The Linkage Problem: A Hidden Roadblock in Data Collaboration Industries like advertising, healthcare, and financial services depend on data collaboration for critical operations - from customer...
When 23andMe filed for bankruptcy, it wasn’t just about business. It was about broken trust.
Headlines focused on what millions of people had feared for years: the misuse of deeply personal genetic information. The kind of data that can’t be reissued, reset, or undone.
But how it happened and what it says about our current approach to data protection deserves a closer look.
Because this breach wasn’t about technical wizardry or exotic malware. It happened the way most breaches do: Someone got in and the data was all accessible and usable.
That’s the part we need to talk about.
The Breach Beneath the Breach
The breach on 23andMe started with credential stuffing—an old trick. Hackers reused stolen passwords to access user accounts. From there, they took advantage of a feature designed to connect users through shared DNA.
But what makes this incident stand out is what happened next:
With access to just a few accounts, attackers were able to access sensitive data on millions. Genetic traits. Family relationships. Health indicators.
It wasn’t just an access issue.
It was an exposure issue.
And that’s a distinction more organizations need to understand.
Why Traditional Protections Aren’t Enough
Let’s be clear: endpoint security, access control, and encryption are essential. No system should operate without them.
But breaches still happen. And when they do, the question is no longer "how did they get in?" It’s "what did they find once they were inside?"
Too often, the answer is: everything.
This is the gap that’s costing organizations trust, money, and long-term viability.
Data needs a second line of defense. One that works even when systems are accessed, credentials are compromised, or data needs to flow beyond your security firewall.
And with the growing threat of quantum computing, that second layer must be quantum-resilient. The encryption that protects most systems today won’t survive once quantum decryption becomes feasible. Data harvested today can—and likely will—be decrypted tomorrow.
That’s why Karlsgate has already implemented post-quantum cryptography (PQC) in our solutions. It’s not a theoretical upgrade. It’s a necessary foundation for protecting sensitive data against tomorrow’s threats.
How It Could Have Been Different
Let’s imagine this playing out another way.
The attackers still gain access—maybe through credential reuse, maybe through another method. That part doesn’t change.
But what they find does.
Because in a system architected for layered, future-proof protection, they wouldn’t have found meaningful data. They would have found de-identified and encrypted, unlinkable, unusable fragments. Nothing to sell. Nothing to exploit.
Here’s how Karlsgate would have designed that system:
- Every identifier used for matching—names, emails, genetic markers—would be de-identified and encrypted using locally-controlled cryptography. That means only the data owner or administrator controls the key. If someone without permission accesses the system, they can’t decode relationships or identities.
- The sensitive data itself—genetic profiles, health indicators—would be encrypted using Karlsgate’s Downstream Data Flow Protection (DDFP). That data would only be usable in a secure, confidential computing environment—and only for its intended purpose. Not visible to users. Not exposed to analysts. Not vulnerable to theft.
- All of this is reinforced with post-quantum cryptography, making the data not only unreadable to attackers today—but safe from the decryption capabilities of tomorrow.
This isn’t just theoretical. It’s how Karlsgate operates today—in real environments, across industries, at scale.
Third-Party Risk: The Silent Threat
And critically, this approach doesn’t just apply to data inside your own walls.
Even if your internal systems are protected, the moment data leaves your organization, the risk multiplies.
According to KPMG, 73% of organizations have experienced at least one significant disruption caused by a third party within the past three years (KPMG 2022 Third-Party Risk Management Outlook), resulting in the misuse of sensitive or confidential information.
And yet, collaboration with partners is more important than ever—whether it’s for research, marketing, analytics, or AI.
The problem is most organizations still rely on outdated models that require:
- Sending full datasets to external partners
- Granting raw access in staging environments
- Trusting others to protect data as carefully as you do
That’s not sustainable. And it’s not secure.
Karlsgate’s architecture extends protection beyond the organization’s perimeter.
We create Protected Data Pipelines—pathways that allow data to move between systems and organizations without ever becoming exposed.
With Karlsgate:
- Third parties can analyze data without ever seeing personal information.
- Organizations stay in control of what’s shared, when, and with whom, even after the sharing event.
- Data collaboration becomes safe, scalable, and compliant—without workarounds or risky exceptions.
And by incorporating post-quantum resilience from the start, we ensure that even long-lived, sensitive data stays protected—not just in today’s workflows, but in the world ahead.
A Shift Toward the Protected Data Age
What the 23andMe breach shows us, and what every breach reminds us, is that no system is impenetrable.
But that doesn’t mean data has to be vulnerable.
We’re entering a new phase of data protection. One where:
- Access alone isn’t enough to compromise a system
- Data can be shared without being exposed
- Collaboration doesn’t come at the cost of control
- Encryption is built for a post-quantum world
At Karlsgate, we call this the Protected Data Age.
It’s not a tagline. It’s a call to build differently. To protect differently.
To move beyond reactive defenses, and toward systems designed to make exposure irrelevant.
Because the goal isn’t just to secure infrastructure. It’s to ensure that data remains protected, even as it moves, flows, and powers innovation.
At Karlsgate, we’re building the infrastructure for that future: Protected Data Pipelines that enable collaboration, automation, and analysis without compromise.
About Karlsgate
For executive leaders concerned about balancing data security with the demand for data across all facets of the business, Karlsgate offers a robust, easy-to-implement solution. Protect your data from risks and breaches while seamlessly accessing it for critical initiatives. Secure and maximize your data's potential with Karlsgate.
