A study by Duke University has uncovered how sensitive personal information about active-duty service members, their families, and veterans is being sold by data brokers for a mere $0.12 per person.
The study’s lead author, Justin Sherman, expressed shock at the ease with which they were able to access highly sensitive identifiable information that is not publicly available. The researchers purchased comprehensive records on tens of thousands of military service members for a fraction of a cent per person, including names, home addresses, emails, political affiliations, personal finances, health information, religious affiliations, marital status, and the presence of children in the home.
The researchers were able to purchase data geofenced to specific military bases, such as Fort Bragg and Fort AP Hill, demonstrating the potential for targeted attacks on service members. They also encountered minimal vetting from data brokers, even when posing as foreign buyers using a Singaporean IP address and a .asia domain name.
Data brokers operate in a largely unregulated environment, with only a few states requiring registration and a recent California law mandating data deletion upon request. At the federal level, privacy laws are virtually nonexistent, despite numerous attempts at legislation.
The study’s co-author, Hayley Barton, emphasized that “anyone with an email address can go out and do the exact same thing” and purchase sensitive personal information. This ease of access underscores the urgency for legislative intervention to protect individuals’ privacy and national security.
The sources for this piece include an article in Gizmodo.
