In daily life, most people will use their ID cards and mobile phone numbers to apply for bank cards and buy air tickets. When looking for a job, the company will also require their ID cards to be copied into personal files, so their names, mobile phone numbers and ID numbers play a very important role. If this information is leaked at the same time, it may be used by criminals and bring certain risks.

Channels of personal information disclosure

Social software: When interacting with netizens through social software, you may inadvertently reveal your personal information;

Resume: After posting your resume online, you may reveal personal details;

Various documents, such as air tickets, express bills, commercial bills, water and electricity bills, etc. , which may lead to personal information disclosure;

Registration: After real-name registration on some informal websites or application software, individual website personnel may disclose customer information.

Risk of personal information disclosure

Encounter telecom fraud, online fraud or receive harassing text messages and phone calls. In the information age, big data not only facilitates life, but also increases the probability of information leakage. Internet fraud, telecom fraud and other black and gray industrial chains are no longer as overwhelming as before. For example, as soon as you buy a plane ticket, you may receive a short message informing you that the flight has been cancelled. Online shopping return fraud, criminals can accurately tell the detailed information of the goods you bought, such as name, phone number, address, etc ... Accurate fraud based on personal privacy information makes scammers succeed repeatedly and consumers continue to suffer economic losses.

The account password was stolen, causing property losses. Some users have set the same account password on different platforms. Once the password of a platform is leaked, it will lead to a domino effect, and illegal hackers can easily obtain account information of other websites, even link phishing websites, steal bank account passwords or induce payment.

Threatened and blackmailed. There are also "dark nets" in the frequent exposure of hotel data, express order data and maternal and child data leakage incidents. The so-called dark network is an "underground black market" of the Internet, which realizes anonymous exchange and communication of the Internet through hidden networks. Criminals often use the dark net to sell the data stolen from the enterprise platform, carry out illegal and criminal activities such as precise extortion, and make huge profits.

Identity is fraudulently used and personal reputation is damaged. Revealing the ID number can be used by others to register some bad or even illegal website accounts, which will damage personal credit information.

Compared with personal information disclosure, corporate data disclosure is often attacked by hackers using high-tech means. Frequent major enterprise information leakage incidents once became a hot topic in the field of information security, which attracted the attention and attention of all walks of life.

Internet "underground black market" peddles platform data and information, which has become a key link in the information theft industry chain. Providing private data for precision fraud is a complete criminal attack chain that integrates three links: dragging the library, washing the library and colliding with the library. Illegal hackers get the original information base by dragging the library, then classify the data by washing the library, and finally get more platform user information by colliding with the library, and the information obtained by colliding with the library can be washed again, and dragging, washing and colliding complement each other to form a complete information theft industry chain. The data shows that the number of database collision attacks initiated by Black Collar through a recruitment website of a network platform is about 6,543.8+0,000 times/day, and the success rate of database collision exceeds 20%, which seriously threatens the data security of enterprises.

How to ensure the security of data and information?

The ancients said, "Disasters often add up." Without a sense of crisis, carelessness in danger is very terrible.

Personally, first, don't register your real name, home address and other information on informal websites and application software, and regularly modify the login password of commonly used software;

Second, there are detailed personal information on the courier. Before throwing away the express parcel, tear up the express bill or erase the personal information such as name, phone number and address on the express bill. Take good care of useful documents and don't throw them about.

Third, before filling in your resume, or accepting registration and investigation, verify the identity and qualifications of the other party, provide only the necessary information, and don't fill in too detailed personal information;

Fourth, indicate the purpose on the copy of the ID card. If it is unused or invalid, it should be properly handled and not discarded at will.

Fifth, be careful when chatting and taking photos. On public social platforms, try to avoid exposing or labeling real identity information. Be careful when taking photos with friends and Weibo.

Sixth, be careful when using public computers and public networks. In the unsafe public network environment, we should not deal with personal sensitive information or use storage devices such as USB flash drives to interact with personal information.

Strengthening the protection of private data requires enterprises to "apply both hard and soft".

From the perspective of "soft", enterprises need to establish a sense of cooperation with professional network security vendors, constantly find and solve problems, maintain sustained and stable investment in data security, and at the same time pay attention to the development of network security situation and constantly add "security locks" to user data. It is also necessary to strengthen the network security training for employees, constantly improve their awareness and skills of data protection, and conduct regular network attack and defense drills to deal with security issues in time.

From a "hard" point of view, enterprises need to establish corresponding data protection systems. For example, for internal personnel, different data access rights are set for different positions to avoid "internal ghosts" stealing data. It is necessary to prohibit unsafe operations that may lead to data leakage. Be prepared for danger in times of peace, pay enough attention to its safety, take precautions in advance, and nip in the bud.