What Data Do Cybercriminals Steal? (How To Protect Yours)

What Personal Data Do Hackers Want the Most? 

When Richard and Donna Loew opened their mail, the last thing they expected to see was a letter from the Small Business Administration (SBA) claiming they owed $100,000 in COVID-19 pandemic relief funds. 

But it didn’t take long for the Florida couple to uncover the truth — cybercriminals had stolen their personal information and used it to fraudulently apply for the loans [*].

As of September 2023, there have been over 600 million breached records — giving hackers and scammers easy access to sensitive information they can use to steal your identity [*]. 

Scammers and hackers are almost always financially motivated — and unfortunately, it’s easier than ever for them to find information they need to defraud you. But what personal data should you be most careful about? 

In this guide, we’ll explain what types of information cybercriminals steal, what they can do with it, how to mitigate the damage if you’re a victim, and ways to protect yourself now and in the future. 

⚡️ Get warned fast if scammers are using your sensitive information. Identity Guard's award-winning identity theft protection solution monitors your most sensitive data across the Dark Web, public records, and more — and alerts you if your data has been compromised. Get 33% off Identity Guard today.  

What Information Do Cybercriminals Steal? 

Personal data has become the most valuable asset for hackers and scammers. As we share information with companies, via emails, and on social media, we make ourselves vulnerable to hacking, cybercrime, and even identity theft. 

Identity thieves utilize a wide range of sophisticated scams to steal sensitive information — such as via phishing emails, credential-stuffing attacks, SIM swap scams, and mail theft. However, the easiest way for them to steal personal data is when it’s leaked in a data breach.

Here are nine types of data that cybercriminals steal:

• Personally identifiable information (PII). Scammers covet details that directly identify a person — including your full name, birth date, address, and Social Security number (SSN).
• Financial data. Your bank account numbers, credit card details, and investment record are highly-prized assets for thieves. 
• Healthcare and insurance information. Scammers can use medical records, insurance policies, and health-related data for medical identity theft. 
• Usernames and passwords. Hackers target your login credentials to gain unauthorized access to your accounts. 
• Work logins and information. Employee credentials and corporate data are attractive targets for cybercriminals, especially if you work for a high-profile company with valuable assets.
• Sensitive photos and videos. Scammers or cyberbullies may steal private media files and expose the information online. 
• Debit and credit card numbers. With your card details, scammers can quickly make unauthorized purchases or withdrawals. 
• Social media profiles. Hackers sometimes take over your social media or gaming profiles, which may expose personal information or give them access to linked financial accounts. 
• Personal communications. If crooks intercept private conversations in email and text messages, they could exploit you or others. 

Check if your data was leaked in a breach: Identity Guard’s free Dark Web scanner tracks recent data breaches and can alert you if your email or passwords have been compromised.

What Can Hackers Do With Your Stolen Information?

As soon as you realize your personal information has been compromised, you need to act quickly. Depending on what data they steal, fraudsters can use your details in a variety of ways. 

What can hackers do with your personally identifiable information (PII)?

Personally identifiable information (PII) is any data that identifies a specific individual. This information typically includes your full name, home address, birth certificate, Social Security number (SSN), passport, or driver's license number.

When cybercriminals steal PII, they can:

• Steal your identity. If fraudsters have your full name and SSN, they could apply for loans or access your bank accounts. Many criminals combine real PII and fake details to create synthetic identities, which are harder for authorities to detect. Some crooks even create synthetic IDs by using the data of children — racking up debts in their victims’ names for years, as most kids don’t discover their identities have been stolen until they apply for jobs or student loans.
• Launch credible phishing attacks. Hackers can use your PII in phishing scams to trick you into revealing more sensitive information. For example, scam callers could pretend to be from your bank and use the personal information they know about you to gain your trust. 
• Sell your data on the Dark Web. Hackers sell stolen data on underground markets (including SSNs and credit card numbers) — allowing scammers to gain lists of viable targets for identity fraud. 

💡 Related: Was Your SSN Found on the Dark Web? Do This →

What can hackers do with your financial information?

There are many ways a thief can seize your financial details. For example, you could lose your wallet, share your credit card information on a fake airline website, or get lured into an investment scam. 

When cybercriminals steal financial information, they can:

• Make unauthorized transactions. If scammers know your account or card details, it’s easy for them to make unauthorized purchases, withdrawals, or transfers. 
• Ruin your credit reputation. Con artists can impersonate you to open new lines of credit, which they quickly max out and leave unpaid. This fraud causes significant harm to your credit score and standing with credit bureaus and financial lenders.
• Commit tax fraud. Hackers can use your records to submit tax returns and divert the refunds to their own accounts. You might only learn you've been targeted when the IRS sends you a letter about a duplicate filing.

🛡 Secure your identity with award-winning protection. If scammers gain access to your sensitive information, they could empty your bank account or steal your identity. Save 33% when you sign up for Identity Guard’s award-winning identity theft protection today.

What can hackers do with your healthcare information?

Stolen healthcare information is among the most expensive data on the Dark Web, as scammers can use it to seek medical care, use up subscriber benefits, or order prescription drugs. 

In June 2023, the U.S. Justice Department charged 78 defendants in a nationwide healthcare fraud scheme. The group of doctors, nurses, and healthcare executives stand accused of billing $2.5 billion in bogus claims. Victims included elderly people, HIV patients, and pregnant women [*]. 

When cybercriminals steal your healthcare information, they can:

• Commit medical identity theft. Impersonators can use your healthcare data to access medical treatment or collect prescription medications in your name. Aside from tampering with your medical records (potentially endangering your health), thieves could sell the drugs on the black market.
• File fraudulent insurance claims. Scammers can use your healthcare information to submit false insurance claims. If these scams work, insurance providers could lose money — and the legitimate policyholder may pay the price with increased premiums.
• Engage in medical billing fraud. As with the example above, fraudsters can use healthcare information to create fake medical bills and siphon payments from government benefit programs.

💡 Related: How To Protect Your Personal Information Online →

What can hackers do with your work or employment information?

In 2023, Europol took down an international crime syndicate that used business email compromise (BEC) attacks to impersonate CEOs and steal $40.3M [*]. 

When cybercriminals steal your work or employment information, they can:

• Create convincing phishing emails. Armed with knowledge about your job and employer, fraudsters can convince you to divulge sensitive data or make wire transfers. 
• Impersonate you professionally. Scammers with access to your work email can pretend to be you online, potentially damaging your reputation and carrying out fraudulent activities in your name.
• Corrupt or steal proprietary information. State-sponsored hackers from China and Russia infiltrate networks and databases of large enterprises, often to destroy or steal sensitive data or resources. Quite often, these attacks begin with stolen information from a company employee. 

💡 Related: Is Your Google Account Hacked? How To Tell & What To Do →

What can hackers do with your usernames and passwords?

Your login credentials are the first line of defense for your online accounts, so keeping them safe is vital. In February 2023, Forbes revealed that 39% of people had their passwords compromised in the previous five years. Banks and online shopping accounts comprised 20% of targeted accounts in these cyberattacks [*]. 

When cybercriminals steal your usernames and passwords, they can:

• Take over accounts. Hackers can use stolen credentials to access your online accounts — including email, social media profiles, bank accounts, or e-commerce websites. Once inside, they can lock you out, leaving them free to use your accounts for malicious activities. 
• Steal your identity. If con artists take over your social media profiles, they can scam your family and friends. For example, they could contact your loved ones (also known as a “grandparent scam”) and trick them into sending money.
• Run credential-stuffing attacks. With automated software, hackers can rapidly try different combinations of stolen usernames and passwords to gain access to multiple accounts. There were over 300 million credential-stuffing attempts per day in early 2022 [*]. 

💡 Related: How To Check If Someone Is Using Your Identity in 2024 →

What can hackers do with your debit or credit card numbers?

Debit or credit card numbers are highly sought after by hackers due to the immediate potential for financial gain. When thieves get their hands on these numbers, your savings are at stake.

When cybercriminals steal your debit or credit card numbers, they can:

• Make unauthorized transactions. Typically, thieves test stolen cards with small purchases first. Once they confirm the card is active, they drain it with larger withdrawals or purchases — both online and in physical stores. 
• Buy subscription services. Hackers could add recurring payments to your account, which you might not notice unless you are vigilant about reviewing your monthly statements. 
• Clone your card. Criminals may use stolen card numbers to create a counterfeit version of your card, which allows them to use ATMs. They could even make small repayments on the card to run further scams for months before you realize what has happened. 

💡 Related: Credit Card Fraud Detection: How To Spot & Avoid Fraud →

What can hackers do with stolen photos or videos?

In March 2023, Wired revealed how ransomware gangs target schools and healthcare institutions. Hackers steal sensitive images and demand millions of dollars as payment for the safe return of the media [*]. 

When cybercriminals steal your photos or videos, they can:

• Attempt extortion. Hackers may threaten to release sensitive content unless you meet their demands. In one case, cybercriminals tried to blackmail a healthcare facility before publishing photos of cancer patients undergoing treatment. 
• Cause public embarrassment. Stolen photos or videos can be shared publicly without your consent. Cyberbullies at school can cause embarrassment to their victims by creating sock puppet profiles with stolen images.
• Social engineering and deepfake scams. Hackers can use AI tools to manipulate stolen photos or videos into deepfake content, making it appear as if you are saying or doing things in fabricated videos. 

💡 Related: How To Check If Someone Is Remotely Accessing Your Computer →

Do Hackers Have Your Personal Information? Do This

1. Place a credit freeze with all three bureaus
2. Call all impacted financial institutions
3. Contact your insurance provider
4. Review your financial records
5. File an official report with the FTC
6. Notify local law enforcement
7. Secure your online accounts
8. Use antivirus software to scan your devices
9. Contact the fraud department at any impacted companies

If you know hackers have some of your data, it’s critical to take action. By responding quickly to secure your accounts, you can stop criminals from stealing your money or causing severe damage to your online accounts, assets, and reputation. 

Here are nine steps to take if you think cybercriminals have stolen your information:

1. Place a credit freeze with all three bureaus

You can prevent scammers from opening new accounts in your name by freezing your credit. To put this temporary security measure in place, contact each of the three credit bureaus individually — Experian, Equifax, and TransUnion.

2. Call all impacted financial institutions immediately

It’s crucial to notify your bank and credit card issuers of potential identity fraud as soon as possible. Contact banks and credit card issuers to cancel your cards — you can ask them to send new cards and PINs to a secure address. You can also place a fraud alert on your account and dispute suspicious transactions.

3. Contact your insurance provider

On average, victims of identity theft lose $500 [*]. But for many others, it can be more — not to mention the time and stress caused by the incident. If you have identity theft protection, call your insurance provider immediately. You may also have coverage through your home insurance policy or employee benefits.

4. Review your financial records for signs of fraud 

Inspect your credit reports, bank statements, and credit card statements for signs of fraud. This process takes time but can help you catch unauthorized transactions and limit the damage. You can visit Annualcreditreport.com to order free copies of your credit files from each of the three reporting agencies. 

💡 Related: How To Find Out If Your Information Is On the Dark Web →

5. File an official report with the Federal Trade Commission (FTC) 

The FTC investigates fraud and provides support to help you recover. You can file an identity theft report online and get an official affidavit confirming you are a fraud victim.

6. Notify local law enforcement

You can also file a police report, which is important if you believe the perpetrator is in the local area. Bring your FTC report and all supporting evidence to the police station and ask to speak with the officer in charge of the fraud department. 

💡 Related: Lost Your ID? Here Are The Risks (and How To Protect Yourself) →

7. Secure your online accounts

In the wake of a data breach, you should always create new passwords and enable 2FA (if you don't already use it). Even if only one account was compromised, it’s best to update all login credentials to protect against further hacks.

8. Use cybersecurity software to scan your devices for malware

If hackers already have your information, they could be remotely accessing or monitoring your devices. Scan all devices with a reliable antivirus program, and remove old or unfamiliar programs. 

💡 Related: How To Remove Your Personal Information From the Internet →

9. Contact the fraud department at any impacted companies 

Identity thieves may use your details to make purchases from online stores, pay at gas stations, or defraud government agencies. When you spot suspicious transactions on your statements, call the companies to explain that you are the victim of fraud. You’ll need to provide proof your identity was stolen — including your FTC report.

How To Protect Your Personal Information From Hackers

Every time you go online or use an internet-connected device, hackers could target you with cyberattacks. Without a proactive approach to cybersecurity, you’re more likely to become a victim of identity theft. 

Here are 15 ways to protect your personal details and data from hackers:

• Update your passwords. You can reduce the risk of account takeover fraud by creating strong passwords that combine uppercase and lowercase letters, numbers, and symbols. 
• Use a password manager. It's hard to remember passwords — especially when you have dozens of online accounts. Creating and storing unique, complex login credentials is easier when you use a secure password manager, such as the one included with every IdentityGuard plan.
• Enable two-factor authentication (2FA). You can make your accounts more secure by adding a second authentication factor to the login process — like a fingerprint scan, push notification, or hardware security key. 
• Use a virtual private network (VPN) when on public Wi-Fi. Hackers can infiltrate unsecured networks in hotels, coffee shops, and airports. With a VPN, you can encrypt your internet traffic and hide your browsing activity from prying eyes.
• Install antivirus software. Hackers use trojans, keyloggers, and spyware to corrupt devices, steal sensitive data, and exploit accounts. You can detect and isolate malicious programs before they cause harm by using reliable antivirus and cybersecurity software. 
• Don't ignore software updates. If you ignore operating system updates, you could expose your device to emerging cyber threats. With automated updates, you can keep programs secure with all of the latest essential patches and upgraded features that counter known vulnerabilities. 
• Review your financial records. It's good practice to inspect your bank statements every month to look for inaccuracies or unfamiliar transactions. Similarly, you can order free annual credit reports from Annualcreditreport.com to look for unauthorized changes to your credit file. Until the end of 2023, you can request one free report from each credit bureau every week.
• Keep your sensitive documents in a secure place. You can use a locked safe to protect valuable physical documents, like your family's passports, SSN cards, and birth certificates. It's also wise to shred sensitive documents, like bank statements and medical records, to stop anyone from stealing the paperwork.
• Be cautious about unsolicited emails or text messages. Avoid interacting with any emails or messages from unknown senders. Clicking on suspicious links or attachments could expose your data to thieves. You should contact any company directly via the number listed on its official website. 
• Use email aliases when signing up for new accounts. Use your email provider's settings or a paid service to create unique email aliases for new online account registrations.
• Delete your contact details from data broker lists. Removing your information from data brokers reduces the attack surface and stops scammers from accessing your data. Visit public databases and people finder websites to opt out manually. 
• Don’t save your credit card details with online stores. It's easy to select the "Save Card" or "Remember Payment Info" option during checkout — but this leaves your data susceptible to hackers. It's much safer to manually enter your details for every transaction.
• Remove personal data from social media and public websites. Adjust the privacy settings on your social media profiles to hide or delete personal data, like your address and phone number. You can also limit photo sharing, so only people who are personally connected to you can see your published media.
• Keep your wallet, cards, and devices safe. With so many threats online, it's easy to forget about offline thieves. Ensure that your smartphone has a robust access code — ideally facial recognition — to prevent unauthorized access. Also, keep your belongings safe in public, especially in crowded places or on nights out. 
• Consider signing up for an identity theft protection service. Look for a mobile app with 24/7 monitoring of your financial accounts and SSN, plus fraud resolution support in case you fall victim to identity theft. 

Identity Guard Can Protect You From Cybercriminals

What information do cybercriminals steal? As it turns out, they’ll pursue just about anything they need to steal your identity, ruin your credit, and cause you months or years of hardship. 

Sooner or later, some of your data will fall into the wrong hands. But you can stop cybercriminals from exploiting you by taking a proactive approach to digital security. 

Identity Guard offers award-winning identity monitoring and protection services. Standout features include monitoring of your Social Security number (SSN), driver's license number, and credit files at all three bureaus. If you fall victim, you’ll get 24/7 support from White Glove Fraud Resolution Specialists, plus $1 million in identity theft insurance coverage.

Keep your identity safe from scammers. Save 33% on Identity Guard.