WASHINGTON — Four out of every 10 Americans have had their personal information stolen online, according to U.S. intelligence officials. Recent intelligence says the numbers will rise unless the public becomes more careful.
The National Counter Intelligence and Security Center (NCSC) has launched an aggressive campaign urging Americans to better protect their personal data. The crusade began in September as a result of the Office of Personnel Management data breach.
“We’ve had more than 21 million people fall victim to the OPM breach, and more than 90 million victims of other breaches in the last couple of years,” NCSC director William Evanina told WTOP. “Some estimates we’ve seen indicate that 47 percent of Americans have fallen victim to some theft of personally identifiable information.”
The campaign includes four components: spear phishing awareness, understanding threats of social media deception, human targeting based on stolen personal data, and maintaining safety and security while traveling.
“The first segment we rolled out a month ago was on spear phishing – what it is and what can you do to protect yourself from it,” Evanina said. “This month, we’re rolling our social media deception campaign – the threats that are faced by American citizens from applications like Facebook, Twitter, LinkedIn and others, which make available personal information for people to see.”
According to campaign details, roughly 15 percent of people using social media don’t have privacy protocols set up. Therefore, “we’re trying to make people aware that if you maximize your privacy settings, you’re going to minimize your risk of having your systems penetrated,” Evanina said.
Also, he pointed out, “foreign adversaries will use social media to exploit those they wish to target.”
The NCSC campaign says on its website, “data breaches involving personal information result in a broad range of risks to individuals and organizations. This includes identity theft, targeting of individuals with knowledge of sensitive government information and internal business processes, and other intelligence activities that use personal information of U.S. citizens to undermine national security.”
In numerous hacking cases, cyber thieves use social engineering tactics or deceptive methods to trick email and social media users into clicking phony links that open their systems up to malware.
In many cases, Evanina said, the infection can compromise an entire organization’s systems.
This effort was launched a month before Central Intelligence Agency (CIA) Director John Brennan’s email was hacked and released in part by WikiLeaks.
Evanina said the Brennan family hack is “a learning tool … if something like this can happen to a director of a major intelligence agency, it can happen to you at home or at work.”
He also pointed out that no system is completely fool proof.
It’s not clear how Brennan’s breach occurred, but it’s believed a hacker tricked an employee of a service provider into releasing access to Brennan’s account.
“There is no indication that any [of] the documents released thus far are classified,” the CIA said in a statement. “In fact, they appear to be documents that a private citizen with national security interests and expertise would be expected to possess.”
In November, the NCSC will launch part three of its campaign, which will focus on human targeting. Evanina said it’s designed to detail “what our foreign adversaries can and will do to you predicated upon information that’s been stolen from you.”
The final release, in December, will feature tips on maintaining personal safety while traveling.