Abstract
Publishing data about individuals is a double-edged sword; it can provide a significant benefit for a range of organisations to help understand issues concerning individuals and improve services they offer. However, it can also represent a serious threat to individuals' privacy. To deal with these threats, researchers have worked on anonymisation methods. One such method is disassociation which protects transaction data by dividing them into chunks to hide sensitive links between data items. However, this method does not take into consideration semantic relationships that may exist among data items, which can be exploited by attackers to expose protected data. In this paper, we propose a de-anonymisation approach to attacking transaction data anonymised by the disassociation method. Our approach attempts to re-associate disassociated transaction data by exploiting semantic relationships among data items, and our findings show that the disassociation method may not protect transaction data effectively: up to 60% of the disassociated items can be re-associated, thereby breaking the privacy of nearly 70% of protected itemsets in disassociated transactions.