At least 39 different organizations hold personal data of the average UK citizen, providing a wide-range of opportunities for hackers to access sensitive information. This is according to Nomidio’s State of Identity 2020 Analysis, which also found that almost a quarter of Brits are unaware of how many organizations hold their personal data.
This growing attack surface has led to a 67% increase in major data breaches since 2014. The problem is exacerbated by the fact that over half (53%) of the UK population use the same password to access multiple accounts.
Unsurprisingly therefore, 77% of those surveyed in Nomidio’s study said they feel vulnerable about multiple organizations holding their data.
The number of businesses, charities and public sector organizations holding personal information is also expected to grow in the wake of the COVID-19 pandemic, with an estimated 3.5 million people believed to have accessed digital services for the first time in the UK during lockdown in areas such as banking and shopping.
The findings suggest a new approach to digital identity is required.
“Why are we issued with a new digital identity every time we register with a new service provider? This situation is completely back to front, it is you or I, the individual, that should be able to present our identity to the different organizations we choose to interact with,” commented Ben Todd, VP of worldwide sales at Nomidio.
“Every time we allow a business to store our date of birth or mother’s maiden name, we’re expanding the attack surface and making it more likely our personal credentials will be lost forever. We need to centralize people’s identities, encrypt them and then give individuals the power to decide which organizations their data is shared with.”
Last month it was reported that personal data of an estimated 350,000 social media influencers and users has been accessed and partially leaked.