Hackers are hunting celebs. Digital IDs can help, but add new risks


When it comes to cyberattacks, celebrities have a huge target on their backs. 

Just consider the news at the end of 2023 where Rhysida, the infamous hacking group, announced it had attacked King Edward VII’s Hospital, a private health institution in London. This is bad enough by itself, but what really elevated this news from “another day, another attack,” was the fact the hackers claimed to have obtained sensitive medical data on the British Royal Family.

The King Edward VII Hospital has provided close care to the family for over a hundred years, having looked after the Queen Mother, Prince Philip, Queen Elizabeth II, and King Charles III, to name but a few.

This makes it — and other hospitals serving the rich and famous — a treasure trove for hackers. If bad actors get hold of this sort of sensitive data, it can be used for all sorts of nefarious purposes, whether that’s extortion, blackmail, or any other range of motives, political or otherwise.

In this instance, the Royal Family got off lightly. Although it’s not clear precisely what happened, a few days after the announcement, Rhysida took down the note on their website about the Royal Family. The data wasn’t leaked.

Now, we could spend some time unravelling this mystery, but, to me, the damage was already done. A glaring weakness was shown to the world. With this, a question: what do high-profile individuals like the Royal Family do about this threat?

Could famous people decouple themselves from public and private institutions? How would this work? And is it even possible?

I wanted to find out. So that’s exactly what I did.

Getting deep with digital identities

“Digital identity, in its simplest form, is a set of facts about you,” says Andrew Bud, the founder and CEO of iProov, a London-based identity verification and authentication service. 

It makes sense. Then, one would assume, the easiest way for the wealthy and powerful to protect themselves would be to decouple their digital identity from institutions. That’d work, right? Surely?

“In the modern era of data breaches and ransomware farming, the idea that any information is a safe secret is fiction,” Bud says.

Ah. It appears we’re off to a rocky start. If no data is safe, how can anyone be? Should we all just pack our bags and give up?

Bud doesn’t think so: “What matters most from a security perspective is securing your data so that it can’t be monetised or exploited for unauthorised use.”

In other words, it’s all about authorisation. Securing who can access your data — something we’ll return to later. That then means it’s possible for high-profile individuals to decouple their digital identities, it just needs to be done holistically. 

But how would it work?

Making the great decoupling happen

“It is in the realms of possibility for individuals to leverage additional technologies to decouple their digital identity from their healthcare or operational data,” Matt Berzinski, senior director of product management at Ping Identity, tells me. 

The key to this, he believes, is “decentralised identity.”

The British Royal Family, whom digital IDs could help