What Happens to Your Stolen Data After a Breach?

Bitglass_Screen

What happens to your sensitive data after a breach? That’s the question Bitglass hopes to answer with their newest whitepaper. The data protection company’s report outlines an experiment recently undertaken by the Bitglass research team in order to follow the path of sensitive data after a security breach.

In their experiment, members of the Bitglass research team synthesized 1,568 fake identities with names, social security numbers, credit card numbers, addresses, and phone numbers, then saved those false identities in an excel spreadsheet.

That spreadsheet was then watermarked by a Bitglass proxy so that every time the file is opened, the watermark “calls home,” and records key view information such as IP address, geological location, and device type.

Once watermarked, the false data was uploaded to Dropbox and posted anonymously to seven Dark Web marketplaces “believed to be frequented by cyber criminals,” according to Bitglass’s press release.

The Dark Web, according to Bitglass, is the parts of the internet not indexed by Google or other popular search engines, which Bitglass estimates to be over 500 times the size of the searchable internet.

Within 12 days of the initial upload, the “stolen” data had been accessed in 22 countries (most frequently in Nigeria, Russia, and Brazil), and had been viewed 1,081 times, with 47 unique downloads of the entire dataset.

By analyzing traffic patterns and “clusters of closely related activity,” Bitglass researchers were able to determine that the faked data had been accessed by members of Nigerian and Russian crime syndicates, who shared the data in order to confirm it’s validity, then posted the spreadsheet elsewhere on the so-called Dark Web.

According to a video released by Bitglass in conjunction with the report, businesses take an average of 205 days to realize that their data has been breached. After some quick math, we can see that, at the rate of access demonstrated by Bitglass’s experiment, 205 days would allow for roughly 19,000 views of breached data and over 800 unique downloads. That number could increase exponentially for data that criminals consider highly valuable.

Bitglass claims that, by using the Bitglass watermark technology, enterprises can leverage “actionable information” to drastically reduce the amount of time from breach to reaction, and save themselves thousands of instances of customer identity theft.

The number of data breaches reported spiked 27% from 2013 to 2014, and Bitglass expects the spike to continue through 2015. As of March 20, 2015, 175 data breaches have been reported, and 100 million customer records have been compromised.

Follow Jeff

Jeff Edwards

Editor, Cybersecurity at Solutions Review
Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff