We all know that data breach is a major issue that can cause devastating damage to organizations and individuals, but have you ever wondered what happens to the data that is stolen during these incidents?
It depends on the importance of the stolen data and the attackers behind a data breach, and why they’ve stolen a certain type of data. For instance, when threat actors are motivated to embarrass a person or organization, expose perceived wrongdoing or improve cybersecurity, they tend to release relevant data into the public domain.
To prove this, the attack on Sony Pictures Entertainment in 2014 is the biggest example for the readers. Attackers backed by North Korea stole Sony Pictures Entertainment employee data such as Social Security numbers, financial records, and salary information, as well as emails of top executives. The hackers then published the emails to embarrass the company, possibly in retribution for releasing a comedy about a plot to assassinate North Korea’s leader, Kim Jong Un.
According to Verizon’s annual data breach report, nearly 86% of data breaches are about money, and 55% are committed by organized criminal groups. Stolen data often ends up being sold online on the dark web. For example, in 2018 hackers offered for sale more than 200 million records containing the personal information of Chinese individuals. This included information on 130 million customers of the Chinese hotel chain Huazhu Hotels Group.
The most reliable and common way to pay for the transaction is with cryptocurrency or via Western Union. The price varies on the type of data, its demand, and its supply. For example, a big surplus of stolen personally identifiable information caused its price to drop from $4 for information about a person in 2014 to $1 in 2015. Email dumps containing anywhere from a hundred thousand to a couple of million email addresses go for $10, and voter databases from various states sell for $100.
What Hackers Do with Your Personal Info?
The most obvious thing hackers do is steal your money—either directly by funneling it from a bank account or by creating new accounts under your name. They may use your credit card details to shop at Amazon or set up a Netflix account. They might also use your info to create a sham social media profile to fool your friends or have a fake driver’s license made.
While that’s scary, there are even more frightening things to worry about. In some cases, hackers may steal info like personnel files, bank records, and private photos for purposes of blackmail, extortion, or even espionage.
Lastly, some hackers may target you or your organization directly. Stolen info, such as an online alias where you share political commentary or an online dating profile, maybe shared to prank or embarrass you. In more nefarious cases, doxing—releasing personal information about your identity—could put you in danger. Imagine internet users sending you hate mail, calling your cell phone, or even showing up to your house over a post you made online about a particular view you hold.
Three easy steps to protect your data
(1). The first step is to find out if your information is being sold on the dark web. You can use websites such as haveibeenpwned and IntelligenceX to see whether your email was part of stolen data.
(2). Inform credit reporting agencies and other organizations that collect data about you, such as your health care provider, insurance company, banks, and credit card companies.
(3). To help you create strong passwords and remember them, consider using a password manager. Secondly, check whether your accounts offer multi-factor authentication (MFA). If yes, then use MFA.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.