On the move: It’s time to combat data-breach fatigue
We are wildly protective of our passports but happy to share our personal information with any travel app that asks
“Remove belts, bags, laptops and liquids, then place them in the tray in front of you. Now hand over your passport, bank statements and credit cards.”
I guarantee that if you heard this the next time you were at airport security, you would be suspicious. And if the security officer then turned around and handed the tray containing your documents to a group of bystanders who made a run for it, that suspicion would quickly turn to outrage. Yet this is basically what is happening every time there’s a data breach in the travel industry.
Hong Kong airline Cathay Pacific recently suffered a massive data breach that involved the theft of information belonging to 10 million Cathay Pacific passengers. Hackers stole personal records including name, nationality, date of birth, phone numbers, credit-card details and passport numbers.
At the end of last year, hackers scalped British Airways for the details of close to half a million customers. Singapore Airlines had a much smaller but similar incident, and Air Canada recently locked down its app to two million customers to prevent cybercriminals acquiring information – but only after the details of 20,000 users had already been swiped. So why do we not seem to care?
It reminds me of an occasion when I misplaced my passport some years ago on a flight from Glasgow to Dubai. Nearing the front of the immigration line, I reached into my backpack. No passport. I reasoned that the document must be near by, because I had needed it to board the plane. I must have left it in the pocket of my seat on the plane, which had already left the gate. That’s where panic set in, as I imagined my passport, now in someone else’s hands, headed for a different country, with all my personal identifiers clearly printed in black and white.
Thankfully, it didn’t come to that. The flight hadn’t yet departed and airport staff drove me to where the plane was parked, where the crew supervisor met me with my passport in hand, where it belonged.
Given my panic on that occasion, I wonder why today, the thought of someone else getting their hands on my passport information doesn’t worry me. I’m a member of multiple airline member programmes and have a handful of their apps on my phone. My passport information, and even credit-card details, are set to load automatically on bookmarked travel sites, despite the multiple privacy alert emails I have received in recent years.
Instead of being up in arms about privacy, I feel like I’m suffering data-breach fatigue. And I don’t think I’m alone. Many of us have accepted a lack of privacy as a necessary evil in our digital world. But we could all do with reminding ourselves that the problem is not really the breach itself. Like how my passport being left on that plane wasn’t really the problem – the issue would have been if it had gone astray after that. The concern over data breaches comes further down the line, when fraudsters choose what to do with the information they harvest.
So instead of relying on companies to keep me safe, I’m cleaning up my digital act and taking a more active approach in shaking off my laissez-faire attitude on the subject. It’s time I made myself much less of an easy target.
Updated: January 17, 2019 05:40 PM