If you’re still under the impression that hacking is restricted to hoodie-wearing individuals in darkened rooms, then you might be vastly underestimating the scale of the data breach problem.
Last year alone more than 300 million consumers were impacted by data breaches, according to the Identity Theft Resource Center.
Let’s break down how cybercriminals are able to access and profit off consumers’ personal data.
What is a Data Breach?
At its most basic level, a data breach is any security incident in which information is accessed without the proper authorization. Most commonly, a data breach is a deliberate cyberattack aimed at stealing personal data for fraudulent purposes and financial gain.
Who is Affected in a Data Breach?
The first victim of any data breach is the company holding the data that was unlawfully accessed. A mass theft of personal data can have a huge impact on a company’s reputation and finances. A recent IBM and Ponemon Institute study found the average cost of a data breach for a company last year came in at $3.86 million.
The second victim is the customer whose details have been leaked. Cyberattacks are conducted because the data collected – such as names, dates of birth, Social Security numbers and financial account information – is financially valuable to the criminals. This personal data can be sold on the dark web, resulting in victims experiencing identity theft and possible financial losses.
Why Do Data Breaches Happen?
Cybercrime is immensely profitable, netting criminals $1.5 trillion annually. Individual criminals can earn between $45,000 and $2.5 million per year just from the sale of stolen data.
Cybercriminal groups have become exceedingly sophisticated, employing specialist staff through active recruitment. They also can adopt corporate structures to streamline their activities and make them more efficient.
The entry cost for cybercrime is far lower than those associated with crimes with similar revenue, like bank robbery, and the personal risks are far lower.
How Are Data Breaches Profitable?
Most data breaches don’t target the company holding the data. Cybercriminals generally aren’t interested in corporate secrets or industrial patents. The real money comes from stealing the personal and financial details of the company’s customers or staff credentials.
Being able to access a company’s network using stolen staff credentials allows cybercriminals to potentially access funds through fraudulent transactions. Having staff-level access also allows the criminals greater access to stored data.
Customer information is generally sold on the dark web. Tax documents such as W-2s and 1040s can be purchased for as little as $1.04. Social Security numbers and personal details, such as birthdates, range from $0.19 to $62 a record.
How to Protect Your Data
Unfortunately, cybercriminals are here to stay. Your best protection is to have safe online habits, such as using different passwords for different accounts, and monitoring your identity. Having identity theft protection that monitors your credit report along with the internet and dark web for your personal information is essential to help guard your data.