Every day, businesses handle massive amounts of customer data—so huge that it makes disaster recovery quite challenging for many companies. On the other hand, cyber hackers capitalize on such data to conduct illegal activities. Surely, data is a very powerful instigator of fraud.
Data breaches are commonly perpetrated by criminal groups to make financial gains. To avoid making direct online, illegal transactions involving actual currencies, criminals use these ways to turn stolen data into real money.
Commonly distributed through spam emails, malicious advertisements, and black hat SEO sites, a ransomware malware encrypts computer files and locks its user out of the system until the victim agrees to pay a ransom to the hacker.
In 2015, the Hollywood Presbyterian Medical Center paid its attackers $17,000 worth of Bitcoin to retrieve sensitive medical records. And early this year, the Lincolnshire County Council’s computer system was held up for $500.
2. Transacting with fraudulent credit card
Fraudsters steal data stored on credit cards’ magnetic stripe, print it on an improvised credit card, and use it to make purchases or hire “money mules” to withdraw cash from ATMs.
Retail merchants are the most common target of credit card breaches. In early 2015, customers’ credit card data were stolen from Target and Home Depot to create fraudulent Apple accounts to buy valuable items and merchandise.
Larger credit card breaches can be broken down into multiple layers, where data thieves sell stolen card information to brokers, who then pass it on in so-called “cc dumps” to other “carders.”
3. Using stolen credentials to make transactions
There’s such a thing as data black market in the online community. Data thieves offer aggregators the following personal data of a person:
- Social security number
- Bank account details
Once cyber criminals gain access to these pieces of information, they can make transactions on e-commerce sites, break into someone’s online financial and social media accounts, and transfer money to another party—the list keeps growing.
JPMorgan Chase reportedly fell victim to a massive online hacking scheme late last year, where account information of about 7 million small-scale businesses had been stolen.
The hacker of the 2012 data breach linked to the Yahoo mail service provider was selling usernames, passwords, and birth dates to a marketplace on the dark web for three bitcoins, roughly equivalent to $1,800.
4. Trading illegally on the stock exchange
From 2010 to 2015, a group of hackers who had illegal access to non-public financial information of publicly listed companies earned nearly $30 million as they sold the confidential information to stock market illegal traders before public releases were made to legitimate investors.
All the hackers needed to carry out their exploit was to get into the system of Marketwire L.P., PR Newswire Association LLC, and Business Wire—three business newswire firms that kept hundreds of public companies’ unpublished press releases concerning their earnings, gross margins, and other financial information.
5. Cracking into an online account or app with payment method facilities
Nowadays, hackers could hijack even frequent flyer miles or Uber accounts—any account that links to a credit card, checking account, or PayPal.
Back in 2012, CBS News reported that United Airlines passengers lost thousands of miles credit in a scam. Hackers can steal credits to buy airline tickets or hotel accommodation and resell these to third-parties.
Similarly, scammers can set up fake Uber driver accounts and charge user victims for bogus riding services.
Impact of Stolen Data for Businesses
All forms of data theft or data breach correspond to monetary and non-monetary damages for your company, including:
- Disruption of business and lost revenue – The security breach can cause a company to shut down its electronic operations while the IT support is tracking the origin of the attack and making corrective measures. Needless to say, the daily revenue suffers.
- Breach notification and post-breach expenses – Companies are under an obligation to notify customers if their info was lost, stolen, or compromised, which can cost businesses significant out-of-pocket expenses. Preventing another breach by putting up more rigid data protection systems can be equally costly.
- Decline in market value – Research shows that news of data breach can cause a company’s market value to drop by approximately 9 percent within 30 days after the breach is discovered, and by 3 percent over the long term as a serious consequence of cyber attacks.
- Decreased customer trust and confidence – Customers can be unforgiving to cases of data breach because they expect no less than the privacy and security of their data. Customers can suspend or terminate their dealings with companies with records of a security
- Damaged reputation – The bad reputation of a brand or business is comparable to a stigma that is likely to linger in the minds of business partners and customers, and companies will have to conquer many challenges to rebuild a positive reputation.
Cyber espionage is happening all around, and businesses cannot let hackers get the better of them. Otherwise, data breaches will remain profitable for online crooks while companies suffer from financial losses and bad publicity to no end.