With the Ashley Madison case in mind, experts say your online information never really goes away.
The Ashley Madison hack is a big reminder to all Web users: If you submit private data online, it may never fully be deleted.
The hackers, who stole the data about a month ago and then posted it online this past week, claimed in a statement that part of the reason for the theft was Ashley Madison’s fraudulent promise to fully delete users’ information if they paid the company a $19 fee.
The website is marketed to people looking for extramarital relationships. It says it has 39 million members. The hackers said the company failed to delete the data, even though it collected the fees. Torontobased Avid Life Media, Ashley Madison’s parent company, hasn’t commented on the accusation.
It’s virtually impossible to exist in modern society without putting at least some personal information online. Many people can’t get through a day without using the Internet to shop, pay a bill or check their credit card balances.
People have become accustomed to trusting personal information to companies. But they also need to know that all of that information is being shared more than they would expect, privacy experts say.
Before you hit “submit,” stop and think before giving up your personal information to any kind of website, said Michael Kaiser, director of the National Cyber Security Alliance, an industry-funded group that educates consumers about cybersecurity.
“Personal information is like money, and you don’t just give away your mon- ey,” Kaiser says. “In the environment we’re in right now, you have to value it and think about protecting it everywhere you go on the Internet.”
That means taking a look at websites’ business to get an idea of how much they value information security and even asking them about data retention practices. Banks, which deal in financial information, and large retailers, who have a vested interest in getting people to shop online, are probably safer bets than a dating site.
“Ashley Madison actually charges you to remove your information when you remove your account,” he says. “That’s a big clue about how they feel about your personal information.”
People also need to sometimes take a pass on convenience in the name of online security.
Many consumers like it when e-commerce sites have their credit card information on file, or when Web browsers automati- cally fill in forms with their address and other details, says Peter Tyrrell of the security firm Digital Guardian. Meanwhile, worries about data theft and loss have prompted companies to back up important information in multiple places.
But both practices increase the likelihood that information could be leaked or shared. And it means that even when a person thinks that information has been permanently deleted, chances are there are still copies floating around somewhere.
While Social Security numbers weren’t involved in the Ashley Madison hack, people should be especially wary of using them as a backup password to access online information, given the disastrous consequences that could result if they’re intercepted, he says.