Massive data breaches are a significant threat to organisations
However, a new report from cybersecurity provider F-Secure highlights the rarely-discussed impact these attacks can have on people and families using online services.
According to the report, nearly three out of every 10 respondents to an F-Secure survey experienced some type of cybercrime (such as malware/virus infections, unauthorised access to email or social media accounts, credit card fraud, cyberbullying, etc.) in the 12 months prior to answering.
However, cybercrime was roughly three times more common among respondents using one or more online services that had been breached by attackers. 60% of respondents belonging to this group – called “The Walking Breached” in the report – experienced cybercrime in the 12 months leading up to the survey, compared to just 22% of other respondents.
Cybercrime was even more prevalent among The Walking Breached respondents with kids, with seven out of 10 saying they experienced one or more crimes.
“Personal information stolen from organisations can easily end up being used against people and families through different types of identity theft, fraud, or other types of harm. And with more and more information being stored digitally, what criminals can do with people’s information keeps getting worse. So these attacks on companies can end up hurting people and not just a business’ bottom line,” explained Laura Kankaala, a security consultant with F-Secure.
Stress and concern was the most common effect of cybercrime, followed closely by loss of time – both of which affected about half of all cybercrime victims surveyed. Certain losses due to cybercrime were more common among The Walking Breached than other respondents: loss of money, personal information, and loss of control over personal information or accounts.
Notably, half of The Walking Breached that experienced cybercrime prior to filling out the survey reused passwords, and nearly seven out of 10 (69%) reused passwords with slight variations.
Entire industries have developed to help cybercriminals monetise people’s data. Account passwords and login credentials, for example, are often bought and sold. These industries fuel the risks of fraud and other crimes for people whose information has been stolen.
And in a new trend, attackers who use encryption to hold organisations’ data for ransom are now stealing that information and threatening to leak it, demonstrating the lengths criminals will go to profit from people’s data. In one particularly severe incident involving the breach of a company operating psychotherapy clinics, an extortionist (or extortionists) threatened to release the personal information and therapy records of former patients unless those individuals paid a ransom.
According to Kankaala, people rarely think about how valuable the information stored in online accounts is until that information is gone or exposed.
“Recovering hacked or lost social media accounts can sometimes be really difficult and we tend to recognize the value of something only once it’s gone. These accounts are not ‘just social media’ or ‘just email’ – they hold records of our past, pictures we may have not stored anywhere else or conversations that are either private or something we’ll miss once they’ve been deleted,” said Kankaala.
The full report, The Walking Breached: How Data Breaches put People at Risk of Cyber Crime, is now available at https://blog.f-secure.com/the-walking-breached/
