Soon enough the US Treasury will being to assemble one of the largest databases in our country. It will contain all of the identifying information that is required for the Corporate Transparency Act for every applicable business in its scope. Although there are many existing databases that people use everyday, here are none that are this all-encompassing. This is concerning because with the amount of sensitive info being stored for each business entity, we can expect it to be a prime target for hackers around the globe.
Can we trust the US Treasury to hold all of this info on Beneficial Owners?
There are many reasons why someone might doubt the abilities of our government’s agencies to hold sensitive info at such a scale. Among the most memorable of breaches, one which affected over 40% of the US population, was the Equifax breach of 2017. A customer help portal, which was linked to the other servers, ended up being breached. This small hole in the large database was enough for hackers to break through and make off with all of the data. This bundle of data ended up being distributed online via forums and onion sites, where anyone across the globe could then access it.
This security breach was so wide-spread, and it contained so much sensitive info, that we are still seeing the repercussions of it today. From complimentary credit monitoring, to a helpful guest blog post for the BCFP, it is easy to see why so many were left feeling unsafe about who is storing their data.
Although this specific breach was from back in 2017, security breaches have unfortunately become more and more common. As more businesses and services move to work online, we can see that not everyone in charge has kept up with the latest practices for security. Since there are people with elevated responsibilities that are not up to date with internet/server security, some of our country’s most important databases could be just an exploit away from being breached.
What Compromised Data Is Used For
Those who are unfamiliar with the underground markets for stolen data may find it hard to believe anyone out their wants their info. It can be easy to overlook such markets when the banks and websites that we use are always willing to help in such occasions. Sure, your bank might be able to pay back the fraudulent charges made in your name, but your information will always be out there for bad actors who need to get their hands on it. Even if you update all of your credentials, there is still a chance that your outdated data can be used to verify/convince service workers to grant access to new accounts (or new pieces of identifying data).
One data breach can lead to a more severe breach if the given hacker is knowledgeable enough to the info to get past other bigger security blocks.
A common example of this nowadays would be SMS/SIM Card spoofing or swapping. You may be led to feel safe after establishing a 2-factor security setting on your email. However, if you set that up using your phone number (SMS text), you should know that anyone that can confirm your personal number is now able to proceed with an attempt to hijack your messaging, even if it is for just long enough to receive that one-time-passcode from your bank or email provider.
What Can I Do To Protect My Data From Being Stolen?
Regarding the CTA specifically: since they are still developing all of this now, it is hard to pinpoint any issues since the details are not clear enough yet regarding how this Beneficial Owner database will be built. However, being up to date with FinCEN’s progress will allow us to see how they will combat security concerns before they happen. It can also allow us to share our thoughts with the correct people before weak protocols are implemented.
Unfortunately, not everyone will value data security/privacy as much as us. To large corporations, your data might as well be gold when properly logged and tracked against a large network of users. This means that for hackers, large government databases are the amongst the biggest targets for collecting a large bounty.
To protect yourself from breaches, you must first identify which flaws or exploits people are commonly using. You can read from our blog to learn more about these, however, the important thing is to stay in the know so that hacking attempts become easy to spot even during a busy work day.
A simple email or text message could have been sent from a bad actor spoofing a familiar phone number on your contact list. Meaning that a seemingly trustworthy text could have been sent as a phishing attempt which originated from unauthorized access to your contact info and contact list. It really makes you think twice about accepting default permissions for your phone apps!