Sensitive identity information of average Briton owned by 39 different organisations
Almost a quarter have no idea how many organisations hold their personal information, according to Nomidio’s State of Identity 2020 analysis
13 July 2020, London, UK:
In recent years, we’ve become desensitised to major data breaches, which have increased by 67% overall since 2014. Major hacks often don’t become apparent for months – the average time to identify a breach in 2019 was 206 days.
This proliferation of large-scale data hacks coincides with our increasing reliance on digital services. We depend on these services for our banking, our shopping, and our social lives. To grant us access and personalise our experience, companies have to know who we are, and this usually means storing and managing our sensitive Personally Identifiable Information (PII).
According to Nomidio’s State of Identity 2020 Analysis, undertaken by Opinium, at least 39 separate businesses, charities, and public sector organisations hold the sensitive identity information of the average UK consumer. This number is only likely to increase with an additional 3.5 million people accessing digital services for the first time during the recent lockdown.
“Why are we issued with a new digital Identity every time we register with a new service provider? This situation is completely back to front, it is you or I, the individual that should be able to present our identity to the different organisations we choose to interact with.” Commented Ben Todd, VP of Worldwide Sales at Nomidio.
He continued: “Every time we allow a business to store our date of birth or mother’s maiden name, we’re expanding the attack surface and making it more likely our personal credentials will be lost forever. We need to centralise people’s identities, encrypt them and then give individuals the power to decide which organisations their data is shared with.”
With access to an account commonly granted through a password, companies are left exposed with more than half of the UK population (53%) using the same password to access multiple services. This means that every time a password is compromised there may be 39 separate opportunities for hackers to benefit. Even companies with comparatively strong security protocols are left exposed to this type of ‘credential stuffing’ attack.
While data hacks have become more sophisticated, companies’ defences against them have lagged. It is therefore little wonder that 77% of respondents ‘feel vulnerable’ about multiple organisations holding their data. Even the introduction of GDPR has not brought about the necessary mindset shift with Nomidio’s research highlighting the need for an altogether new approach to digital identity.
“Our own approach is significantly different to the norm. We believe in a ‘Unified Identity’; one that stores personal data on behalf of the individual and allows them to manage which companies get access to that data. This neutral data Guardian is held to account by a cryptographically executed and provable consent mechanism, which is based on over a decade of cryptographic R&D work to secure the world’s internet from the threat posed by quantum computers.”
About Nomidio
Nomidio is a business dedicated to re-imagining all aspects of digital identity so individuals are empowered with a digital identity that’s secure, unique, widely used and over which they retain control. Nomidio Identity Verification is the first service to go live, focused specifically on helping companies to quickly and cost effectively validate the identity of prospective customers. Nomidio has also developed the world’s most advanced consumer identity and authentication service.
Nomidio’s parent company Post-Quantum is dedicated to ensuring that organisations can carry out their operations safely and securely. Post-Quantum is one of a handful of leaders in the development of new quantum-safe encryption algorithms that are able to withstand the threat posed by quantum code-breaking. Post Quantum’s algorithm NTS-KEM is a finalist in NIST’s competition to find a replacement to RSA, today’s public-key cryptographic standard. The company provides a range of encryption products, services and IP to financial services firms, technology leaders and governments around the world.