[dropcap]I[/dropcap]t is something that we do on an almost daily basis. We fill in online forms for various purposes. In today’s digital world, we are always online paying bills, applying for jobs and other career opportunities, purchasing various goods and services and so on.
According to the Communications Authority of Kenya, the data/internet market in Kenya has been growing steadily following increased demand for Internet services and reduced cost of Internet enabled devices. In the third quarter of the year 2015/2016, the country registered a growth of 8.5 percent in internet/data subscriptions to stand at 21.6 million up from 19.9 million subscriptions recorded in the previous quarter. Subsequently, the number of estimated internet/data users grew by 7.8 percent to stand at 31.9 million users.
We do not have a choice, really! For example, the Kenya Government’s eCitizen portal is now the only avenue through which you can access certain services in the public sector. From your date of birth, family history, education background and finances, it is now all online. Depending on the diversity and extent of one’s activities, your whole life history is scattered all over the Internet in the form of data.
While many organizations promise confidentiality and non-disclosure of their clients online private data, the danger that the latter can easily fall into the wrong hands is real. For instance, banks in Kenya are losing billions of shillings every year through online banking fraud, usually perpetuated by insiders. The same goes for insurance companies.
Indeed, you should be very afraid. Equifax, one of America’s three major credit reporting agencies, mid this year was a victim of a security breach that exposed, and potentially compromised, personal credit information on millions of subscribers. It was discovered that hackers broke into Equifax and accessed consumer data for 143 million Americans.
The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they also grabbed personal information of people in the UK and Canada.
Analysts observed that the hack was a goldmine for fraudsters, who could use the massive amount of social security numbers and financial account information to defraud account holders, including stealing medical identity. Sadly, according to Equifax, the breach went on unnoticed for six weeks, from mid-May through July, 2017.
According to media reports, Massachusetts Attorney General Maura Healey called Equifax’s breach “the most brazen failure to protect consumer data we have ever seen.”
Several other states and the Federal Trade Commission said they had opened investigations into the matter. Members of Congress also demanded criminal investigations and a full accounting of what happened.
Let us think of a local scenario. Imagine someone hacking into the server of the Kenya Revenue Authority or the National Social Security Fund. These are some of the databases where you expect to find personal data of millions of Kenyans, especially financial and social, respectively. An expert information and communication technology expert can easily manipulate this data and siphon a lot of people’s money for his benefit.
Worse still, consider someone hacking into the database of one of the leading credit card companies in the country like Barclaycard or Kenya Commercial Bank. Such a person can duplicate the credit accounts of thousands of people, and make purchases that the genuine account holders are unaware of. Even without hacking, credit card skimming is still big business for cyber criminals.
SEE ALSO: Annual judgement day for PR industry
Kenya is a high risk country for this kind of diabolical schemes. There are a few cases of Kenyans in the diaspora, particularly in America and the United Kingdom, who have been arrested and prosecuted for siphoning social security and pension funds from their legit beneficiaries. Therefore, it is only a matter of time before the chickens come home to roost, if you know what am saying!
Kenya’s Data Protection Bill has been pending enactment for a few years now. The Bill provides for protection of personal information by enforcing the constitutional right of a person not to have information relating to their family or private affairs unnecessarily required or revealed. It embraces the principles of data protection such as necessity of collecting information, data subjects’ right to access information about them, and obligation to ensure information is accurate, updated and complete.
One of the biggest nuisances in the country is companies selling their online databases to marketing firms. Many people can attest to receiving a text message from a pitching for a product or service, and wondering how the company got your name and number. Unfortunately, you cannot trace the genesis of this kind of leak. Even if you did, suing them for breaching confidentiality clauses would be impractical.
Ultimately, ICT experts advise consumers to be proactive in securing their personal or credit activities and online information. This includes constantly monitoring their accounts for unusual activity. Red flags on fraud or identity theft include incorrect personal information on one’s credit report, and inquiries from companies one has never contacted.