People are often the collateral damage of attacks on corporations

Thanks to cyberattacks making regular headlines in the news, it’s no secret that massive data breaches are a significant threat to organizations. However, a report from F-Secure highlights the rarely-discussed impact these attacks can have on people and families using online services.

According to the report, nearly 3 out of every 10 respondents to the survey experienced some type of cybercrime (such as malware/virus infections, unauthorized access to email or social media accounts, credit card fraud, cyber bullying, etc.) in the 12 months prior to answering.

However, cybercrime was roughly three times more common among respondents using one or more online services that had been breached by attackers. 60% of respondents belonging to this group – called “The Walking Breached” in the report – experienced cybercrime in the 12 months leading up to the survey, compared to just 22% of other respondents.

Cybercrime was even more prevalent among respondents with kids, with 7 out of 10 saying they experienced one or more crimes.

“Personal information stolen from organizations can easily end up being used against people and families through different types of identity theft, fraud, or other types of harm. And with more and more information being stored digitally, what criminals can do with people’s information keeps getting worse. So these attacks on companies can really end up hurting people and not just a business’ bottom line,” explained Laura Kankaala, a security consultant with F-Secure.

How attacks on corporations damage people

Stress and concern was the most common effect of cybercrime, followed closely by loss of time – both of which affected about half of all cybercrime victims surveyed. Certain losses due to cybercrime were more common among The Walking Breached than other respondents: loss of money, personal information, and loss of control over personal information or accounts.

Notably, half of The Walking Breached that experienced cybercrime prior to filling out the survey reused passwords, and 69% reused passwords with slight variations.

Entire industries have developed to help cybercriminals monetize people’s personal data. Account passwords and login credentials, for example, are often bought and sold. These industries fuel the risks of fraud and other crimes for people whose information has been stolen.

Attackers threatening to leak information

And in a new trend, attackers who use encryption to hold organizations’ data for ransom are now stealing that information and threatening to leak it, demonstrating the lengths criminals will go to profit from people’s data.

In one particularly severe incident involving the breach of a company operating psychotherapy clinics, an extortionist (or extortionists) threatened to release the personal information and therapy records of former patients unless those individuals paid a ransom.

According to Kankaala, people rarely think about how valuable the information stored in online accounts really is until that information is gone or exposed.

“Recovering hacked or lost social media accounts can sometimes be really difficult and we tend to recognize the value of something only once it’s gone. These accounts are not ‘just social media’ or ‘just email’ – they hold records of our past, pictures we may have not stored anywhere else or conversations that are either private or something we’ll miss once they’ve been deleted,” said Kankaala.