Managing Director

Will Kaye

Stolen Data – How Stolen Data Is Exploited by Hackers

stolen data

Financial crimes resulting from a data breach are just one of the many ways that criminals use stolen data. A compelling write-up by Avivah Litan, an analyst from Gartner Inc. discusses the numerous ways that stolen consumer data can be used from compromised business servers.

How stolen data is used by hackers:

Here are four such ways:

  1. Stolen data can be resold in the black market, the convoluted underground of the Deep Web.
  2. Stolen data can be leveraged to complement and update previously stolen identities with their respective PII (personally identifiable information). The home addresses and phone numbers in records already taken may be outdated. Data from recent breaches can be used to update them, as well as patch up missing information.
  3. Stolen data can be readily used to assume control of the existing bank, phone service, brokerage, and retirement fund accounts. The stolen PII in such accounts can be quickly entered and tried in various online systems, thus enabling hackers to gain control of, move, and take existing funds.
  4. Stolen data can be bought wholesale by nation states. And with accurate PII-endowed accounts at a nation-state’s disposal, political disruption and intellectual property theft such as gaining access to blueprints of weapon systems are more readily accomplished.

How Businesses Can Minimise the Risks of Having Data Compromised

Avivah Litan recommends using identity verification that is not reliant on static PII, which is likely to have already been stolen in the past. Dynamic identity data are not based on PII and come with unique behavioural indicators. Litan also emphasises the effectiveness of multi-layered identity verification, especially for those with privileged access to sensitive client data. Companies must implement multi-layered identity proofing for business managers and cybersecurity personnel. That way, if one identity layer ends up getting compromised, there are still others that will effectively hinder access and prevent full identity claim.