A False Sense of Security: How Anonymized Data is Re-identified