Now nearly halfway into 2021, more than two-dozen high-profile data breaches have already occurred, some involving brands such as Facebook, LinkedIn, Instagram, US Cellular, T-Mobile, Geico and Experian. Data stolen during those intrusions will affect millions of users, even though some of that data may be as innocent as an email address. That’s because stolen data doesn’t live in a silo.
“These things don’t exist in a vacuum,” explains Jeff Pollard, VP and principal analyst at Forrester Research. “There might be an email address in one breach and more information in another breach that corresponds to that email address.”
Pollard cautions against viewing each breach separately as data can be aggregated and compiled to collect more details about a person. “One bread crumb leads to another,” he says, “and because of the ubiquity of breaches, things can be put together that can lead back to someone.”
Urge to merge data
Threat actors have become sophisticated in how they treat stolen data. They’re taking any new data they get and merging it with data they already have to grow their databases. In one dataset, they might have a first name and last name. In another, a first name, last name and email address. In a third, data on likes and interests.