“By merging data from multiple sources, cybercriminals can build profiles of hacked account owners to enable other attacks or increase the effectiveness of social engineering campaigns.
Now nearly halfway into 2021, more than two-dozen high-profile data breaches have already occurred, some involving brands such as Facebook, LinkedIn, Instagram, US Cellular, T-Mobile, Geico and Experian. Data stolen during those intrusions will affect millions of users, even though some of that data may be as innocent as an email address. That’s because stolen data doesn’t live in a silo.
“These things don’t exist in a vacuum,” explains Jeff Pollard, VP and principal analyst at Forrester Research. “There might be an email address in one breach and more information in another breach that corresponds to that email address.”
Pollard cautions against viewing each breach separately as data can be aggregated and compiled to collect more details about a person. “One bread crumb leads to another,” he says, “and because of the ubiquity of breaches, things can be put together that can lead back to someone.”