Last month, an unencrypted hard drive containing the personal information of millions of BC students was declared missing by the BC Ministry of Education. Although it’s quite possible that the drive has simply been misplaced or lost in government storage, there’s always the looming possibility that somebody may have stolen the drive.
The lost hard drive contained personal data such as names, home addresses, Personal Education Numbers, GPA’s, birth dates and information on students' mental and psychological health.
There may not be anything lost as detrimental as banking information or social insurance numbers, but — if the hard drive was indeed stolen —it could be in the hands of people with bad intentions.
UBC Computer Science Professor Bill Aiello describes these kinds of data thieves as "black hats" — petty cyber-criminals who violate computer security for their own criminal activities. According to Aiello, black hats will scour for data to steal which they can later sell on the black market.
“They’re looking to build a portfolio of stuff. Whatever they get, they try to sell on various black markets,” he said. “They’re always looking for anything and then they worry about whether it’s valuable after the fact. It’s like breaking into a house without knowing what’s in the house — you just kind of look around and take what you find and then you try to hawk it later.”
Generally, theft like this is done through computer hacking. Although in this situation, the lost hard drive in question has disappeared physically.
Aiello says that the most valuable item for black hats are credit card numbers, which fortunately are not stored in the lost hard drive.
Regarding what the black hats may have though, it’s hard to see what could occur as a result.
“I couldn’t speculate a thing,” said Aiello
“You break in, you look for stuff ... someone would certainly try to sell it in a black hat information market. It would have some value because it’s a lot of names.”
In order to protect personal data from cyber-theft, Aiello advises that passwords should be regularly changed, credit card numbers and passwords should not be stored digitally and data should generally be encrypted.
“If the hard drive had been encrypted, it would be pretty difficult to get the data off.”
Share this article
