Skip to Content

What can hackers take from you?

With hacking and data breaches becoming more common, it’s important to understand what personal information hackers can steal from you. The types of data cybercriminals are after depends on their motivations, which typically fall into three main categories: financial gain, espionage, or disruption. Let’s explore what hackers could potentially take and the impacts of different data types being compromised.

Personal and Financial Information

For financially motivated hackers, the key data they want is information that can be monetized or used for theft or fraud. This includes:

  • Names
  • Email addresses
  • Phone numbers
  • Physical addresses
  • Social Security numbers
  • Bank account and credit card numbers
  • Login credentials for financial accounts
  • Answers to security questions
  • Tax identification numbers
  • Passport numbers
  • Driver’s license numbers

With these details, hackers can siphon money out of bank accounts, make fraudulent charges on credit cards, take out loans or lines of credit, file fake tax returns to collect refunds, and more. They can also use the information for identity theft by impersonating the victim to open new fraudulent accounts or gain access to existing accounts. According to the Identity Theft Resource Center, the most common types of identity theft are:

Type Percentage
Credit card fraud 25%
Phone or utilities fraud 15%
Employment fraud 13%
Bank fraud 12%
Loan or lease fraud 11%
Government fraud 7%

The financial damage from hacking can be severe. A 2022 IBM report found the average cost of a data breach is $4.35 million. And individuals can face substantial hardship restoring their credit and finances after identity theft. It can take months or even years of effort to undo the damage.

Medical Information

In addition to financial data, hackers may target medical information that can be abused for fraud or sold on the dark web. Compromised health data includes:

  • Health insurance account numbers
  • Prescription records
  • Medical treatment history
  • Diagnostic records
  • Lab test results
  • Billing information
  • Other personal medical details

With medical data, hackers can attempt to file false insurance claims, obtain prescriptions to resell, or commit medical identity theft to obtain treatment or drugs. This can result in inaccurate medical records and delayed care for the victim. According to Experian, nearly 3 million Americans were victims of medical identity theft in 2020.

Emails and Messaging

Gaining access to someone’s email account or private messages can give hackers a trove of valuable information. Within inboxes and messaging apps, they may find:

  • Correspondence with banks, utilities, or other businesses containing account numbers, SSNs, or other personal details
  • Tax statements and records
  • Login credentials for other online accounts
  • Private communications history
  • Personally identifying details in emails signatures or messaging profiles

Access to emails and messages provides criminals with the means to reconstruct a lot of a victim’s digital identity and perpetrate more extensive fraud and theft.

Work and Corporate Data

For hackers motivated by espionage and stealing intellectual property, their targets are typically business systems and confidential corporate data such as:

  • Product research and design documents
  • Manufacturing specifications
  • Pricing information
  • Customer lists and business contracts
  • Unannounced product launch details
  • Unpublished financial statements

By stealing proprietary information, competitors can gain an unfair advantage and undermine years of victim companies’ research and development efforts.

Login Credentials

Usernames and passwords are prime targets for hackers. Compromised credentials can potentially unlock vast amounts of personal, financial, corporate, and government data. Criminals may obtain login information by:

  • Phishing attacks tricking users into revealing their passwords
  • Keylogging malware on devices to capture typed passwords
  • Brute force attacks guessing weak passwords
  • Data breaches of insecurely stored credentials

Once hackers have working credentials, they can access and extract almost whatever data they want from the breached account or system. Securely managing passwords and enabling multi-factor authentication is essential to help thwart unauthorized logins.

Browsing History and Online Behavior Data

For cybercriminals interested in selling data, web browsing histories, online shopping patterns, and other online behavior profiles are prized commodities. Marketing firms, for example, will pay for access to user data to analyze interests and trends. Tech companies may also collect vast amounts of data on how their customers interact with their devices and services. Specific online data collected can include:

  • Websites visited
  • Search engine keywords
  • Retail sites and items viewed
  • Ad clicks
  • Location history
  • Netflix viewing history
  • Amazon Echo voice recordings

While not inherently enabling of identity theft, the sale of user behavior data raises major privacy concerns. There have also been cases of blackmail schemes to threaten disclosure of browsing histories.

Critical Infrastructure Access

For hackers motivated by disrupting critical infrastructure systems, their aim is to compromise industrial control systems, building systems, utilities grids, manufacturing plants, and other operational technology. Successful intrusions can let them:

  • Monitor and map out networks
  • Steal proprietary engineering data
  • Identify vulnerabilities
  • Plant malware payloads

The most dangerous scenarios involve hackers actually hijacking equipment controls to trigger destructive failure. Examples include overpressuring pipelines or reactors to cause explosions, opening flood gates on dams, and overloading power grids. Infrastructure cyber attacks have caused major blackouts, economic damages, and environmental harm.

Government and Military Secrets

Foreign state-sponsored hacking frequently targets government and military information systems for intelligence gathering and disseminating disinformation. Examples of state secrets include:

  • Weapons designs and capabilities
  • Technical specifications of defense systems and machinery
  • Communication protocols and encryption methods
  • Strategic battle plans
  • Classified personnel files
  • Surveillance data

Governments and militaries around the world are constantly probing each other’s systems looking for any confidential data that could provide strategic advantages. Major breaches can seriously harm international relations, public safety, and national security.

Cryptocurrency and NFTs

For cybercriminals motivated by financial gain, cryptocurrency and NFT wallets are attractive high-value targets. Successful hacks of cryptocurrency exchanges have netted tens or hundreds of millions in stolen digital currency. Specific crypto assets hackers can steal include:

  • Bitcoin
  • Ethereum
  • Dogecoin
  • Solana
  • Cardano
  • Polkadot

NFTs with high market value are also ripe for theft. According to Chainalysis, over $2 billion worth of cryptocurrency was stolen by hackers in 2021, a nearly 600% increase from 2020. Crypto’s decentralized nature makes these thefts nearly impossible to reverse.

Conclusion

In summary, hackers have diverse interests in the types of personal and organizational data they target. Motivations range from financial theft to corporate espionage to causing disruptive destruction. Virtually any information system today houses some type of data worth stealing. Individuals and businesses must practice good cyber hygiene and data security to minimize their risk of becoming victims. But with hacking evolving as a persistent threat, no one’s data is immune from potential compromise.