How Data Breaches Lead to Targeted Physical Threats

For a moment, imagine that your bank somehow managed to lose its customer list, containing your name, address, email and telephone number. It would be slightly concerning that anyone with the will, could have a look and find customers of that bank in their local or national area.

Now, instead of your bank, consider it is the manufacturer of your cryptocurrency wallet that loses its customer list. You have a similar situation, with your full details laid out….but it is actually much worse, in that a criminal will know that in the majority of cases, your funds will be stored on a little digital wallet at your home or business. If you use a bank, you don’t have to hold your money under the mattress. There is a big difference in that you are the custodian of your crypto assets - and you have to personally protect them.

This loss of customer details happened a few years ago in a data breach of one of the world’s largest manufacturers of cryptocurrency wallets. At the time, it became clear that this list could operate as a menu for criminals selecting cryptocurrency holding individuals to physically target. The list contained people from all walks of life, from Family Offices representing many millions, to individuals dabbling with bitcoin. In fact, its list of owners amounted to nearly a quarter of a million people, and is still what we consider one of the most high risk data breachers in the last few years.

Wired magazine reported that the US had prosecuted a violent gang who were undertaking home invasions for the purpose of stealing cryptocurrencies. This involved torture, assaults and kidnapping of eleven victims. Similar physical crypto heists have also occurred in Holland and have links to organised crime, suggesting that crime groups have access to a list of crypto holding investors.

The list itself is still passed around on the shadier areas of the Internet, but realistically, most people do not have access to that list, and a home invasion based upon a data breach is unlikely, but also one of the worst outcomes anyone could expect. However, there are more subtle ways that criminals attempt to get access to your funds. For example, your email address and telephone number will be on the list - so criminals sometimes use a technique called sim swapping, where they manage to take over your telephone number, giving them the opportunity to reset passwords on other crypto exchanges, email services and bank accounts.

These external security threats are why we undertake our Risk Analysis for both individuals and companies. Because without looking outside of your home or business, you don’t really know what threats you face.