Cyber criminal scraping customer data
Compliance
4 min

7 Things a Cyber Criminal Could Do with Your Data

With the growing reliance on digital services, cybercriminals now have more opportunities to target individuals.

An estimated 5.9 billion accounts were compromised in data breaches recently.

Although it's concerning to imagine our data being misused, knowing what types of information a cybercriminal seeks and understanding their methods can help us safeguard our assets.

What Types of Data Does a Cybercriminal Target?

  • Personally Identifiable Information (PII) - Data that can be used to identify, contact, or locate someone, including names, addresses, birth dates, email addresses, and phone numbers.
  • Financial Information - Consists of credit card numbers, banking information, insurance details, billing accounts, and other data related to financial activities.
  • Healthcare Data - Information used for medical services such as hospital records and medical insurance.
  • User Credentials - Online credentials including usernames, email addresses, passwords, and online shopping login details.

Illustration showing how stolen PayPal accounts are sold online

What Can a Cybercriminal Do With Your Information?

1. Sell Your Data

Many cybercriminals don't use the stolen data themselves - they sell it instead.

A common marketplace for this is the dark web, where collections of stolen data, sometimes containing millions of records, are sold.

For instance, stolen PayPal account details with a minimum balance of $1,000 can fetch around $20.

You can check out this index to see estimated prices for various types of data.

2. Hold Your Data for Ransom

Known as a ransomware attack, cybercriminals gain unauthorised access to an organisation’s system and encrypt crucial data, only returning access after a ransom is paid.

This type of attack has been increasing and significantly impacts the market, with damages exceeding $30 billion in recent years.

3. Carry Out an Account Takeover

By using stolen login credentials like your username and password, cybercriminals can access your online accounts and change the passwords to lock you out.

Visual representation of a cybercriminal accessing user accounts

Hackers can target any kind of account, from social media to Amazon. However, they often aim for accounts that include payment details to exploit your financial information.

4. Create Targeted Phishing Attacks

Stealing data is often just the first step in a broader strategy.

Some cybercriminals use stolen data to target individuals or organisations with personalised fraudulent emails, making the victim believe they are a trusted source.

‘Whaling’ is a specific type of phishing attack that targets senior executives, potentially offering a large payoff to criminals.

5. Carry Out Identity Fraud

Identity fraud occurs when cybercriminals use someone else's identifiable information for their gain.

If a threat actor collects enough data about an individual, they can:

  • Complete fraudulent purchases for products or services
  • Apply for financial accounts, such as credit cards
  • File fraudulent tax returns and income tax refunds in your name
  • Rent an apartment or apply for a job using your identity
  • File for government benefits
  • Apply for a driver’s licence or passport

6. Hire Out Your System as a Botnet

If cybercriminals gain access to your systems, they can connect your IT to a botnet - a network of hacked computers and servers.

This powerful network enables criminals to perform large-scale crimes, such as DDoS attacks, which sabotage a website by overwhelming it with requests, rendering it inoperative.

Diagram showing a distributed denial-of-service attack in progress

7. Steal Infrastructure

As servers and storage systems can be expensive, some cybercriminals ‘borrow’ others’ infrastructure.

They attempt to break into your systems to store their data and run applications on your infrastructure, avoiding the costs of their own resources.

How Can You Prevent Cybercriminals from Accessing Your Data?

Given the high level of cyber risk, it is crucial for both consumers and businesses to protect their personal information.

Here are some key practices to incorporate into your routine:

  • Use strong and unique passwords, with a mix of numbers, letters, and symbols. Avoid using the same password across multiple accounts.
  • Set up two-factor authentication to stop unauthorised access, even if your login credentials are stolen.
  • Shred documents containing personal information before disposal.
  • Install up-to-date antivirus software on your devices.
  • Be cautious of public Wi-Fi, and avoid accessing sensitive accounts or sending private documents while connected.
  • Stay alert to inbound emails or texts asking for personal information, and always double-check their authenticity.
  • Protect your digital communications with a secure email solution like Mailock.

Stay One Step Ahead

Understanding the ways cybercriminals exploit data is crucial.

By knowing the types of information they target and their methods of misuse, we can better protect ourselves and our data.

Simple practices like using strong, unique passwords, enabling two-factor authentication, and staying vigilant against phishing attempts can make a significant difference in securing your digital life.

At the end of the day, staying informed and proactive is your best defence against cyber threats.

Stay safe and keep your data secure!

 

References

5.9 Billion Accounts Compromised in Data Breaches, Tech.co, 2021

Dark Web Price Index, Privacy Affairs, 2022

Ransomware Damages Expected to Exceed $30 Billion, InfoSecurity Magazine, 2023

Reviewed by

Sabrina McClune, 18.06.24

Sam Kendall, 13.06.25

 

Originally posted on 02 11 22
Last updated on June 20, 2025

Posted by: Sabrina McClune

Sabrina McClune is a Women in Tech Excellence 2022 finalist who writes extensively on cybersecurity, digital transformation, data protection, and digital identity. With a postgraduate degree in Digital Marketing (Distinction) and a First-Class Honours degree in English, she combines a strong academic foundation with professional expertise. At Beyond Encryption, Sabrina develops research-led content that supports financial and technology sectors navigating the complexities of the digital age.

Return to listing
Cybersecurity training at financial services organisation
7/28/2023

Cybersecurity Best Practices for Financial Organisations (No Jargon!)

Cybersecurity is constantly shifting, with new technologies, threats and defences emerging. Lear...

Man sitting at desk on the phone and using his laptop
4/29/2022

GDPR and Secure Email: Keeping Financial Comms Compliant

Now that consumers have been placed in the driving seat when it comes to their data, what does t...

man using outlook on device in his office
9/21/2021

The 15 Best Microsoft Outlook Add-ins You Didn't Know You Needed

Discover the 15 best Microsoft Outlook add-ins to help you boost productivity, security and smoo...

IT team reviewing email security using laptop at office desk
11/2/2022

5 Email Security Mistakes Financial Services Firms Could Easily Avoid

Email is a key communication tool for those working within financial services, but has its risks...