Digital Fraud Wiki

Your source for the latest fraud intelligence, insights, research, and commentary.

Data Breaches

What are Data Breaches?

A data breach is an incident—or a series of connected incidents—in which data meant to be secure is instead accessed by an entity that is not authorized to have that access. A successful data breach results in exposure of private information—information that can then be stolen by an attacking entity.

Fraudsters perpetrate data breach attacks for two primary purposes: to use the data in future attacks, and to make money by selling the data on the dark web.

Information exposed in data breaches can include everything from names, addresses, phone numbers, and email addresses, to bank account details, credit card numbers, social security numbers, and passport details.

Data breaches can have enormous financial consequences. According to the 2019 Cost of a Data Breach Report, the average total cost of a data breach is $3.92M. In the United States, that number is significantly higher: $8.19M. The average size is 25,575 records.

Damage resulting from Data Breaches can take many forms, including regulatory fines and loss of business due to eroded consumer trust. 

What Should Companies Know About Data Breaches?

From the standpoint of fraud prevention, it is essential to understand that a data breach is only the beginning of an attack timeline that can stretch out for days, weeks, even years. 

Writing in the aftermath of a massive breach of Capital One that occurred in July of 2019, DataVisor CEO Yingian Xie noted that “a breach is only the beginning. The real concern is what happens next. The downstream effects of an event like this are far more impactful than the breach itself. Before we know it, the stolen data lands in the hands of fraudsters who waste no time in using the information for massive-scale attacks.”

An article titled “How Proactive Detection Stops Fraud Before Damage Happens” offers a high-level summary of the steps along the timeline of a fraud attack. These steps include:

  • Inception: After a data breach, stolen data often reemerges for sale on the dark web, and once it’s sold, it is almost inevitably used in an attack.
  • Creation. This is the point at which a fraudster actively begins amassing the “weapons” to be used in a future attack. This often involves either creating new fake accounts, or hijacking existing ones through account takeover actions (ATO). 
  • Action: This is when fraudulent accounts are actually used to commit a large-scale attack. 
  • Reaction: This is the downstream aftermath of an attack; the period during which fraudsters try to monetize their attacks, and when organizations try to mitigate losses, repair reputations, and work to better prevent future attacks.

Fang Yu, Co-Founder and CTO of DataVisor, recently addressed the question, “How Do Criminals Use Stolen Data?” Her answer, featured in Forbes, points out many of the specific challenges associated with data breaches:

“Very commonly, stolen data will be used by a criminal to try and impersonate the victim whose data was stolen. Fraudsters will use that information to try and do everything from applying for credit cards and bank loans to making social security, medical, and unemployment claims … A fraudster can use stolen data to apply for a big loan with no intention of paying the money back. Malicious actors can also use stolen data to hack into real people’s accounts. They might already have gotten the password, or enough information to successfully answer security questions. Once they get into an account, there’s no limit to the damage they can do. They can make fraudulent purchases, transfer funds, open new accounts, and more.”

How to Prevent Fraud Associated with Data Breaches

Legacy fraud solutions that rely on simple anomaly detection to spot data-powered fraud attacks are notoriously prone to high false positives that result in poor customer experience. To comprehensively address the scale, scope, and sophistication of modern fraud attacks, companies need to leverage the power of unsupervised machine learning (UML) to expose hidden patterns and connections that indicate coordinated malicious activity. Using UML removes the need for historical labels, lengthy training times, and frequent re-tuning, thereby enabling nimble, real-time detection. This is essential if businesses are to successfully thwart large-scale attacks that can feature malicious accounts numbering in the hundreds and thousands.

Most importantly, by adopting AI-powered solutions capable of identifying large clusters of fake and hijacked accounts, organizations can stop attacks before they launch, and before any damage can happen. As Yinglian Xie writes, “by enabling holistic data analysis and constant monitoring at scale, systems can expose suspicious accounts, actions, and events that would otherwise go unnoticed if viewed in isolation. This makes it possible to literally know the unknown, and protect against even the most sophisticated and previously unknown attack types.” 

Data breaches provide the raw material of future large-scale coordinated fraud attacks, and it’s critical for businesses to understand that a data breach isn’t the end of attack—it’s only the beginning.