top of page

Smile—You’ve Been Hacked: How America Lost Its Privacy

Smile You've Been Hacked - 365 Days of Shade Text Graphic
Protecting Americans from cyber threats isn’t just about stronger passwords — it’s about rethinking how data is collected, stored, and governed.

Cornell University recently released a study leveraging data from the “Have I Been Pwned” database indicating that at least 82.8% of Americans have had one or more accounts breached—and many have experienced multiple breaches (on average, at least three).


And did you know the most reported data breaches happened in healthcare? In 2023, 725 healthcare breaches exposed over 133 million records. In 2024, health data breaches included a few massive ones: 14 breaches of over a million records, collectively affecting ~237 million U.S. residents according to The HIPAA Journal.


According to multiple studies, more than 8 in 10 Americans have already experienced at least one cybersecurity breach. From stolen passwords to leaked health records, the majority of us have been compromised in the digital world we depend on daily.


How We’re Being Breached and Hacked

Cyber threats are no longer the stuff of spy movies or tech thrillers. They’re everyday events.


  • 61% of Americans have had their personal data leaked through at least one account.

  • 46% had a password stolen in the past year.

  • 11% have had an email or social media account taken over.

  • And 7% reported fraudulent credit or loan attempts in their name.


These breaches come from a web of vulnerabilities — weak passwords, phishing emails, data leaks from companies, and massive database hacks that sell information for pennies on the dark web.


What is most alarming is how common these breaches are. We often treat cybersecurity as a private problem- a matter of personal vigilance and better passwords. But in truth, cyber defense is a matter of national security. 


When hostile states, ransomware groups, or criminal networks can compromise hospitals, airports, banks, and water systems, cybersecurity becomes a matter of survival — not convenience.


Every citizen, business, and government agency exists on the same interconnected grid. A single weak link can ripple into a national crisis. According to Statista: In 2024, the number of data compromises in the United States stood at 3,158 cases. Meanwhile, over 1.35 billion individuals were affected in the same year by data compromises, including data breaches, leakage, and exposure. Here are a few of the most significant data breaches I’ve come across:


Major Security Breaches in the Past Decade


  • Discord: In September 2025, Discord suffered a third-party data breach via Zendesk that exposed personal and ID data of about 70,000 users, with hackers claiming to have stolen 1.5 TB of sensitive files and demanding ransom, highlighting a costly supply-chain attack targeting the platform’s customer support systems.


  • Crowdstrike: In July 2024, CrowdStrike triggered one of the largest global IT outages in history after a faulty Falcon sensor update caused Windows systems to crash worldwide, leading to mass business disruptions and an estimated $500 million loss for Delta Airlines


  • LinkedIn: In early 2021, LinkedIn experienced a large-scale data scraping incident where attackers collected 400 million public profiles, including 125 million unique emails, names, geographic locations, and job details, later selling the data online.


  • Equifax: In 2017, Equifax suffered a massive data breach compromising the personal information of 147 million people**, leading to a $425 million FTC settlement to assist affected individuals and marking one of the largest and most costly cybersecurity failures in U.S. history.


  • Marriott International: From 2014 to 2020, Marriott International and its subsidiary Starwood Hotels suffered three major data breaches affecting over 344 million customers worldwide, exposing sensitive data such as names, mailing addresses, passport numbers, dates of birth, and payment details.


  • Yahoo: Between 2013 and 2014, Yahoo suffered two massive data breaches that exposed over 3.5 billion user accounts, leaking personal information like emails, date of birth, security answers and questions, and encrypted passwords



The United States has invested trillions to protect its citizens from physical harm — through military strength, policing, and homeland security. Yet the digital front line remains porous.

We wouldn’t ask citizens to defend their own borders — so why do we ask them to defend against foreign hackers alone?


How Companies Demand Our Secrets and Deny Us Transparency


There’s an irony in how the modern digital economy treats privacy.

Everywhere we go — from downloading an app to buying groceries — we’re asked to share pieces of ourselves. Our names, phone numbers, emails, location, birthday, even our face. A quick “Agree & Continue” and we hand over what should be the most personal parts of our lives, all for the sake of convenience.


Yet when we ask these same companies what they do with our data, we’re met with a 47-page privacy policy written in legal hieroglyphics. It’s not meant to inform — it’s meant to exhaust.


We live in a time where a social media filter needs your camera access, a flashlight app requests your contacts, and smart TVs quietly record conversations in your living room “to improve user experience.”


This isn’t innovation. It’s surveillance — sanitized by design.

The Cost of Convenience


The irony deepens when you consider that the more we automate and streamline, the less control we actually have.


The systems that promise to “simplify” our lives — cloud platforms, mobile apps, loyalty programs — are the same ones collecting massive amounts of behavioral data.


They call it personalization. But it’s not personal — it’s predictive.


Every click, scroll, pause, and purchase is a data point in a trillion-dollar industry where privacy isn’t a right — it’s a product feature.


And yet, if data is the new oil, then the average American is the new oil field — constantly extracted, rarely compensated, and almost never protected.


The Civic Dilemma


This is where government responsibility comes in. If the state can regulate food labels, car emissions, and pharmaceutical warnings, then it can regulate data transparency.


People should have the same clarity about where their digital information goes as they do about what’s in their breakfast cereal.


But instead of leading, regulators lag — often years behind the pace of technology. And in that gap, the public loses both visibility and sovereignty.


The irony is not that companies ask for our trust — it’s that we give it so freely.

The tragedy is not that our data is taken — it’s that we’ve come to see it as the price of participation.


The Solution: Reclaiming the Digital Commons

Protecting Americans from cyber threats isn’t just about stronger passwords — it’s about rethinking how data is collected, stored, and governed. True cybersecurity starts with informed consent and public accountability, not fine print.


1. Make Privacy the Default, Not the Exception

Right now, the digital economy is built on an opt-out system — meaning companies assume the right to your data unless you explicitly say no. Most people never find the “no.” That needs to change.


All data collection should be opt-in by default — clear, transparent, and specific to the product’s function. If a piece of information isn’t essential for the product to operate, it shouldn’t be collected at all.


A fitness tracker may reasonably need your heart rate or steps — but it doesn’t need your location history, contacts, or social graph. And if data must be collected, it should be encrypted end-to-end and stored in a way that no third party can access without explicit, time-bound consent.


2. Rethink How Software “Works”

For too long, companies have claimed that data collection is necessary for “product performance.” But that’s a design choice — not a law of nature.


We can build smarter systems that rely on local processing, anonymized data models, and federated learning — technologies that allow products to improve without exposing individual users.


If the tech industry can build self-driving cars, it can build self-defending software. Innovation should serve privacy, not cannibalize it.


3. End the Fine-Print Era

A 47-page privacy policy isn’t transparency — it’s camouflage.


Privacy disclosures should be short, simple, and visual, designed to inform, not obscure. Every company should maintain a Customer Privacy Center — a plain-language hub where users can easily see:


  • What data is collected

  • Why it’s needed

  • How long it’s kept

  • Who it’s shared with

  • How to delete it


Informed consent isn’t possible without comprehensible consent.


4. Fund and Empower the Agencies That Protect Us

The U.S. has the frameworks to regulate digital safety — the FTC, the Cybersecurity and Infrastructure Security Agency (CISA), and the Consumer Financial Protection Bureau (CFPB) all play vital roles. But chronic underfunding, outdated tools, and political cuts have weakened their ability to act.


When agencies meant to protect the public can’t retain cyber talent or update their systems, we’re effectively leaving the front door open.


Cybersecurity should be funded like infrastructure — with the same seriousness we apply to national defense. Every budget cut to oversight is an open invitation to attack.


5. Build a Culture of Digital Literacy

Technology evolves faster than regulation — and far faster than public understanding. We need to treat digital literacy like public health education: a lifelong skill taught in schools, reinforced by government campaigns, and simplified for older adults.


People can’t defend what they don’t understand. Awareness is the first firewall.


6. Hold Companies Accountable for Breaches

Apologies don’t protect consumers — accountability does. When corporations mishandle data, there must be legal and financial consequences that scale with their size and negligence.


If citizens can face penalties for unpaid taxes, companies should face proportionate ones for privacy violations.


7. Modernize Federal Systems

The irony is that while citizens are told to update their passwords, many government systems still run on outdated software. Modernizing federal digital infrastructure — from encryption standards to cloud security — is foundational to national defense.


Protecting citizen data shouldn’t be a patchwork of agencies; it should be a unified, modern system worthy of public trust.


The Bottom Line

Cybersecurity is not just about technology — it’s about democracy. Opt-in privacy, clear policies, encrypted data, and well-funded oversight aren’t luxuries. They’re the civic guardrails of the 21st century.


Because a nation that can’t protect its citizens’ data can’t truly protect its citizens.


The truth is, we can no longer separate cybersecurity from citizenship. Every data breach chips away at the public’s trust — not only in corporations, but in the institutions meant to guard them.


Our digital lives are now civic spaces, and protecting them requires the same courage, funding, and foresight we reserve for any national security issue. 


Until privacy becomes a right by design — not a privilege hidden in fine print — the American public will remain both the engine and the casualty of the digital age. The question is no longer whether we’ve been hacked. It’s whether we’ll rebuild a democracy resilient enough to defend its data, and in doing so, its people.



365 Days of Shade


Comments

bottom of page