Aug 11 2016

Dialing for Personal Data Dollars

Understanding PII and Why Criminals Want It

Series 1 of 6

Layer 8 Security wants our community to be safe with their personal information by playing it smart. Please pass this information along to co-workers, family and neighbors. These recommendations will benefit not only yourself but also your workplace.

Cyber criminals want your personal data. It is money to them. Stolen data is bought from and sold to other cyber criminals from the black market. There’s a whole network of criminal activity that gathers personal data – it’s a large and sophisticated industry that offers money-back guarantees on the usability of the stolen data. The source is often a breached database; but not always. Criminals also target individuals through phishing and watering hole schemes

Stolen personally identifiable information (PII) resulting in identity theft has been the number one consumer complaint made to the FTC, 15 years running.

Individuals have to be responsible for their own cyber hygiene and protection.

According to the FTC, 19 people become victims of identity theft every minute. On top of that, the average victim can expect to spend at least $500 and 30+ hours resolving each identity theft crime. Becoming a victim of identity theft is a big deal. Fortunately for us, practicing proper cyber hygiene is one of the best methods of prevention.

Cyber hygiene is defined as a person’s (or an organization’s) practices to defend themselves from malicious activity when using electronic devices such as a laptop or smart phone, or working with electronic data when at work, home, or traveling. An example of cyber hygiene is a person’s behavior when using their web browser. A person who minimizes their risk of compromising their data or access to their protected network is considered to have excellent cyber hygiene. A person who does little to protect themselves online (whether through naivety or negligence) is considered to have poor cyber hygiene.

Knowing what PII is, how criminals obtain it, and how they can use it for their benefit is the first step in keeping yourself safe. Here are the key concepts you need to know, broken down by questions.

What is personally identifiable information (PII)?

PII is data that can identify, contact, or locate a single person. Your name, date of birth, home address, and social security number are examples of PII.  Criminals collect victims’ PII from various sources such as online services (Facebook, LinkedIn, etc.), medical records, or tax returns, and then aggregate it to do malicious things.

What can a cyber criminal do with your PII?

  • Apply for bank loans, mortgages, etc.
  • Destroy personal credit, which can lead to:
    • Cancelled credit and debit cards
    • Reduction in credit score
    • Expenditure on fees to clear credit reporting, reputation, etc.
  • Submit false insurance claims
  • Submit false tax returns to their address (and deposit the tax return check for themselves)

How can a cyber criminal obtain your PII?

  • Intercepting your tax returns
  • Publishing fake job postings to lure job seekers
  • Remotely installing malware on victims’ devices
  • Imitating communications from legitimate organizations via phishing attacks and social engineering)

The one place most of your personal data is centralized and therefore at risk is your email… stay tuned for our next post about email security!

If you are interested in learning more about protecting PII, phishing, cyber crimes, cybersecurity and how to create a resilient business, please contact us at:


Contributions made by Kevin Hyde and Casey Lipson