Zack Whittaker has revealed that more than 24 million financial and banking documents were leaked online this month.
Reportedly, a server running an Elasticsearch database had a major security lapse. The database had more than a decade’s worth of data, including sensitive information such as loan and mortgage agreements, repayment schedules, and financial and tax documents.
It is believed that the database was exposed for two weeks, and to begin with it was not clear who owned the data. This means people were able to freely view and access the mass amount of data contained within the leak during this time.
Allegedly, the leak was traced back to Ascension, a data and analytics company for the financial sector. The company converts paper documents and hand-written notes into digital files, known as OCR. Bob Dianchenko stated that it was the collection of converted documents that was leaked.
Reports are suggesting that the documents leaked pertain to loans and mortgages, along with other correspondences from several major financial players, including CitiFinancial, HSBC Life Insurance, and Capital One.
How blockchain can help
Security breaches and leaks such as this one highlight why we need mainstream blockchain adoption sooner rather than later. For one, blockchain technology is decentralised, meaning that no singular authority (for example Ascension, HSBC, or CitiFinancial) can have control over sensitive information in a centralised system.
Instead, through decentralisation, information can be sequenced and secured through a blockchain network spread across the globe. Decentralised networks are distributed on a peer-to-peer basis. In short, this ensures there is no central server to be hacked or compromised. Nodes (computer devices) are linked together globally to create the network.
New ‘blocks’ of information can only be added to a blockchain when there is a majority consensus reached within a network agreeing that the block is valid and verified. This helps guarantee transparency in the network – if something is not valid, then it cannot be added. This is how users can trust that the information on a blockchain is correct and not falsified. Due to the nature of these networks, and because a majority consensus is needed, it is not easy to retroactively change blocks of information.
To compromise a decentralised blockchain network, a group of people would have to consolidate 51% of the total computational power to gain control. Ironically, if the network is truly decentralised, this power is inconsequential because the remainder of the network and other constituents involved will be able to retake control. If a group consolidated enough power and destroyed the network, it was never decentralised to begin with.
Public and private keys
Through cryptography, sensitive information is encrypted using a public key. A public key can be viewed by anybody, but the encrypted message can’t. A message can only be decrypted with a private key, which is very similar to a password, except it is much, much stronger.
What this means is that even if a hacker obtained sensitive information, it is useless to them unless they have the private key.
Some encryption algorithms, like SHA-256, are incredibly hard to break. SHA-256 encrypts data into a 256-bit hash string that is practically impossible to invert. The only viable method of compromising an algorithm such as this is by attempting a brute-force search of all possible combinations – a task no ordinary human could do.
It would take an extremely high powered PC with gargantuan processing power to crack the SHA-256 algorithm, which in turn means it is usually not worth a hacker’s time.
Not many networks are truly decentralised
This isn’t to say blockchain technology and encryption algorithms are perfect, but they are certainly better methods for securing data than those currently used by mainstream institutions.
The problem currently is that there aren’t many truly decentralised networks. Many claim to be, but in reality only a few are telling the truth. Data mining groups can amass enough hashing power to overtake a network. Not every blockchain network that claims to be decentralised will be able to withstand a 51% attack.
However, the significance of blockchain in the world today should not be understated. Blockchain can protect against issues like sensitive document leaks if the network is working in a fully decentralised manner. Already we are seeing mainstream companies such as the WWF and Ford implement blockchain technology to track their supply chains.
For more information and guides from Coin Rivet, click here.
Disclaimer: The views and opinions expressed by the author should not be considered as financial advice. We do not give advice on financial products.