New Privacy Leaks by Ford, TD Bank, and Others Highlight Need for Decentralized Money

There have been a recent rash of data leaks among prominent companies, such as Ford, TD Bank, and Desjardins which highlight the advantages of cryptocurrency to maintain user privacy.

UpGuard Inc., a cybersecurity company, discovered that more than one terabyte of data was left unsecured on Amazon Web Servers by Attunity, who’s clients include the likes of Ford Motor Company and TD Bank. As a result, Ford’s “information-technology architecture and details on internal project plans” and TD’s “invoices, agreements between the companies, and files about the type of technology solution Attunity was configuring for the bank” were exposed. Additionally, numerous login credentials of Attunity employees were available despite Attunity being an “‘Advanced Technology Partner’ of Amazon.com Inc.’s cloud division”.

And even another leak, this time with Desjardins Group, the largest financial co-operative in North America had an “‘ill-intentioned’ employee illegally exposed the personal information of some 2.9 million credit union members” in Canada. The leak is believed to be the largest data leak in Canada, ever, and the leaked information “included names, birthdates, social insurance numbers, email addresses, phone numbers, street addresses and details on banking habits”.

Risk of associating payments with identity

The modern world has become vastly faster, easier, and more interconnected with digital payments, however, it relies on linking personal identity to transactions. While this offers convenience, it also risks exposing sensitive information about consumers that they were under the assumption was protected by necessary safeguards. This can lead to identity theft, stolen money, leaked IP as in Ford’s recent case, or even simple embarrassment about personal transactions. There are remedies in place to still protect consumers after a leak and/or recover lost/stolen funds, but even this process becomes time consuming and expensive.

These data leaks also not only hurt merchants in terms of lost money and potential lawsuits, but also in lost reputation, such as Venmo leaking consumer data in a simple way for an extended period of time before correcting. Last year, it was discovered that Venmo, owned by PayPal, accidentally released data that amounted to 207,984,218 transactions when their API system had its transaction records set to “Public”. The data that was leaked included “the names of the senders and recipients, avatars of Venmo users, dates of transactions, transaction type, and optional comments”. One security advocate alleged that the vulnerability existed since 2016, but that it was not corrected for years. The relatively simple error does not reflect well on the company’s attention to detail nor their concern for user privacy.

Other recent data leaks include Square leaking payment data, millions of credit card numbers stolen from a popular chain of restaurants, a data breach by Mariott hotels  of 500 million customers, and 200,000 credit card numbers compromised at Equifax. Even technology behemoths like Amazon had customer logins and emails leaked and was caught in a  data-sharing partnership with MasterCard to close the loop on missing customer purchase data.

Dash providing privacy alternatives

Cryptocurrency, alone, helps separate personal identity from payments by only associating payments and wallets with alphanumeric addresses. In the event of a merchant or exchange hack, personal customer data remains confidential since it is not associated with addresses according to cryptocurrency protocols. However, additional consumer data could still be collected and associated with various addresses for government KYC/AML laws and/or company data gathering and marketing, at which point consumer data could then be at risk of being compromised. Thus, this also adds to the need for decentralized exchanges and more private transactions, which Dash has made significant progress on building.

Dash PrivateSend helps provide an additional degree of privacy by mixing funds together in many small transactions to obscure exactly were the funds are coming from and who they belong too. This helps solve issues of backtracking funds to larger user wallets and identities. Decentralized and peer-to-peer exchanges like Bisq, Komodo. DashNearby, Dashous, Wall of Coins, and DynX all offer additional privacy by not requiring a user account that collects bundles of personal information that is at risk of being leaked. As more online merchant start to only require email address at checkout, then cryptocurrency, especially with feature like PrivateSend, will be even better at protecting consumer information.