Home
cover of episode So your data was stolen in a data breach

So your data was stolen in a data breach

2024/10/31
logo of podcast Planet Money

Planet Money

Key Insights

Why did Ticketmaster send breach notification letters to its customers?

Ticketmaster sent these letters to comply with state data breach notification laws, which require companies to inform consumers as soon as they discover a breach.

How serious is it when personal data is compromised in a data breach?

The severity depends on the nature of the information stolen. If the data includes sensitive details like social security numbers, addresses, and personal habits, it can lead to identity fraud and long-term vigilance is necessary.

Where did the stolen Ticketmaster data likely end up?

The data was likely posted for sale on a dark web forum called Breach Forums by a hacker group named Shiny Hunters.

What precautions were lacking that led to the Snowflake data breach?

The accounts compromised in the breach were not set up with two-step authentication, making it easier for hackers to access the data.

How does the legal market for personal data operate?

Companies buy and sell personal information through data broker marketplaces, which function like eBay for data, often without the explicit consent of the individuals involved.

What are the current regulations governing the handling of personal data in the U.S.?

Currently, HIPAA protects health information, and the Fair Credit Reporting Act (FCRA) governs credit bureaus, but there are limited laws restricting the collection and sale of other types of personal data.

What are the potential pitfalls of using free credit monitoring services offered after a data breach?

These services often require users to waive their right to sue and may collect additional personal information that could be sold or compromised in future breaches.

Chapters

The episode begins with a discussion about receiving data breach letters and the implications of having personal data stolen.
  • Receiving a data breach letter is becoming increasingly common.
  • The nature of the information stolen varies, with some breaches being more serious than others.
  • Companies are legally required to notify consumers of data breaches.

Shownotes Transcript

If you... exist in the world, it's likely that you have gotten a letter or email at some point informing you that your data was stolen. This happened recently to potentially hundreds of millions of people in a hack that targeted companies like Ticketmaster, AT&T, Advance Auto Parts and others that use the data cloud company Snowflake.On today's show, we try to figure out where that stolen data ended up, how worried we should be about it, and what we're supposed to do when bad actors take our personal and private information. And: How our information is being bought, sold, and stolen.*This episode was hosted by Amanda Aronczyk and Keith Romer. It was produced by Sam Yellowhorse Kesler and edited by Meg Cramer. It was engineered by Ko Takasugi-Czernowin with an assist from Kwesi Lee, and fact-checked by Dania Suleman. Alex Goldmark is Planet Money's executive producer.Help support Planet Money and hear our bonus episodes by subscribing to Planet Money+ in Apple Podcasts) or at plus.npr.org/planetmoney).*Learn more about sponsor message choices: podcastchoices.com/adchoices)NPR Privacy Policy)