There’s no question that data breaches are becoming a common occurrence in today’s world. In fact, according to the Data Breach Index over 5 million records are lost or stolen every day. These breaches affect businesses, individuals, and governments alike.
For many, the question remains - what actually happens to your personal data once it’s been stolen? In this article we cover the typical use cases, including what type of data is most valuable and why hackers hack in the first place.
There are a number of reasons why hackers steal data in the first place. The most popular and most obvious reason is financial gain. The majority of hackers want to make a profit, and they can easily do so by stealing information like bank or login details. They can steal your money from your accounts, apply for a credit card or loan under your name, or they can also resell your information to another criminal on the internet. The dark web is full of criminals buying and selling stolen personal information.
In the past few years, there has been a new development in hacking for financial gain. It has become increasingly popular for hackers to break into your device and encrypt the data on it. It’s called ransomware, and malicious actors hold your files hostage until you pay the ransom within a certain period of time. If you don’t pay, the data is usually destroyed by the hacker.
Surprisingly, not all hackers are in it for the money; some steal information and act as shadowy vigilantes. Known as “hacktivism”, groups or individuals work together to take down terrorist groups, oppressive regimes, governments, and trafficking rings. We’ve all heard of Edward Snowden, probably one of the most well known hacktivists, who leaked data from the National Security Agency. There’s also the Anonymous group, which has been behind 45% of hacktivism in the past four years. However, the group now seems to be defunct, or at least very quiet.
A very small number of hackers just want to show off what they can do, and they have no intention of stealing information or making a profit. Sometimes they launch a hack to show how poor a corporation’s cybersecurity is. An example of this is the infamous Ashley Madison data breach, where the profiles of 32 million users were made publicly available. The hackers didn’t want money; they just wanted the website taken down. Ashley Madison is a dating platform for people seeking extramarital affairs, and the leak quite literally tore some families apart.
There are typically five types of data that malicious actors will want to steal:
Once a hacker has your data, there are a few things they can do. The first step is to scan your data for important and/or valuable information like bank details, login information, photos, emails, or messages. The perpetrator will then decide whether they are going to keep the files or sell them to a third party (often called a “broker”).
Typically, hackers will sell your data. This reduces risk for them, and also gives them an immediate profit. The price for stolen personal information depends on how valuable it is. For example, personal data from a government official or a celebrity is far more valuable than that belonging to the average person.
As mentioned earlier, credit card and payment details are the most popular on the dark web, and clearing funds from your account is dead easy. Usually a “broker” will buy your card details on a marketplace and resell them to a “carder”. The carder will then get as much money out of your accounts as possible before you or your bank notices.
They can generally replicate a card by printing one themselves, but more commonly they will use them for a gift card shell game. What happens is the carder will use your payment details to buy online gift cards, and then make purchases with the gift cards. Typically, they will purchase electronics because they are always in demand and can be easily resold, making them relatively low risk.
The risk of losing your funds is very small with a credit card compared to the risk involved with debit cards. Banks usually have policies in place for credit card fraud and are quite good about spotting suspicious purchases. Debit cards are unfortunately a different story; not much can be done if your funds are stolen. Debit cards are far more common in Europe than in North America, and they are extremely valuable on the dark web.
Personal information is far less valuable on the black market, since it is already widely available. Your name, birthday, address, and email can sometimes just be gathered by looking at your social media accounts. As a result, there has been a huge growth in extortion regarding personal data.
Malicious actors will obtain your personal information and threaten to release it to the public. This is very common with explicit photos and messages, as hackers will hold them for a ransom. If you don’t pay up, your reputation could sadly be ruined. Naturally, this data is even more valuable if the victim is a public figure, such as when the National Enquirer allegedly threatened to release photos of Jeff Bezos and his mistress.
Companies, in particular financial organizations, have tried to fight identity and financial crime by implementing Know Your Customer (KYC) procedures. This requires companies to verify the identity of their users by using personal documents such as passports or other forms of government-issued ID. However, this has led to an increase in theft of personal documents, tax information, and insurance numbers.
KYC information contains everything a malicious actor needs to commit fraud and steal your identity. By having your passport or driver’s license, they can apply for loans, and claim your tax credits and your insurance claims. While this type of hack is very difficult to orchestrate, it is one of the most valuable, making it more and more appealing to criminals.
Unfortunately, it is difficult to tell if your data has been stolen, but there are a number of preventative measures you can take. One crucial step is to use a password manager in order to create unique passwords for all of your individual accounts. This prevents hackers from being able to access more of your accounts if they gain access to one.
Blockchain technology can also be of use here. Decentralized identity (DID) gives you far more control over what data you share and who you share it with. Through DID, you prove your identity once to a trusted third party, and said third party handles all requests for identity and access so you don’t have to. Not only is it more convenient, it is far safer.
Lastly, keep an eye on your finances. They are likely to be the first target in any type of hack and you can do things like freeze your credit or place a fraud alert on your accounts for extra protection.
As we’re aware by now, having your personal information stolen is not a problem that is going to go away any time soon. Unfortunately, there is no true way to prevent your data from being hacked as long as you are not in charge of the security of your data. This is why digital identity management solutions like the SelfKey Identity Wallet have become so popular - it puts you back in control of your own data. It’s not enough to blindly trust big corporations like Facebook anymore.
If you are worried that your data has been breached (the answer is yes), you can check on the website Have I Been Pwned. You can also set up notifications so you are aware if your accounts have been compromised.
Your data, and most of your life, is online. Every action you take or interaction you have could potentially put you at risk. It is vital to take a proactive approach when it comes to managing your personal data. It can be annoying, but it’s probably worth your time to understand how your data is protected on the websites and apps you use regularly. Be cautious and vigilant, because crime never sleeps.