What Happens to Your Data When a Company Gets Breached

Ever ask yourself why spam arrives in your inbox every day? Or why hackers know your name when they try to phish your access credentials? It’s often simply because your data was leaked in a breach.

Bitdefender research shows that internet users have accounts with an average of eight online platforms, varying from social media and online shopping platforms to video streaming, utility providers and more. And threat actors are bent on capturing this data and using it against us.

Cybercrime is divided into tiers, or stages. There are those who conduct the actual attack and steal customer data; those who sell the data to the highest bidders on the dark web; and those who buy the data and use it to conduct fraud, extortion, and phishing campaigns against the very consumers whose data was compromised in the breach.

Cybercriminals typically use a combination of personal data and financial data to impersonate you or conduct ID theft. They can use the stolen data against you in a phishing scam, attempting to convince you that you’re talking to your bank or your wireless operator. Keep an eye out for unsolicited requests to change your password or confirm security codes. These are likely fake. Companies are obliged to notify you if they get breached and what – if any – data was compromised in the attack. They will also advise you on your next course of action.

Data dumps resulting from breaches are a valuable asset to spammers, as they contain large pools of email addresses ready to be bombarded with fake offers, scams, and even malware. These social engineering attacks use the spray-and-pray technique where attackers target thousands of users at once hoping to catch a few unsuspecting victims in their net. Telltale signs include: the message is urgent in nature; you are told your password was compromised and must be changed; the offer is too good to be true, and the list goes on.

Extortion

Things get a bit dicey when your data is more personal in nature. For example, in 2015 hackers notoriously stole user data of Ashley Madison, a website geared towards extramarital affairs. The attackers threatened to release users' names and personally identifying information if the site refused to immediately shut down. A month later, the hacking group leaked more than 60 gigabytes of company data, including user details.

In such instances, attackers can go straight to those affected and threaten to make their affairs public if a ransom is not paid. These types of attacks continue today.

Stay on top of breaches

It’s more important than ever to remain vigilant as breaches now occur daily. Bitdefender Identity Theft Protection alerts you to any threat to your identity, so you can always keep your finances and digital persona safe. And Bitdefender Digital Identity Protection scans the web for unauthorized leaks of your personal data, monitoring whether your accounts are exposed and making it easy to take action well before disaster strikes.

There’s not much we, as consumers, can do to keep hackers from breaching the companies we do business with. What we can do is practice good cybersecurity hygiene and deploy a trusted security solution on our personal devices to limit the impact to our security and privacy in case of a breach.