Your information is only as secure as who you share it with

Regardless of how secure you are with your information, you are still at risk of identity theft and other fraudulent crimes. Just like a chain is only as strong as it’s weakest link, your information is only as secure as those you share it with.

Terry Zink runs a security blog since 2009 and recently got his corporate credit card information stolen and a $20 charge was placed at a Shell Station in Canada. He rarely used this card as it was his corporate card and was baffled at how the information could have been leaked. Terry ended up retracing his purchases and couldn’t figure out where his information could have been breached. He always had physical access to the card and only used it for business related purchases. So what mistake did he make? Where did he slip up and allow his information to be stolen?

Turns out a week later his debit card was also compromised. Through some detective work he was able to determine that since both cards were compromised within a week they were likely to have been leaked from the same merchant. He ran through prior purchases and determined it was a restaurant he had visited a few months back.

Terry was understandably frustrated. He was inconvenienced, his information stolen, and his privacy was violated. Worse, it was through no fault of his own. His security was up to snuff (hell he runs a security blog), but as Terry found out his information was only as secure as who he had shared it with.


3 thoughts on “Your information is only as secure as who you share it with

  1. If someone is up to par about their security, how does someone verify the vendor they are purchasing something from is secure? Perhaps I’m a regular at a local diner, and enjoy getting breakfast there. I feel that asking the owners about the state of their information security would put them in an awkward position, and they wouldn’t know how to answer that question.

    How could we find out, whether or not the place we shop has security vulnerabilities in their system? I feel the only way to find out is by either, 1. Being the one attacked first, or 2. Waiting after an attack happens (through much luck), and then finding out that place is not safe to shop at.

    I suppose a sure-fire way to avoid this, is by withdrawing cash, and paying for a dinner upfront.

    • A shop I frequent quite often used to have an open wireless connection. I then noticed he did all of his transactions through paypal. I did ask him if he used the paypal over his open wireless connection. When I showed him how easy it was to intercept the traffic between his phone and the router, he tightened up his security quickly.

      It certainly was not out of carelessness that he was so vulnerable to an attack, it was simply that he did not know better. I am not sure there is a quick way to verify a shops “secureness” but it is a shared responsibility between the merchant and the customer to keep information about both parties secured.

  2. Would it be of the best interest of small business, or larger businesses to educate their customers about simple cyber security? Or, would the customer feel insulted that the business is insulting their intelligence? I personally believe that more businesses should remind their customers about better ways to protect themselves, and alert customers in the event information has leaked.

Comments are closed.