Last week, cryptocurrency exchange Binance, was at the center of a controversial KYC data leak that resulted in a massive portion of its customer’s personal data, privacy, and identity being put at risk.
While the company was quick to dismiss the leak and ensuing panic from its users as nothing more than FUD, calling it a “false KYC leak,” in the same official blog post Binance admits that their investigation is still ongoing, and while that the allegedly leaked photos didn’t include the crypto exchange’s digital watermark, all photos appeared to be tied to a month when Binance had outsourced their KYC process to another third-party firm.
Binance appears to be minimizing the situation in the public eye and deflecting any accountability of their own for not ensuring the third-party firm secured its customer’s data.
Hundreds of customer photos uploaded during Binance’s KYC process could be seen being scrolled through on a video recording of a Telegram channel where the photos were uploaded as part of a 300 BTC ransom hackers demanded from Binance – that they ultimately did not pay.
The once poster child of the crypto industry known for thwarting hackers and keeping funds “SAFU” has recently come under fire for barring US users from its exchange, only offering 2x margin on crypto trading, and now, leaking potentially thousand of customer’s data without taking any responsibility or apologizing to those affected in order to save its image.
Cyber Crime: Over 3 Billion Private Personal Records Leaked Last Year
The leak highlights the ever-increasing importance of personal data privacy in the digital age. Over 3.3 billion people were affected by personal data leaks in 2018, and the trend is only growing. In 2018, the equivalent of 291 different people’s personal data was leaked per second. Over 15 billion personal records have been leaked since 2013 when benchmarking first began.
As much as 65% of these leaks involve identify theft, which can involve credit issues, criminal allegations, tax liability, or worse. As much as 13% involve financial access, meaning that cyber criminals were able to directly access financial data and accounts, potentially draining accounts of their holdings – an incident that has become common in the cryptocurrency industry, and elsewhere on the internet.
In 2018 alone, the cryptocurrency industry was exposed to over $1 billion in exchange-related hacks, with nearly all of them involving some kind of data breach or lax security protocol. The rest of the internet is by no means different, with nearly every major internet company or publicly traded corporation experiencing some sort of major data leak over the last decade.
At the start of August, the Entertainment Software Association – a powerful company in the video game industry – leaked the personal data of thousands of industry professionals, journalists, and executives alike. The most alarming issue is that the ESA didn’t even hide this information behind any type of security, and ignored repeated attempts from users notifying the company of the security failure.
Neglect like the case with Binance or the ESA exists everywhere in the world and on the internet. Uploading personal data to platforms that aren’t secure is at the core of the issue.
Personal data is also easy to come by for cyber criminals, making the matter far worse and widespread. According to data, personal records can be obtained for as little as $30 on the dark web. This includes full name, social security number, date of birth, bank account numbers, and more. Driver’s licenses are only $20. Passports fetch up to $2,000 – still relatively cheap to access such important personally identifying data.
How To Protect Personal and Private Data in the Digital Age
Because the issue is so widespread and the trend is only growing each year, personal data protection will only become more important and difficult. Methods and tactics of cyber criminals will improve, and so should the security and safety that companies provide their customers. Better yet, personal data should be kept private, and not required over the internet where sensitive documentation can so easily be leaked.
New systems must ultimately be developed, but many companies can start improving their processes today by accepting responsibility and taking necessary steps to protect their customer’s personal data.
One example of a company taking additional steps to protect customer data is PrimeXBT. PrimeXBT is a Bitcoin-based margin trading platform featuring crypto assets (with up to 100x leverage) similar to Binance but also features traditional assets such as forex, commodities, stock indices, and more. The two worlds of digital and traditional finance coming together under one roof make PrimeXBT unique.
PrimeXBT combines the bank-grade security and focus on customer safety from traditional finance with the value of privacy that is the ethos of the crypto industry.
PrimeXBT requires no personal data to be uploaded at all, and ditches the time-consuming KYC process in favor of offering their customers privacy. The company has even in the past taken steps to move its trading infrastructure to Switzerland to ensure customer privacy remains the highest priority. It’s one of the few places that exist on the internet where there zero risk of personal data loss or leak, because no personal data is ever required.
Conclusion
In the digital age, personal data and privacy are constantly put at risk unnecessarily. Corporations and companies carelessly require this data, then don’t give it the proper protection or care that personal data and privacy deserves.
But until the public begins to vocalize their concerns over personal data and privacy and avoid companies that do not prioritize safety and security, or companies themselves begin to take additional steps and make investments in security, the issue will only grow more severe.
For now, all internet users must do due diligence when using any platform or website which requires personal information to be uploaded, and whenever possible, select a company or website that doesn’t require any personal or private information be uploaded at all.