The Maryland Department of Labor announced that a security flaw in its databases may have exposed the sensitive and personal data of around 78,000 people. The agency commented that the breach occurred earlier this year after nine employees fell victim to what cybersecurity experts call…
The Maryland Department of Labor announced that a security flaw in its databases may have exposed the sensitive and personal data of around 78,000 people. The agency commented that the breach occurred earlier this year after nine employees fell victim to what cybersecurity experts call a phishing attack.
This practice is similar to what happened last month when a data breach in Oregon’s Department of Human Services (DHS) compromised the personal data of over half a million people
The latest event caused Maryland’s Department of Information Technology to conduct an investigation, which later confirmed its suspicions. According to experts, the compromised information was being stored on a legacy database and included sensitive data such as names, Social Security numbers, and residence information.
Although they assure no evidence can suggest that such data was downloaded to an external server, they offered two years of a free credit monitoring service to help victims avoid identity thefts if a hacker had access to the supposedly confidential files.
These types of incidents, as worrisome as they are, are neither new nor atypical. Relying on a centralized server or a non-auditable database is a potentially dangerous practice which, in many cases, is unavoidable.
Although cybersecurity has made considerable progress, human error is difficult to prevent; perhaps this is why phishing attacks and social engineering are gaining ground against more traditional hacking practices.
The use of blockchain technologies has proven to be very promising in the field of cybersecurity, mainly because – as creepy as it may sound – it eliminates humans from the equation. Just as a simple example, it is impossible for a smart contract to fall victim to a scam since the conditions for its execution are extremely difficult to manipulate.
Similarly, the Famous P vs NP problem gives the security that while it is extremely easy for anyone to prove their identity, it is at the same time extremely difficult for someone to “hack” a blockchain to get personal information from its users.
Blockchain technologies make use of these premises to provide high security with great efficiency and most times eliminating the need to trust sensitive data to a third party. With decentralized approaches, a group of people may have information that they cannot verify but at the same time have absolute confidence that any user can prove its veracity with just a key or a unique identification.
This is precisely why many in the crypto-verse doubt that Craig Wright is Satoshi Nakamoto: Despite all the threats and explanations he throws, he has never provided the only key that would prove with 100% accuracy his ownership over something that verifiably belonged to the creator of Bitcoin.
Different American agencies have already recognized the potential of these technologies to increase data storage security. Earlier this year, NASA published a paper exploring the possible applications of the blockchain in air traffic management, security, authentication, and privacy.
Other jurisdictions that are experimenting with applications of distributed ledger technologies in cybersecurity and fraud protection are China, the Isle of Man, and Estonia.
Given the circumstances, it is possible that soon, thanks to the blockchain, this type of security breach will be gone for good, giving breath to cybersecurity experts. The blockchain could become, in many cases, the evolution of databases, offering more secure, efficient, and ethically friendly solutions.
Meanwhile, the 78,000 people affected by the breach can use the monitoring services offered by Maryland’s DOL. After the two years pass, all they can do is keep an eye out and pray that the hackers were not a very patient group of scammers able to wait two years to make use of confidential information they got thanks to a shady email.
Last modified: January 10, 2020 2:59 PM UTC