Thanks to cyber-attacks making regular headlines in the news, it’s no secret that massive data breaches are a significant threat to organisations. However, a new report from cyber security provider F-Secure highlights the rarely-discussed impact these attacks can have on people and families using online services.
According to the report, nearly 3 out of every 10 respondents to an F-Secure survey experienced some type of cyber-crime (such as malware/virus infections, unauthorised access to email or social media accounts, credit card fraud, cyber bullying, etc.) in the 12 months prior to answering.
However, cyber-crime was roughly three times more common among respondents using one or more online services that had been breached by attackers. 60% of respondents belonging to this group – called “The Walking Breached” in the report – experienced cyber-crime in the 12 months leading up to the survey, compared to just 22% of other respondents.
Cyber-crime was even more prevalent among The Walking Breached respondents with kids, with 7 out of 10 saying they experienced one or more crimes.
“Personal information stolen from organisations can easily end up being used against people and families through different types of identity theft, fraud, or other types of harm. And with more and more information being stored digitally, what criminals can do with people’s information keeps getting worse. So these attacks on companies can really end up hurting people and not just a business’ bottom line,” explained Laura Kankaala, a security consultant with F-Secure.
Stress and concern was the most common effect of cyber-crime, followed closely by loss of time – both of which affected about half of all cyber-crime victims surveyed. Certain losses due to cyber-crime were more common among The Walking Breached than other respondents: loss of money, personal information, and loss of control over personal information or accounts.
Notably, half of The Walking Breached that experienced cyber-crime prior to filling out the survey reused passwords, and nearly 7 out of 10 (69%) reused passwords with slight variations.
Entire industries have developed to help cyber criminals monetise people’s personal data. Account passwords and login credentials, for example, are often bought and sold. These industries fuel the risks of fraud and other crimes for people whose information has been stolen.
And in a new trend, attackers who use encryption to hold organizations’ data for ransom are now stealing that information and threatening to leak it, demonstrating the lengths criminals will go to profit from people’s data.* In one particularly severe incident involving the breach of a company operating psychotherapy clinics, an extortionist (or extortionists) threatened to release the personal information and therapy records of former patients unless those individuals paid a ransom.**
According to Kankaala, people rarely think about how valuable the information stored in online accounts really is until that information is gone or exposed.
“Recovering hacked or lost social media accounts can sometimes be really difficult and we tend to recognise the value of something only once it’s gone. These accounts are not ‘just social media’ or ‘just email’ – they hold records of our past, pictures we may have not stored anywhere else or conversations that are either private or something we’ll miss once they’ve been deleted,” said Kankaala.
The full report, The Walking Breached: How Data Breaches put People at Risk of Cyber Crime, is now available at https://blog.f-secure.com/the-walking-breached/.
*Source: https://blog.f-secure.com/podcast-ransomware-mikko/
**Source: https://www.politico.eu/article/cybercriminal-extorts-finnish-therapy-patients-in-shocking-attack-ransomware-blackmail-vastaamo/