Skip to content
Link copied to clipboard
Link copied to clipboard

Just because we love Wawa doesn’t mean we should let them handle our data insecurely | Opinion

Even though millions of credit and debit cards that may have been stolen in last year’s Wawa data breach are up for sale on one of the most notorious dark web marketplaces, customers will likely forgive the gas and retail store chain.

A Super Wawa store on West Baltimore Pike in Media is photographed on Jan. 5, 2020.
A Super Wawa store on West Baltimore Pike in Media is photographed on Jan. 5, 2020.Read moreTOM GRALISH / Staff Photographer

Even though millions of credit and debit cards that may have been stolen in last year’s Wawa data breach are up for sale on one of the most notorious dark web marketplaces, customers will likely forgive the gas and retail store chain.

Wawa customers’ loyalty runs deep; some would even say it borders on cultish. But even for other companies with less than stellar reputations, massive data breaches are quickly forgotten and forgiven: utilities, health-care insurers, Facebook.

The sheer number of data breaches in recent years — 1,473, with 164 million sensitive records exposed, in 2019 — has led us to believe that these events are simply the cost of doing business in the digital age. But it shouldn’t be this way. And it doesn’t have to be this way. In 2020, we should be able to efficiently and securely transmit and store data — especially information as sensitive as personal health records.

Part of the challenge we face is a lack of accountability. Many state and federal laws haven’t kept pace with how technology can be exploited by bad actors. Ironically, solving these failures is possible with technology, but not with the same technology that generated these problems in the first place.

The main reason this continues to happen is that the internet has become centralized and closed by a few companies (think Google or Facebook) — the complete opposite of its origin and founders’ intent. The result is that most of our personal data is subject to a single point of failure or weakness. It amounts to storing all of your personal wealth, private information, and important documents like your mortgage and Social Security number, all in an unsecured cardboard box sitting on your front porch, and then being surprised to discover that someone has come along and taken it for their own use.

If we don’t want to live like this, and I would argue none of us do, we simply must start doing things differently.

That’s why the emergence of so-called “open applications” — applications that contain information that is individually owned and protected on public blockchain infrastructure — has come at a critical moment. In other words, open applications on blockchains are the equivalent of all of your personal and financial data and your most important documents all being held in different, secure safes in your home, behind doors with the most secure locks that money can buy.

More importantly, we need to move to a world where the data belongs to the users in every way possible. Want to export your data to other applications? Check. Want to transfer or exchange data without relying on a middleman? Check. Want to use a similar service, say Lifecake or Tinybeans instead of Peekaboo Moments, but have that service leverage your existing records? Check.

We don’t have to live with data breaches. I hope these incidents start decreasing as a result of improved government regulations and business communities partnering to use open apps. Just because we love a store doesn’t mean we should allow it to not handle our data securely — not even Wawa.

Matthew Spoke is the founder of the nonprofit the Open Application Network and founded Deloitte’s first blockchain team.