A data breach occurs when a cybercriminal successfully infiltrates a data source and extracts sensitive information. This can be done physically by accessing a computer or network to steal local files or by bypassing network security remotely. The latter is often the method used to target companies. The following are the steps usually involved in a typical a breach operation:
Research: The cybercriminal looks for weaknesses in the company’s security (people, systems, or network).
Attack: The cybercriminal makes initial contact using either a network or social attack.
Network/Social attack: A network attack occurs when a cybercriminal uses infrastructure, system, and application weaknesses to infiltrate an organization’s network. Social attacks involve tricking or baiting employees into giving access to the company’s network. An employee can be duped into giving his/her login credentials or may be fooled into opening a malicious attachment.
Exfiltration: Once the cybercriminal gets into one computer, he/she can then attack the network and tunnel his/her way to confidential company data. Once the hacker extracts the data, the attack is considered successful.
What types of data are usually stolen?
The motive of a cybercriminal defines what company he/she will attack. Different sources yield different information. The following are examples of common targets with details on what kind of data was stolen:
Medical/Healthcare
Government/Military
Banking/Credit/Financial
Educational
Based on the data stolen, here are specific types of information that are of value to cybercriminals. Hackers search for these data because they can be used to make money by duplicating credit cards, and using personal information for fraud, identity theft, and even blackmail. They can also be sold in bulk in Deep Web marketplaces.
[Read: Where do all the stolen information go?]
Member name
Date of birth
Social Security number
Member identification number
Email address
Mailing and/or physical address
Telephone number
Banking account number
Clinical information
Claims information
End users are almost never the target of cybercriminals who are out to steal sensitive information in bulk, unless an individual is connected to an industry (see Spear Phishing). However, end users can be affected when their records were part of the information stolen from big companies. In such cases, it is best to take note of the following practices.
Notify your bank. Verify your account details and change PIN codes.
Double-check email addresses from incoming emails. Cybercriminals can pose as bank representatives and ask for credentials.
Do not click suspicious-looking links or download files from unknown sources.
If credentials or financials have been tampered with, contact the breached company and ask if they can assist in enrolling you to a fraud victim assistance program.