I couldn’t fall asleep last night. It’s not often that a data breach worries me, but what I read online had concerned me. According to a hacker calling himself @PabloEscobarSec, he had hacked the British Pregnancy Advisory Service (BPAS), and intended to leak the names of all of the women who had used the service. He claimed to be doing that to protest abortions:
British Pregnancy Advisory Service was attacked because they kill unborn children that have no rights. It’s murder.
— PabloEscobar (@PabloEscobarSec) March 8, 2012
A few of us tried to convince him otherwise, but got no response. In hindsight, he may not have responded because the police already had him in custody.
And so I stayed awake last night, worrying about the consequences if 50,000 women’s names were dumped on the Internet with the label of having had an abortion.
How many of those women had sought abortions following impregnation due to rape?
How many teenage girls had sought abortion following impregnation due to incest?
How many might be at risk of domestic abuse or violence if it became known they had had an abortion?
I felt sick inside. Embarrassment and job discrimination are serious enough consequences of a data leak, but this one had the potential for even more serious consequences.
Around 2:00 am ET, the news broke that the hacker had been arrested and was being detained. I breathed a sigh of relief – for now – and mentally blessed law enforcement for their quick action to prevent a data leak that could have horrific consequences.
But as I read the media coverage and the subsequent statements from BPAS and Scotland Yard, I realized that a data leak of supposed abortion patients was also horribly misleading. Despite what the hacker had claimed, the database was not a database of women who had obtained abortions. It also included the names of women, professionals, and even students who had simply sought information from the service on any one of a number of health-related issues, including contraception and STDs . So what we might have had are thousands of women being publicly named, shamed, and put at risk for allegedly having abortions when many or even most of them never had one.
Reputations ruined. Lives put at risk. By a young self-proclaimed “hacktivist” with self-proclaimed ties to Anonymous who doesn’t seem to have understood what data he had acquired and who didn’t demonstrate any ethical regard for what damage a leak could have done. What could a more proficient hacker have accomplished – and what difference would a court injunction make to someone who flaunts the law?
Some hacks are worse than others.
This was one of the bad ones and it could have been much worse.
But where were members of Anonymous yesterday and last night when this guy was posting his intentions? Why didn’t members of Anonymous speak up and say, “Hey, guy, that’s a really bad idea.” After all the tweets about International Women’s Day and how Anonymous loves women and we should stay strong and not take sh*t from anyone, why did Anonymous remain silent in the face of this hack? And what will it do now to promote more ethical hacktivism?
Update of March 10: James Jeffery has pleaded guilty to hacking PBAS and in court, claims he had a change of heart about posting the data online and decided it would be “wrong” to do so. He remains in custody. As of today’s update, the main Anonymous-related Twitter accounts still have not denounced the hack or the intended data dump. Their thundering silence belies their claims of concern for individuals.