You wouldn't leave the door to your hotel room wide open, hand your wallet to a stranger or post your passwords online, but experts say there's a whole market for other information that makes you just as vulnerable, and in the height of the travel season, you're likely giving it away without even realizing.
"People who travel, they go to great lengths to protect their credit card but they don't think about this — what every hacker wants is your data," cybersecurity expert and Identity Theft Resource Center Board member James Lee told the News4 I-Team.
Lee said hackers are constantly coming up with new ways to extract data from your electronic devices, and they aren't just interested in stored passwords and pin numbers, they also want to know your screen names, email addresses, where you shop and what you buy.
It can happen in just a few moments, while your phone is still in your hand. For example, when you connect to one of the free charging stations.
"When you connect up to one of these power charges you're just connecting up to a computer you can't see," said Lee, pointing out that travelers should avoid plugging into a USB port.
He says the old-fashioned wall plug is safer. Plus, you should always use your own cord. Hackers have been known to leave behind cords designed to steal your data.
Local
Washington, D.C., Maryland and Virginia local news, events and information
"Some of the newer cords have chips in them," Lee said. "So you can actually add malware to the cord itself."
He said USB ports at the base of a hotel lamp or alarm clock make charging your device convenient, but that also comes with a cost.
"I always plug in my USB into the lamp. I thought I was safe doing that," frequent traveler Tonya Bonds said.
She didn't realize her personal information could also be on the move.
"Now, I know not to do that anymore," Bonds said.
Lee said those USB ports are easy to alter, and a hacker could have spent time in that hotel room before you did.
The same is true for a rental car or rideshare. On-board computer and Bluetooth systems can also capture your data.
"You've now left your footprint from that phone in that car," Lee said.
The Electronic Privacy Information Center (EPIC) told the I-Team hackers stealing your information shouldn't be your only concern. We all interact with plenty of legitimate businesses that are really after our data so they can sell it to marketers.
"They're collecting more information than is actually required for your interaction with that company. And that's part of the problem," said Jeramie Scott, a senior attorney for EPIC.
He says iPads that you frequently see in airports around the country are actually sophisticated data collection devices.
They allow you to order your lunch or a drink, then prompt you to surf the web, check your e-mail or log into your social media accounts while you eat.
"From a security perspective, there's not as much risk here as there is privacy risk, " Lee said.
When you swipe your card to pay, the system marries that information with whatever else you've done on the tablet.
Even the games you play prompt you to enter your personal information. Any posts you make or photos you access while using the device can also be stored.
The company's privacy policy, which experts say most users never read, clearly states, "We may build and store user profile preferences based on your use of the tablet program." The policy even lists the "ways they may share personally identifiable information with third parties."
"The fact that they disseminate to other third parties makes it almost impossible to track down all the policies that may impact the information collected for your interaction with this one entity," Scott said.
Plus, Scott points out you can't possibly know how that data will be used in the future. If those third parties fall victim to a data breach, you don't know what information they had about you.
The tablet programs also suggest that you scan your boarding pass to allow you to pay for purchases with rewards points or frequent flyer miles. The system will also send you alerts when your flight is boarding. But that convenience also costs you, your frequent flyer data, rewards program and trip information also gets stored in your user profile.
The tablet privacy policy does say users can contact the company to review the personal information that's been captured and request that it be deleted.
Lee's best advice? Flyer beware: If it isn't your device, don't log into it.
"You have to be savvy," Lee said. "Wherever there is the ability for somebody to siphon off your data, they're going to try — and you need to protect it."
Reported by Jodie Fleischer, produced by Rick Yarborough, shot by Steve Jones and Jeff Piper, and edited by Steve Jones.
