What do hackers do with stolen information?
In the digital age, it should come as no surprise to learn that hackers could take a range of actions with the right information in their hands. These threats and more are discussed by Litigation Executive Ben Brown.
Most people are aware of the steps they can take to keep their data secure and hackers at bay. However, it is easy to forget that hackers will also look to target companies and organisations that have your personal information on file.
Here, we discuss what hackers could do with stolen personal data, including covering the following:
- What information is stolen by hackers?
- What do hackers use the stolen data for?
- How do I know if hackers have my private data?
- Who is responsible if hackers access my private data?
- What should I do after hackers have stolen information?
- Can I start a data breach claim?
- What can you do about your stolen data?
What information is stolen from hackers?
Hackers could potentially steal any data or information which is stored digitally. Exactly what they will look to steal may depend on the type of crime they are looking to conduct, the security measures they need to overcome, or their ability to perform certain actions.
When it comes to data breaches, the following personal information is often compromised following a hack:
- Email addresses
- Phone numbers
- Financial details (such as credit card information)
- Employment records
- Passport details
The exact type of data that can be stolen by hackers may depend on whether they are able to obtain records belonging to customers of a company, employees, or both.
What do hackers use the stolen data for?
There are a wide range of potential reasons for hackers to steal personal information. Some of the ways they can use the data include:
To sell on to other criminals
Stolen personal information can be incredibly valuable. A simple method for hackers to steal personal data is to sell it on to other criminals operating on the dark web. The buyer can then use the data for their own criminal purposes.
For identity theft
As you might expect, if a cybercriminal has access to large amounts of sensitive personal data, they may be able to use this to perform acts of identity theft. Many online services require users to fill in personal details for verification. Having the right amount of information could allow a hacker to take certain actions, such as taking out loans in someone else’s name.
To launch phishing attacks
When a cybercriminal has some of your personal information and contact details following a hack, they may launch a sophisticated phishing attack in an attempt to extract further sensitive data. The act of phishing involves a criminal contacting you under the guise of a trusted or seemingly legitimate third party.
Phishing scams will usually direct a user to a click on a link which, if they are not aware, will take them to an unsecure site. They will be prompted to enter their details, including financial information, which is then stolen and used to extort the user.
These types of scams are common following a high profile hack involving a well-known company, as hackers look to take advantage of the confusion and subsequent fallout.
To perform an account takeover
There may be occasions where the data stolen by hackers includes login credentials for a relevant account. Criminals could look to use this information to break into accounts that contain valuable data, such as payment details. Once in, they could also change the account details, leaving you locked out of the account.
Even if the account does not contain any sensitive financial information, a risk is still present. While it is not good security practice, many people tend to use the same, or similar, login credentials on multiple accounts.
To hold a company to ransom
When data is stolen via a cyber-attack against a company or organisation, the hackers responsible will often look to hold them to ransom, using the data as leverage.
Hackers will often demand a ransom payment which, if not paid, will mean the data is released on to the dark web.
How do I know if hackers have my private data?
If a hacker is able to access your private data after attacking a company or organisation, there are a number of ways in which you can find out for certain.
Firstly, according to the terms of the Data Protection Act 2018, organisations which store your personal data are legally required to inform anyone whose data has been compromised following a data breach. This is regardless of how the breach was caused or what the surrounding circumstances may be.
Even if the organisation does not provide proper notification, or it is simply missed, you can find out whether your data has been compromised in a number of other ways.
When the Information Commissioner’s Office (ICO) are notified about a data breach, they will publish a public report. You can therefore check their website to see if any organisations you are involved with have been breached, putting your data at risk.
If you need extra confirmation that your data has been breached, it is sensible that you speak to a specialist data breach solicitor.
Who is responsible if hackers access my private data?
If hackers are able to access your private data after successfully breaching an organisation’s security measures, the responsibility will fall on the organisation. They are required to have sufficient security measures to prevent attacks from taking place, which means they will be deemed to be at fault.
This means that, if your data has been compromised in a data breach, you could be in a position to claim compensation against the organisation in question.
What should I do after hackers have stolen information?
If you are made aware that hackers have stolen your personal data, there are several important steps you should take to minimise the potential impact it will have on your life.
Contacting your bank and/or credit card provider
If you are concerned that any of your financial details have been exposed after your personal data was breached, it is vital that you speak to your bank immediately. Depending on the circumstances, they may be able to cancel any cards that have been compromised or reverse fraudulent transactions that have already taken place.
Putting a credit freeze in place may also be sensible until you are certain that your details have changed and you are safe from any further disruption.
Change your passwords
Simply changing your passwords and login credentials for your accounts is an important step that can go a long way. You should change your passwords for the account that has been affected, as well as any others where you may have used the same password.
If you have any concerns about remembering your new passwords, you can use a secure password manager to store them safely.
Be wary of phishing attacks
As discussed earlier, phishing attacks could occur when a hacker has previously accessed your personal details, using these in an attempt to extract further sensitive data.
You should be aware of any potential phishing attacks that take place after a hacker accesses your personal data. This is especially where any communications appear to be from the organisation responsible for losing your data.
Register with Cifas Protective Registration service
It is often a sensible idea to register with the Cifas fraud prevention service after you learn that your data has been compromised. After you do so, your name and personal details will be flagged in their National Fraud Database. This is used by a wide range of companies who check for people who are at risk of fraud.
Companies who use Cifas will then perform additional checks when your details are used to apply for products and services to reduce your risk of being exposed to fraud.
There is a £25 fee for registering with the Cifas Protective Registration service for two years.
What can you do about your stolen data?
If you have learned that your personal data has been exposed after hackers have successfully hacked an organisation or company that had it on file, you could be in a position to claim compensation.
At Hayes Connor, our specialist data breach solicitors can act for clients on a no win, no fee basis. This can remove the financial risk of pursuing a data breach claim if it is unsuccessful.
We have one of the largest teams of dedicated data breach claims specialists in the country. Among our team, we have a wealth of combined experience and expertise which we use to advise you on whether you will have grounds for a claim, the level of compensation you could be entitled to and what you need to do to start a claim.
We want to ensure that anyone affected by a data breach is able to receive the compensation they deserve, while also making the claims process as straightforward as possible.
Our goal is to ensure that anyone who is affected by a data breach is able to get the compensation they deserve, while making the claims process as simple and stress-free as possible.
To start a claim, you can use our online claim form and we will get back to you shortly to let you know if we believe you have grounds for compensation.
If you would like to speak to a member of our team, please do not hesitate to give us a call on 0330 041 5135.