The Cyberserve breach is ugly. Black Shadow’s latest attack on Israeli software targeted companies holding very personal and highly sensitive information, notably the database of LGBTQ platform Atraf (Israeli equivalent to Tinder/OkCupid for gay people). The resulting data leak exposes health information, including HIV statuses and the sexual orientations of people who haven’t officially come out of the closet.
This is a sanitized screenshot of stolen Atraf data released by Black Shadow:
As you can see, this database table is brimming with personal information and detailed identifiers (full names, emails, and phone numbers) and highly sensitive information about their users (sex, sexual preference, marital status, and health concerns).
To appreciate the scope of this leak, consider that Atraf’s database features over 100 organized columns detailing different user properties. Or, put yourself in the shoes of the victims. Imagine having your information published like this for anyone to see and use as they please:
| Name | Phone | Sex | Sexual preference | Marital status | HIV | |
| Yael Mizrachi | yaelmizrachi@israeli.com | 059-1234567 | Female | Male | Single | Positive |
| Dan Levi | danlevi@israeli.com | 059-2345678 | Male | Male | Married | Negative |
| Noa Cohen | noa@israeli.com | 059-3456789 | Female | Male | Single | Negative |
- The information in the table above is for illustration only.
Incidents like these are precisely why we joined the privacy domain. And we know how to stop them by asking a simple question:
What if the found data had been made useless or depersonalized? Specifically, what if Atraf had scrubbed and tokenized their data tables of PII so that its sensitive information wasn’t linked to anyone?
Pseudonymised Data
Let’s visualize it tokenized:
| Name | Phone | Sex | Sexual preference | Marital status | HIV | |
| TOKENIZED_NAME1 | TOKEN1@israeli.com | 060-0000001 | Female | Male | Single | Positive |
| TOKENIZED_NAME2 | TOKEN2@israeli.com | 060-0000002 | Male | Male | Married | Negative |
| TOKENIZED_NAME3 | TOKEN3@israeli.com | 060-0000003 | Female | Male | Single | Negative |
Voila! No more names, emails, or any other identifiers to see here!
Tokenization is integral to pseudonymization, the privacy best practice of reducing the privacy risk of data sets to zero by scrubbing them of personal identifiers (PII). Of the 120+ properties Atraf stored on each user, segregating merely 10 key identifiers would have done the trick and kept all this information private.
This is hardly a revolutionary idea—regulations like GDPR and CCPA have been recommending pseudonymization for years. So why aren’t we complying? The simple answer is that pseudonymization, like many other privacy best practices, is nearly impossible to actualize in modern enterprises. Their systems and workflows make it impossible.
Challenges to cross-organization PII pseudonymization
Before we raised Piiano’s $9 million seed round, my partner Gil Dabah and I investigated the privacy needs of more than 50 different organizations to understand precisely what was holding them back. This is how we were confronted with the realities of “privacy debt.”. Though privacy engineering improves privacy-related costs and compliance efficiency in the long term, it’s often too resource-intensive to implement.
Even today’s largest organization’s systems were built without privacy in mind and it would take years to architect it on their own. As a result, identifiers (PII) and other sensitive information have been mixed in and lost with the rest of an organization’s non-sensitive data, and copied and replicated across many systems and databases. There is nothing in place to help find and regain control over this scattered information.
But how can we be expected to share our most personal data if this is the case? Don’t we deserve more from the companies looking to profit off it?
Meet the first self-hosted privacy vault
The Piiano privacy vault lets developers easily build privacy and security within their own cloud environments. We were inspired by similar solutions for centralizing sensitive data developed and used internally by the few companies who could afford it (think JPMC, Netflix, and Slack). Piiano enables developers to build systems with the highest privacy and security standards without forcing them to understand, implement and maintain complex and dynamic privacy compliance and security requirements.
As opposed to standard databases, which are built to make the data accessible naturally, the Vault was built with sophisticated mechanisms to make data exfiltration very hard. With our self-hosted privacy vault, developers can easily segregate PII from the rest of the data to finally give security teams the visibility and control they need to keep our data safe.
