Most of the recent data breaches involve customer information such as user names and passwords, credit card numbers, and medical histories. The companies hacked are hurt — they have to contact victims, pay for credit monitoring services and fines, and may lose customers, brand reputation, and market value — but that is collateral damage.
Or it has been.
Increasingly, attackers are using data leaks to target the companies themselves, going after proprietary or embarrassing information and releasing it in such a way as to do the most harm.
That’s a change that companies need to be aware of, said Andrew Serwin, co-chair of the global privacy and data security group at San Francisco-based law firm Morrison & Foerster.