When personal information doesn’t stay personal: how your data ends up in someone else’s hands


Personal information is often obtained by bad actors hacking into organizations’ clouds. Photo by Morgana Carroll

Morgana Carroll, News Editor

When Deborah Wells was the president of CWU’s Ethical Hacking Club, she got a call from someone claiming to be from Microsoft as she was wrapping up a club meeting. The scammer said that they could tell she was sitting at her computer and was calling because it was infected with a virus. This is a common form of scam call, where the caller pretends to remove a virus and then asks for payment information. Wells played along with him for a while until the bit ran its course.

According to Wells, scam and phishing calls are one way that people can get your personal data. Another way that your information is collected is through data farming, a technique used by social media platforms. Wells said this creates one source that a bad actor could get a large chunk of data from. 

“They have all the data stored in the cloud,” Wells said. “And in this instance the data is attacked, then they take the data and they sell it or they hold onto it.” 

Wells said the data that social media collects is typically done with the intent to sell it to advertisers.

“There’s a lot of data that’s gathered that’s not malicious, there’s no mal intent,” Wells said. “It’s used for marketing purposes, they want to sell you things… say we’re talking about a trampoline, and then 10 minutes later on your Facebook feed there’s a bunch of stuff on trampolines.” 

She said that the best way to protect yourself from having your information stolen is to make sure to always manage app permissions, such as location services and data. Wells said that everyone should be aware of who they’re giving their information to.

“Sometimes you get these ads…and you’re like I don’t recognize this company,” Wells said. “And it’s not one you normally shop with, it’s not Amazon or TJ Maxx. But you really like the product, well do some research before you start putting your credit card info in.” 

Wells recommended avoiding putting your personal information anywhere you don’t need to put it. She said not to enable location services if you don’t need to and not filling out anything past your basic information if you can.

“Just limit your digital footprint by not putting in so much information, just put in the bare minimum,” Wells said. 

Have you ever Googled yourself?

Wells said that you can look yourself up to see how much of your information is available online.

“You can do your own forensics,” Wells said. “You can Google your name and see what comes up.”

To test how much personal data could be found on the internet, The Observer conducted an experiment  and used two free websites that said they excel in finding people’s information online. To discourage the use of these sites, the names of the websites will not be published.

All The Observer had to do was put in our reporter’s name, and the website turned up with results that included their address and contact information. The Observer team also searched using only their phone number, and the same results appeared.

To further test this point, The Observer staff tried this experiment with friends and roommates  with their consent, and it turned up their personal information as well, including home address and the names of immediate family members.