Data theft can take place both inside an organization (e.g., by a disgruntled employee), or by criminals outside the organization.
In 2012 these thefts included hackers breaking into a Belgian credit provider, Dexia, and demanding payment (blackmail) of €150,000 (US$197,000) to prevent the hackers from publishing confidential information.
Another example is India-based call center workers who were selling confidential information on nearly 500,000 British citizens including names, addresses, phone numbers and credit card numbers.
Some other recent data thefts include some of the biggest in history:
- 2007: The TJX Companies discloses theft of 45.6M credit and debit card numbers, costing the retailer $256M
- 2009: Heartland Payment Systems discloses breach of 100M records, costing the credit card processor nearly $140M
- 2011: Email marketing company Epsilon leaks millions of names and email addresses from customer databases of Best Buy, Marks & Spencer and Chase Bank. Initial cost-containment and remediation is estimated at $225M, but could reach as high as $4B
- 2011: Sony Corp suffers breaches that place 100M customer accounts at risk, costing the company up to $2 billion
- 2011: Servers are breached for Global Payments, a payments processor for Visa, exposing information on as many as 7M card holders
Criminals often use malware to access a computer and steal data. A common approach is to use a Trojan to install keylogging software that tracks everything the user types, including usernames and passwords, in order to access the user’s bank account.
Data theft also occurs when devices containing data, such as laptops or USB drives, are stolen. (See Data leakage, Data loss, How to secure your data)