Spotting Privacy Breaches Before They Cause Harm
Why We Invested in Terbium Labs
By Subhashish Bhadra, investment principal, Omidyar Network, and Magdi Amin, investment partner, Omidyar Network
“The shadowy side of the Internet is home to an illicit economy where stolen corporate data and personal information are hot commodities, attracting buyers looking to open fake accounts, expose software vulnerabilities, steal intellectual property, or commit other types of fraud.” — Terbium Labs
Data privacy is among the highest priorities for Omidyar Network. The amount of data collected by companies multiplies every second, making them very powerful and, at the same time, very vulnerable to cyberattacks. With breaches becoming a daily occurrence, we need tools that keep watch in the places where stolen data is bought and sold, warning customers when their data has been used and traded without their consent.
It goes without saying, but data exposure is enormously harmful to individuals. For example, nearly 3 in 5 Californians were victims of data breaches in 2015 alone. And 60 percent of breaches are from hacking — including phishing, malware, and skimming — implying that the digital identities of less tech-savvy groups are especially at risk. These data breaches can lead to financial hardships and discrimination in the job market, among other harms. Strengthening the cyber-defences of institutions is critical to prevent data-based harms to individuals’ digital identities.
Data breaches are also very costly for businesses and governments. More than 13 billion data records have been lost or stolen since 2013. The pace has only accelerated, with 6.3 million records now being lost every day. The average data breach costs $3.9 million to the breached institution, and this cost is growing at 6.8 percent annually. Only 4 percent of breached records are encrypted — implying that most of the breached data is easily accessible to bad actors. It is now possible to buy complete identity profiles of infants, which bad actors use for tax and other fraud.
In light of these immense risks, we are proud to announce an investment in Terbium Labs, a premier threat intelligence company that assists institutions to find out if their databases have been breached, without ever receiving a corporation or individual’s sensitive information. Terbium will use the new funding to accelerate product development of Matchlight, the world’s most comprehensive and only fully private, dark web monitoring system.
Since founding in 2013, the company has operated on the assumption that your data is always at risk. They use a combination of innovative technology, data intelligence, and an elite group of information security professionals to scour the parts of the internet where Terbium’s users would not want their information to appear, including Tor hidden services, dark web markets, password protected forums, and paste sites.
Terbium’s monitoring technology has won many awards for advancing cybersecurity. Some of the world’s leading companies, like Mastercard, Thomson Reuters, and the Royal Bank of Canada, use Matchlight to secure customer data and respond to breaches. Terbium protects these and other organizations from relentless attempts to steal data for personal, monetary, or political gain. And ultimately, they protect us and our digital identities.
“Data privacy is the cornerstone of our business, and we consider it a critical differentiator for our company as conversations around more responsible treatment of digital identity take hold,” said Danny Rogers, co-founder and CEO of Terbium Labs. “By providing intelligence based on our exclusive one-way data fingerprinting technology, Matchlight enables organizations to monitor for risks associated with data exposure on the dark web without exposing them to an expanded vendor-related attack surface. We strive to set a new standard for information security and risk management that can help companies prevent damage while still holding ourselves to the highest standard in terms of protecting the privacy of their information.”
In addition to protecting consumers, early detection and remediation of data breaches strengthens institutions. On the surface, it’s easy to see how Matchlight can reduce the losses to companies and governments. Researchers have found businesses that detect and contain a breach sooner reap an economic benefit to the tune of $1 million. Terbium’s service also gives enterprises a leg up, not only in detecting breaches before economic damage takes place, but also helping them to comply with new data protection and privacy regulations, including data breach notification. And Terbium’s proactive monitoring helps increase trust between customers and companies, giving them a significant competitive advantage in our trust-broken economy.
Today, Terbium Labs join a network of privacy-enhancing enterprises in a Race to the Top by creating technologies and business models that help us get closer to Good ID. We are excited to partner with Danny and the team in our shared vision for a privacy-protected world.
