What information do cybercriminals steal?

What information do cybercriminals steal?  

Cybercriminals will go after any information they can use to steal your identity or money. That includes personal details, financial accounts, credentials, and proprietary data (like software code and business secrets). This data is used for identity theft, fraud, or extortion and is often sold on dark web marketplaces.

In the sections that follow, we’ll take a closer look at the types of data that hackers target, how they misuse it, and what you can do to stay protected.

Personally identifiable information (PII)

Personally identifiable information (PII) is any data that identifies you as an individual. It’s the foundation of your digital identity, and once it’s exposed, it becomes a powerful tool in the hands of a cybercriminal.

Common examples include:

• Full name.
• Date of birth.
• Home address.
• Phone number.
• Email address.
• National ID or Social Security number (SSN).
• Passport or driver’s license number.

On their own,someone else having these details may seem harmless. But when combined, they form a complete profile that criminals can use to impersonate you. With enough PII, they can open credit cards in your name, apply for government benefits, and bypass security checks.

Financial information

Financial data is a direct path to your money, which is exactly why it’s a top target for cybercriminals. This data includes:

• Bank account numbers.
• Online banking credentials.
• Investment account details.
• Tax records.

With access to your banking information, a cybercriminal can drain your accounts, reroute payments, or conduct wire transfer fraud. 

Healthcare and insurance information

Medical data is one of the hardest types of personal data to secure and to replace once it’s stolen. This data often includes:

• Insurance policy numbers.
• Medical histories and diagnoses.
• Prescription and treatment records.
• Hospital or doctor billing information.

Criminals can use healthcare data to seek treatment, prescriptions, or even surgery under your name. 

Login credentials

Usernames and passwords are frequently stolen in bulk through breaches. Once attackers have them, they may attempt to sign into your email, social media, banking, or shopping accounts. 

If they succeed, the first thing they often do is change your password and recovery details, locking you out. And because many people reuse passwords, attackers can also use automated tools to quickly test the same stolen credentials across multiple accounts.

Work and employment information

Employment data helps criminals impersonate you professionally. It includes:

• Employer name and job title.
• Work email address.
• Employee ID numbers.
• Payroll or benefits information.

If scammers gain unauthorized access to this data, they can use it for social engineering attacks. They may impersonate you or a colleague to trick someone into wiring money or sharing more information.

Payment card information

Payment card details are still one of the most sought-after targets in cybercrime. Commonly exposed information includes:

• Debit and credit card numbers.
• Expiration dates.
• CVV security codes.

Criminals may use credit card details for immediate purchases or sell them as part of "fullz" packages — bundles of data that make fraud easier. 

In many cases, scammers don’t go for large purchases. Instead, they attach small recurring charges to your account, hoping they’ll go unnoticed. That’s why it’s important to stay vigilant when checking your statements.

Social media data

Your social media profiles reveal more information than you think, especially when these details are pieced together over time. Commonly collected details include:

• Friends and family connections.
• Location check-ins.
• Personal milestones.
• Hobbies, likes, and daily habits.

This data is often used in social engineering — personalized scams that rely on familiarity and trust. If a criminal knows who you talk to and what you care about, it’s easier to trick you with a fake message.

Photos and personal media

Stolen photos or videos can be misused in ways that feel deeply personal. In some cases, hackers may use sensitive or private content to threaten or extort victims. In others, they manipulate images using AI tools to create convincing deepfakes — fabricated videos or images that falsely depict you saying or doing something you never did.

But even everyday media, like a vacation selfie or a photo of your home, can unintentionally reveal more than it should. Background details may expose your location, daily routines, or the layout of your living space.

Biometric data

Biometric data refers to the physical traits used to verify your identity. This data includes:

• Fingerprints.
• Facial recognition data.
• Voice samples.

Unlike passwords, biometric data can’t be changed. When it’s compromised, the risk is long term.

Why do cybercriminals want your information?

Most cybercriminals are financially motivated. Your personal data gives them the tools to commit various types of identity theft, carry out financial fraud, or sell access to others who will. Selling your stolen SSN on the dark web can bring in hundreds of dollars, especially when paired with your full profile, because it’s the key to impersonating you in both financial and government systems.

Some data is used immediately. Other data is stockpiled and sold repeatedly. A single record may change hands dozens of times, long after the original breach fades from the news.

How do cybercriminals steal your data?

Cybercriminals don’t rely on just one method — they stack multiple tactics to increase their success rates. These are four of the most common:

1. Phishing attacks. These are fraudulent messages designed to gain your trust and trick you into providing sensitive information. They often look like they’re from your bank, a delivery service, or a social media platform.
2. Malware and spyware. Malicious software can be installed on your device through fake downloads, compromised websites, or infected attachments. Spyware can log keystrokes, take screenshots, or even activate your webcam.
3. Data breaches. Hackers infiltrate poorly secured databases from companies, hospitals, or government agencies. Once inside, they steal everything, from email addresses to encrypted passwords.
4. Public Wi-Fi attacks. On unsecured networks (like in cafes or airports), hackers can intercept the information you send or receive. This includes login credentials and credit card info.

Other tactics include SIM swapping, credential stuffing, social engineering, and insider leaks.

What can hackers do with your stolen information?

Your information doesn’t instantly turn into money the moment it’s stolen, but in the hands of the right buyer or attacker, it becomes a tool. Depending on what data is exposed, cybercriminals can exploit it in several ways:

• Credit card fraud. Low-level criminals may simply use stolen credit card details to buy goods or services without your knowledge.
• Financial identity theft. If a threat actor collects enough data about you, they can make purchases, open new lines of credit, or take out loans in your name.
• Account takeover. With your stolen login credentials, hackers can access your online accounts, including email, online shopping, or banking.
• Medical identity theft. Stolen healthcare information can be used to get prescriptions, medical procedures, or insurance payouts under your name. 
• Social engineering. If a criminal has enough information, they can convincingly pose as a trusted institution, such as your bank, employer, or even a government agency. Because they already know details only a legitimate party should know, it's easier to deceive you into making payments or sharing more sensitive data.
• Botnets. In some cases, it's not your identity that attackers want — it’s your devices. If they gain access to your computer, smartphone, or router, they may quietly link it to a botnet — a network of hijacked systems. These networks are used to carry out large-scale attacks, like flooding websites with traffic (DDoS attacks), sending spam, or distributing malware.

Warning signs that your data may have been stolen

Data theft doesn’t always announce itself. The signs are often subtle at first, so pay attention if you notice any of these:

• Unrecognized charges or bank withdrawals, even small ones.
• Password reset emails you didn’t request.
• Accounts locked or showing sign-ins from unusual locations or devices.
• Credit report entries you don’t recognize.
• Friends receiving strange messages from "you."
• Medical bills or insurance claims you didn't make.

What to do if your information has been stolen

If you suspect compromise, act quickly and methodically:

1. Place a fraud alert with one of the major credit bureaus (Equifax, Experian, TransUnion). This makes it harder for new accounts to be opened in your name.
2. Freeze your credit to block anyone, including you, from applying for credit until you unfreeze it.
3. Change your passwords immediately, especially for email, banking, and social media accounts.
4. Enable two-factor authentication (2FA) on all critical accounts.
5. Contact your banks and credit card issuers to report unauthorized activity. Request new cards if needed.
6. File a report with the FTC via IdentityTheft.gov.
7. File a police report if your identity was used in a crime or significant fraud.
8. Monitor your credit reports closely. You're entitled to one free report per year from each bureau at AnnualCreditReport.com.
9. Document everything. Keep copies of emails, reports, and phone call logs.
10. Consider an identity theft protection service like NordProtect, which offers features like credit monitoring, dark web monitoring, and alerts if any of your data is compromised.

Check out our full guide on what to do if your identity is stolen.

How to protect your information from cybercriminals

While no system is completely immune to attacks, you can take a few proven steps to significantly reduce the risk to your personal information:

• Use strong and unique passwords. Make them long, unpredictable, and different for each account. Store them in a password manager for safety and convenience.
• Turn on two-factor authentication (2FA). Whenever possible, enable 2FA. This adds a second step to the login process (like a fingerprint scan, app notification, or verification code), making it much harder for someone to access your account.
• Update your software regularly. Ignoring software updates exposes your device to emerging cyber threats. Always install updates for your operating system, browser, antivirus software, and other cybersecurity apps.
• Install reputable antivirus and anti-malware tools. Good security software helps detect and block threats before they cause damage. Choose a trusted provider that offers real-time protection, not just scheduled scans.
• Remove yourself from data broker websites. Data brokers collect and sell personal details, often without your knowledge. Visit major data broker sites and people search services to opt out manually or use a reputable removal service if needed.
• Protect your SSN. Only share your SSN when absolutely necessary. Never send it by email or enter it into forms that aren't clearly secure.
• Learn about common cyber threats and how to identify them. Learn how to spot phishing emails, fake websites, and suspicious phone calls or SMS messages.

Check out our full guide on how to protect your personal information.