Data theft: What is it and how can you avoid data loss?

Data theft, also referred to as information theft, is the illegal exfiltration, acquisition, and storage of a person’s or organization’s sensitive data. This data typically includes personal information of individuals, such as names, addresses, passwords, Social Security numbers, or financial details. If hackers manage to steal enough data, they can steal the victim’s identity and use it to gain access to secured accounts, create new accounts with stolen credentials, or simply sell the data on the dark web. If your data ends up on the dark web, you might get a dark web alert.

Hackers also target critical corporate data, such as information about business processes, software codes, and technology. They steal data from various databases, servers, and internet of things (IoT) devices as they try to cripple organizations’ workflow or bring them to financial ruin.

Hackers use elaborate techniques and various crimeware tools to steal data from online databases or trick people into revealing it. Below are the most common situations and factors that contribute to data loss:

• Weak passwords. The complexity of a password is an important factor that can help prevent hackers from breaking into your accounts. Passwords that include any personal details, such as birthdays, are a true jackpot to cybercriminals – as they gain access to your account, they also reveal a valuable piece of personal information that can be used to steal your identity.
• Social engineering. Phishing emails and online scams remain some of the most effective ways to lure online users into giving away their personal information to cybercriminals. Hackers usually pretend to be legitimate entities – bank or insurance representatives – and ask you to provide personal data for a specific purpose.
• Threats from inside the company. In some cases, employees who have separated from their company on bad terms could leak or sell confidential information relating to the organization, employees, or customers. A similar threat could come from business partners or contractors.
• Vulnerable software. Old software and inappropriately installed systems have vulnerabilities that open the door to your device for hackers. Exploiting software susceptibilities, they can gain access to confidential information and your personal data.
• Infected downloads. A download infected with malware is a stairway for threat actors to steal your sensitive files and data or take control of your device.
• Human error. An email sent to the wrong recipient, sensitive files attached to the wrong emails, critical files not secured with passwords – these are only a few examples of how human error can lead to data leaks.
• Physical theft. Stealing paperwork and devices is as severe a threat to data security as malicious codes and phishing attacks online. It’s yet another opportunity for data thieves to get hold of sensitive information.
• Abuse of publicly available information. Malicious entities online can create fake accounts or arrange highly targeted phishing attacks based on personal information a person provides on his social media profiles.

As most of our life has moved online, hackers can set their goal on a vast pool of data to be stolen and exploited for their malicious intent. Just to mention a few, here are cybercriminals’ most targeted pieces of information:

• Personal data, which includes names, passwords, Social Security numbers, addresses, emails, and everything else tied to a person’s identity.
• Financial information, like credit or debit card numbers, credit scores, or bank account details.
• Corporate information, such as customers and employees records, network credentials, and business strategies.
• Communication data, including private emails and messages.
• Consumer behavior data, such as search and purchase histories and geolocations.

To get a better understanding of what data theft is and where it can lead, take a peek at the following real-life examples:

• The Yahoo case. In 2016, Yahoo announced that back in 2014 the company suffered from a large-scale data breach that affected over a billion users. According to Yahoo, an unauthorized party implemented malicious cookies through which they could get into user accounts without the password. Threat actors targeted and stole users’ names, telephone numbers, email addresses, and security questions and answers.
• The Equifax case. In 2017, a data breach of this credit reporting firm exposed 147 million customers’ personal data, including names, Social Security numbers, birthdays, and addresses. Moreover, cybercriminals compromised the credit card data of around 209 thousand Equifax clients.
• The Facebook case. In the infamous data leak of 2019, millions of Facebook users’ personal records have been found stored on public Amazon cloud servers. These records included account names, IDs, and logs of comments.

How grave the consequences of a data theft are varies depending on what exactly has been stolen. Let’s look at the most common outcomes of data loss:

• Identity theft. If hackers manage to steal enough of a person’s sensitive data, they can create bogus accounts in their name and steal money or social benefits using a person’s credentials.
• Damaged reputation. Companies that have experienced data breaches or have leaked information about their customers typically lose a large number of clients and may struggle to rebuild their reputation or attract new customers.
• Possibility of lawsuits. Depending on the gravity of data theft, organizations can get involved in lawsuits for mishandling the sensitive information of their clients or third parties whose information has been leaked. Moreover, they may face regulatory fines, such as those of the General Data Protection Regulation (GDPR), for poor security measures and careless approach to data security.
• Ransomware demands. It’s not rare for cybercriminals to ask for a ransom in exchange for stolen data. However, even after paying the ransom, the victim cannot be sure if they’ll get their data back or if it will be used for malicious purposes in the future.
• High recovery costs. Patching a company’s security systems and fixing the damage caused by data theft usually requires vast financial resources and results in extensive downtime while the systems are being mended.

Being conscious of cyber threats is the best thing you can do to keep your data safe online. Below are some tips for securing your cyber life:

• Use a strong password. Though every website has its own requirements, the general recommendation for a strong password is to contain at least eight characters in a combination of upper-and lowercase letters, numbers, and symbols. Also, make sure not to use the same password for multiple accounts. If one gets compromised, a hacker may get into other accounts, too.
• Use multi-factor authentication (MFA). This type of authentication requires more than just a password to get into your account. Using MFA, you’d typically need to provide at least one additional piece of information, usually some sort of biometric data or one-time code sent to your device.
• Be careful using public networks. Public Wi-Fi often lacks proper security measures and, as a result, hackers favor it as an entry point to user devices. A VPN comes in as a handy solution whenever you need to connect to a public network securely. It encrypts your online traffic and creates an encrypted tunnel for it to travel, significantly lowering the chances of unauthorized interception.
• Don’t overshare on social media. Every piece of information about you that ends up on the internet can be used for profiling, creating fake accounts, or serving you excessively targeted ads.
• Charge your phone at home. Even the public USB charging stations you see at airports and on buses can carry data stealers. To avoid them, don’t plug your devices into random public USB outlets or use USB data blockers, which are designed to block any data sent through a USB port but allow charging. To learn more, see our article on what is a USB data blocker.
• Close accounts you don’t use. Every account you create online requires at least some bits of your personal information. To stay as private as possible online, make sure to delete all accounts you don’t use to reduce your digital footprint.