In November of 2018, the hotel chain Marriott reported that they had been hacked by what is suspected to be Chinese intelligence agents. In January of 2019, it was revealed that this constituted one of the largest breaches of personal data in the history of the world, with roughly five million unencrypted passport numbers of their guests being stolen.
This case shows the critical nature of data encryption, especially as cybercrime and cyberterrorism become all the more sophisticated in the 21st century.
Data encryption is the process of encoding information so that it can only be accessed and read by those with the correct permissions. Plaintext, the standard way text is displayed and distributed digitally, is encrypted using an algorithm known as a cipher, generated ciphertext that can only be read by those intended to be able to read it.
Encryption itself is nothing new, with governments and militaries encrypting coded comminiques for years. But with the rise of cybercrime, private organizations more and more have a responsibility to secure and encrypt any sensitive data they store in the interests of protecting the privacy and safety of their clients and customers.
Some ways unencrypted data can be exploited by malicious actors is accessing unencrypted text/SMS messages, emails from unsecured private servers, database data stored in plain text, and the like.
An equally important part of the data encryption process is message authentication, which allows digital systems to not only transmit ciphertext and properly encoded data, but verify its authentic source. Types of message authentication include a digital signature like RSA-based signature schemes, or message authentication codes (MACs).
Unencrypted data breaches have become more and more common -- the 2014 Sony Pictures cyberattack leaked thousands of personal correspondences and financial statements, In 2012, LinkedIn and EHarmony's security was breached leading to millions of plaintext passwords being leaked. Wells Fargo was targeted by an attack which led to unencrypted identifying information on over 70 million bank accounts being leaked. The perpetrators have been unaffiliated criminals, activists, government agents, and everything in between.