Security News

The Epik data breach is political in nature — here's why you should care

Joe Bosso 29 Sep 2021

Given the prevalence of hacking, it's concerning to see a group of hackers target an organization and its members due to their political beliefs

A small domain registrar (a business that handles the reservation of domain names as well as the assignment of IP addresses for those domain names) by the name of Epik has confirmed reports that it has been hacked. What's particularly notable about this data breach is that it was publicized initially by the hackers themselves, a group of self-proclaimed hacktivists known as “Anonymous.”

They targeted Epik because of their clientele which include Parler, 8chan, and the Texas Right to Life’s abortion whistleblower website. The first two companies are best known for allowing far-right groups to use their platforms and the latter is newly formed as part of the controversial Texas Heartbeat Act, which limits abortion access. Regardless of where you fall on the political spectrum, it should be worrisome to see groups of individuals targeted by hackers due to their political beliefs.

Further reading:
Epik data breach impacts 15 million users
Parler data scraped and archived by online activists

Political opinions fall under the umbrella of Special Categories of Personal Data within the European Union’s GDPR. That's because this type of data, along with things like racial or ethnic origin, religious or philosophical beliefs, or trade union membership, have been used to discriminate against people throughout history. European countries have taken special steps to provide additional protections to these types of data, given their potential for discrimination and serious harm. Article 9 of the GDPR actually prohibits companies from collecting or using this kind of data, unless one of a set of very specific conditions is met this is in addition to the obligation under Article 6 of the GDPR to have a ‘legal basis’ for any data processing. The breach mentioned previously took place within the US, so the GDPR does not apply, but this does highlight why you should be concerned about this kind of hacking activity, when it could include sensitive data that would have the protection of being special category data in Europe.

Given the prevalence of hacking, it is very concerning to see a group of hackers target an organization and its members due to their political beliefs, as the potential harm that could be done to all people is substantial. Simply imagine that there is an issue where your opinion does not align with a group of anonymous individuals so you have become a potential target for them. They could leak your personal information online, including sensitive or special category data, and put you at risk of fraud as well as putting your physical safety at risk if your location or place of residence is included in the data that is exposed.

As a consumer, you cannot always count on companies or government organizations to be able to prevent cyberattacks, so the best way to protect yourself from a data breach is to minimize your online presence. You can do this by doing things like deleting old, unused accounts and checking out as a guest as opposed to creating an account when shopping online. You should also never use the same password across multiple accounts, and always use a strong password and multi-factor authentication when available.