The “lynchpin” to identity theft is being given away willingly for the small reward of an annual birthday wish or the chance against daunting odds to win a prize.
A person’s date of birth, which many people freely post on social media, forms and competition entries, is one of the “greatest, (most) sought-after pieces of personal information that ID criminals are looking for”, said NSW Police’s top cybercrime detective Arthur Katsogiannis.
The outcomes, he said, could mean criminals defraud or steal tens of thousands of dollars from victims in one hit.
“If criminals can get some credit card details and your date of birth it’s quite easy for them to then take over your identity.”
He said data breaches can happen in seemingly innocuous ways, like filling out an entry to a competition, which can lead to the information being sold to international criminals.
“[Often] that will be sent overseas and a lot of that information is sold off and criminal syndicates that have been set up and are willing to pay big money to get your … data and use it to obviously either take over your identity or get access to your funds,” he told Fairfax Media.
An Australian company must comply with privacy laws which protect against identity theft, but on the internet the company could be based offshore.
Encryption service hacked
His views come as LastPass, an online service that aims to keep users’ passwords secure, was hacked.
The company said in a blog post that some users’ email addresses, password reminders and encryption elements were compromised.
Internet Society president George Fong said the date of birth was only valuable to criminals because banks, governments and other services use it to verify identity.
“It’s a lynchpin,” he said, meaning once it’s combined with other data like a name and address can “give you a person’s identity”.
“One of the most common ways to get personal information is by holding an online competition,” he said. “The attraction of freebies is in some cases quite powerful.”
‘Try something else’
He said the value of a person’s date of birth could be removed overnight if organisations which used it to verify people simply stopped.
“The organisations that use that information need to look beyond those three pieces of information,” Mr Fong said.
“It’s the laws of supply and demand, that information is made valuable by the organisations that use it.”
But he said convenience is also a factor, as a date of birth is easy to remember.
“The balance for the market is ‘what’s convenient?’”
Detective Katsogiannis hopes for greater transparency when it comes to data breaches.
While a growing trend among data-rich online companies like Facebook with more than two billion users is to reveal when the government has requested user data in annual transparency reports, Detective Katsogiannis wants them to report all data breaches.