This was exactly my thought. But the Norton article makes it sound like you need to manually cross reference the data from different publicly available files. Actually, on could use Alteryx’ tools to automate the cross reference process.
In the wink of an eye the so-called anonymous marketing data could be married up with property records, voter registration records and other publicly available databases in order to personalize and even filter down to the most desireable individuals as targets.
I believe that the Alteryx management is being disingenuous in down playing how serious this incident could be. I said “could” because I wish to acknowledge Saul’s point that information exposure is not the same as information loss. We don’t really know if anyone exploited the exposure before access was shut down. It’s unlikely that it will ever be known.
But here’s the uncomfortable rub in all this. Alteryx purchased the file from Experian. It’s still available to their customers and presumably it can still be purchased from Experian. In other words, even if no one exploited the information while it was exposed it matters little. It’s still available for anyone who wishes to use for some nefarious purpose. That was true before the exposure was made public and it remains true today. Not to mention the fact that it could be married up with other illegally obtained information like the Target heist or the Equifax heist in order to zero in on the most vulnerable or wealthiest targets.
It’s an unsettling fact of life that we really have no privacy whatsoever when it comes to our personal information. The Alteryx tool set makes data integration and analysis quick and simple. Those tools constitute a power so great that it can only be used for good or evil (ref: The Firesign Theater).
Marketing data should not be confused with PII data. A lot of attributes contributing to the business intelligence for market segments will be useful for marketing purposes but you can not be the victim of identity theft due to someone knowing your favorite food, the number of pets you own, your current address, the approximate age of your siblings and all the other attributes marketers would like to compose for an analytics modeling of people.
It’s absurd to think this breach will cause identity theft unless you have specific information such as:
DOB, SSN, POB, Full Legal Name, Citizenship, Full Legal name of 1st level relatives, DOB of 1st level relatives.
Simply confirming your house residence is comical when considering exposure.
For a parallel example, a group of hackers exposed the personal addresses of all the Boston employees at City Hall claiming to have accessed the HR files at Boston City Hall. There was concern of how this was done. Turns out they looked up registry of deeds details to confirm such information. There was no release of information but it was comical for people to consider the perception hackers claimed.
The data that was left public was a “ConsumerView” database purchased from Experian (as well as U.S. Census data). If the general public is concerned that this was leaked, they should be much more troubled by the fact that Experian collects all this information and sells it. It is a much different situation than private information that you have entrusted to a company which is stolen/leaked.
The actual post from UpGuard https://www.upguard.com/breaches/cloud-leak-alteryx doesn’t have the same tone as the Forbes article. I feel that the Forbes author wrote a pretty slanted piece, injecting ‘Massive leak’ and ‘Misleading response’ in bold headers… it’s tabloid writing to try to spice up a bland story.
My conclusion is that it was certainly not great that Alteryx left this data open, but I don’t see major ramifications beyond increasing scrutiny on their security practices.
Thanks doppelg, especially for the link. You are right, the original article was more philosophical about all the public information that is out there and didn’t at all have the accusatory tabloid feel of the Forbes article.
I just got an email from Norton warning me about a data leak of 120 million household, “raising the posibility of identity theft” by alteryx…this cant be good pr…
To put that in perspective Norton is in the business of selling protection against identity theft! Therefore they are more than biased, they are simply saying to all their clients: “See you need us! You better renew next year!” and to other people they are saying “You better sign up with us to protect yourself!” It’s in their interest to be alarmist and to exaggerate the threat as much as possible.
That doesn’t mean there’s NO threat, but it does say, don’t think of Norton as an uninterested party.
AYX Charman Dean Stoecker sold 40,000 shares this week. This is the SEC filing:
I saw this in a comment on yahoo. This seems like a small amount of shares in the big
picture to me, but I would appreciate any thoughts form more experienced folks. Big
deal, little deal, or no deal? Thanks.
This was a 10b5-1 sale:
What is the ‘Rule 10b5-1’
Rule 10b5-1 is established by the Securities Exchange Commission (SEC) to allow insiders of publicly traded corporations to set up a trading plan for selling stocks they own. Rule 10b5-1 allows major holders to sell a predetermined number of shares at a predetermined time. Many corporate executives use 10b5-1 plans to avoid accusations of insider trading.
As the CEO is a 10% holder of AYX stock I think he is still invested significantly and is wise to diversify his holdings. IMO not a worry. It’s not as if he divested all his holdings.
This was a 10b5-1 sale:
What is the Rule 10b5-1: It was established by the Securities Exchange Commission (SEC) to allow insiders of publicly traded corporations to set up a trading plan for selling stocks they own. Rule 10b5-1 allows major holders to sell a predetermined number of shares at a predetermined time. Many corporate executives use 10b5-1 plans to avoid accusations of insider trading.
Yes, Many set it up so they sell a predetermined identical small amount on the same day each month or each quarter, no matter what the price. That way no one can accuse them of insider trading on news, and no one can make something ominous out of the sale.
so what exactly does Alterix do?
and an old article
The real challenge of Big Data is not storing and chewing your clickstreams and other operational data to get the right product in front of the right person. That’s easy. But taking multiple data sources from your own systems and outside sources, mashing them up, and then spitting them out as information that some person or program can actually use to make decisions: that’s tough. With its Strategic Analytics 7.1, Alteryx thinks it has a palette upon which analysts can mix data sources and run analytics – in much the same way as an artist paints a landscape.
It’s this focus on the creative process that has Alteryx attempting to “humanize big data” and referring to analysts as "data artisans
and some reviews
TLND is listed as a competitor
Still not sure I get it in the way I get the stocks of things I actually use, Amazon, Tesla, i Stuff, etc
My deepest sympathies