As much as they may have wanted it to be, the StockX data breach did not only fail to escape not the attention of the sneaker community but even was reported on by non-footwear related media outlets.
Data breaches have become an unfortunate part of life, but how a company handles it can go a long way not only in restoring trust in a company but also in what actions could be taken against them. With their attempted obfuscation of the breach via an e-mail update ruse , StockX went about this situation in one of the worse ways possible. The 6.8 million users who had their information compromised deserves better than that.
As revealed in the TechCrunch report that broke news of the breach, the data had already hit the information resell market; the authors were able to confirm this from a seller of the breached data.
As often happens with these breaches, the immediate concern is for the potential of financial information falling into the wrong hands and that may have happened with stories of unauthorized purchases on the site have been reported( which could be even more problematic for StockX) and has lead to a class action lawsuit being filed against the company.
StockX has tried to make amends, i.e. damage control by offering identity theft monitoring and protection services. What cannot be overemphasized is that the credit card/banking information is not the full scope of identity theft, the majority of if does not deal with your money. The value lies in the personal information accumulated; that is not just specific to this breach but to any sizable data compromise episode. This is because stealing your money is a finite event, meaning they can only profit once from the act of stealing your money. However with personal information, the crooks can sell the same information, or portions of it, multiple times. In addition to potentially birthing other forms of identity theft ( examples: medical, social security and criminal) this practice can also lead to synthetic identity theft, which is taking information from several people to form a new identity profile. This information will be sold repeatedly and will be misused in a variety of ways and it is likely that the implications of this breach will be felt long after the year of free monitoring and protection has elapsed.