" like Betteridge's Law of Headlines that would say:
"Any time your only solution is to call on Congress to pass a law you're already lost."
---
Congress is interested in one thing only - themselves. If they even drafted a privacy law it
would protect members of Congress ONLY. Only such a bill would be called the "Privacy
Law for Congress and no abortion travel and fund Ukraine act" and it would never get to
the floor for a vote. US politics is a joke but not the ha-ha type.
Old news? (Score:2)
Re: (Score:3)
Re: Old news? (Score:2)
There are much more recent hacks that compromised much more data. The entire government is dependent on a small piece of SFTP software called MoveIT to exchange databases with each other. It runs on Windows Server and requires the admin interface to be publicly available on the Internet.
Re: (Score:2)
There are much more recent hacks that compromised much more data.
Really? I'd like to know more on this, since anyone who's been forced to fill out the 127-page SF86 form knows you can't get much more invasive than that. Over 22 million service members and government employees were compromised.
Re: (Score:2)
The MoveIT databases contained not just a few forms. It contained both US and international data from various companies for government, military, commercial and civilian purposes:
- They got a refresh of all the data, including military data from OPM (not just the forms you said) but also from IRS, DOE and a bunch of other agencies
- HR paperwork from various major companies (anyone interacting at bulk with IRS)
- Health records (again, anyone interacting at bulk with a government agency)
- Health insurance rec
not at all unusual (Score:5, Informative)
I used to work for a company (okay it was Dunn & Bradstreet) that bought, collated, and sold information as their primary source of income. At the time they were spending about $2 billion/year on data acquisition. The data flowed in from various 3rd parties and from subsidiaries they had purchased in order to corner that data. It was all ingested into a truly gargantuan database, a vast dark ocean of data. They had 'data partners', basically large customers such as banks, credit card and phone carriers, who shared all their data with the company in order to get free access to all the other data. Just figure that much of your cellphone activity and a list of everything you purchase with anything other than cash is a fungible commodity. You watched a show on streaming TV? That fact is stored and traded. There is an entire lucrative industry devoted to this.
And oh my goodness was it comprehensive. The unit where I worked pulled up detailed information about corporations that was sold piecemeal for very hefty prices, but you could buy an enormous tranche of raw material for your own database and do whatever you wanted with it. Things like all the info about all the employees of all the significant corporations in the USA. The data could be segregated in any number of ways. Whittled down to info about military personnel would be trivial.
Re: (Score:2)
Re: (Score:3)
It's amazing to me that anyone would still support an obvious scoundrel like Trump. He's been a crook all his life and everyone knows it, still they would vote for him. I hope he loses all his properties in New York.
Re: (Score:2)
It was expensive. A basic (but many detailed pages) credit report on a single corporation ran about $3k, but I don't know how much the 'data partners' paid if anything.
What was particularly bad is that some customers would inadvertently post the data they purchased on unsecured databases in the cloud. We saw one that consisted of all the positions and contact info for the employees of thousands of corporations. A gold mine for phishing attacks.
Perhaps make laws with actual teeth? (Score:1)
What is needed is laws with actual teeth in them. It isn't a law per se, but lets look at the MPA. Someone leaks something while a movie is bring filmed? They get kicked out, their contract torn up in their face, barred from ever getting near a studio ever again, and sued into the ground. Nobody fucks with the MPA guys.
We need something like this when it comes to private data, especially of this sensitivity. A leak means that people go to jail, even if it means C-levels who failed to allocate budget.
Friends and family members? (Score:2)
Let's see the proof of that.
Maybe For Them, Never For Us (Score:2)
Don't worry. As a normal American Citizen rest assured you will be exempted from all data privacy laws and the corporations will still profit by selling it all to other corporations and the government without any type of regulation or restriction. Because while it might be illegal for the government to violate your rights, it's not illegal to allow corporations to do it on your behalf...and who better than to build massive files on the public to be used against the public than the very things most of them h
It's almost like... (Score:1)
...we need laws to make people's data private...
Re: (Score:2)
...we need laws to make people's data private...
Given the prevalence of mass narcissism and the inability to read a EULA without a lawyer present, I'd say we need to find a society that still gives a shit about privacy, because this one doesn't anymore.
More laws, won't do a damn thing.