Data theft has become a true epidemic, affecting businesses and individuals alike. Criminals mercilessly exploit the ignorance, naivety and recklessness of those concerned. Damages run into the billions – and the trend is rising. We explain what dangers are lurking and how you can effectively protect yourself against data theft.
What is data theft?
Data theft or data theft is when criminals use illegal methods to obtain personal, secret or sensitive data from companies, organizations and individuals. Their approach is becoming more and more sophisticated and tricky. The following methods are most commonly used:
Corporate data leak
In the event of a data leak or data leakage, highly sensitive data is captured from companies. The theft takes place either digitally or via physical media such as USB sticks. For example, this could be customer data sold by employees.
In phishing, fraudsters pose as legitimate contacts in e-mails, on websites, or via text messages. They trick victims into revealing confidential and personal information such as account details. If you don’t act carefully, you will pay for your good faith with an emptied account or involuntarily installed malware.
A very perfidious malicious method is used by keyloggers. They record every keystroke on a user’s keyboard. How secret passwords, login data and company secrets are spied out.
Malware is a generic term for malicious software that intentionally causes damage to computers. It can lurk anywhere – and perfect protection doesn’t exist. Viruses, adware, spyware and Trojans are just a few categories of malware, all of which can cause enormous damage.
What consequences can data theft have?
Data theft has many faces, and the consequences can vary accordingly. Sometimes victims don’t realize anything has happened for a long time, sometimes the consequences are drastic and immediate.
In identity theft, someone pretends to be someone else and uses this "disguise" to do harm, such as hijacking an account. There are different variants of identity theft:
- With Fake profiles Perpetrators spread lies and misinformation under a false name. The victims are threatened with considerable damage to their reputation.
- When criminals get hold of an account and with it the Assume the identity of the victim completely, then they get hold of personal data. Identity thieves can use it, for example, to open new accounts at online stores, banks& Co. create. Moreover, they can order goods or conclude contracts that can ruin their victims financially.
- Not to be underestimated is also the annoying topic Spam mails. When email accounts are hacked, the criminals can send messages with fraudulent content on behalf of the victims. However, you may also receive emails that look like spam but actually contain real reminders that have been incurred as a result of identity theft.
Doxing (sometimes spelled doxxing) emerged as early as the 1980s and was initially quite harmless. Nowadays, it has lost its innocence: doxers collect publicly available personal data on the Internet and publish it with the aim of harming the people concerned. For example, the goal may be to intimidate, expose or silence the victim. Data theft becomes even more critical when doxers are able to hack.
Extortion has always been a lucrative business. Ransomware (blackmail Trojan) is used to maliciously encrypt individual files or entire computers. Afterwards, the perpetrators demand a ransom. After payment, a code for decryption is delivered – if you are lucky. This method causes tens of billions of dollars in damage every year .
This is what a ransomware message may look like
How do I find out if my data has been stolen??
Data theft is not always immediately obvious. Not every warning signal is immediately recognizable as such – many users do not even perceive spam emails as a special feature and reminders that cannot be assigned are often labeled as spam. The following signs should make you prick up your ears:
- Watch out for unknown logins on your email accounts, social media profiles and other accounts.
- Also take warning emails from your service provider (Telekom, Vodafone, …) seriously. Of course, this also applies to warnings from marketplaces such as eBay, online mail order companies such as Amazon and all other service providers with whom you are registered. But you have to Be absolutely sure, that the messages are not fake. Otherwise you run the risk of becoming a victim of a phishing attack.
- Get to the bottom of things if your computer behaves strangely. You may have caught malicious malware.
- If your password suddenly stops working, it may have been intercepted and changed by a criminal.
- Check your account activity regularly. If there have been unknown debits, this can be a clear indication of an account takeover.
- If bills, reminders or even letters from debt collection companies are piling up in your mailbox, data theft is a likely explanation. Maybe someone is using your data to order goods to be shipped to another address.
Use services like Have I Been Pwned to find out if your email address has been affected by a leak
You can actively verify that your email address was stolen in a data leak. There are some free services available for this purpose:
- At Have I Been Pwned you can check if your email address or phone number has been stolen. On the provider’s site there is also a very long list of websites where hackers and consorts illegally enter captured login data of users. In EXPERTS.de you can find a German tool called E-Mail-Leak-Check, which queries the database of Have I Been Pwned. is a supplement to Have I Been Pwned. Here you can test if one of your passwords has been published in a data leak. The affected passwords are entered into dictionaries used to perform brute force attacks.
- Firefox Monitor uses the data from Have I Been Pwned, but also offers additional added value. after registering via e-mail, you will receive continuous updates on whether your data is circulating on the net.
- The Identity Leak Checker checks whether personal data such as your date of birth, phone number or address is linked to your e-mail address.
- From the University of Bonn comes the Leak Checker . The service searches its database to check if your email address has appeared in a data leak. You will then receive an e-mail with the results.
- F-Secure ID PROTECTION checks if your data has been stolen after you enter your mail address. You will then be sent an e-mail with the results of your query. You can also register with F-Secure to try the service and all its features for five days.
How to protect yourself from data theft?
It often takes a month or more for victims to notice a data breach. By then, the damage may already be extensive. Therefore, don’t wait until the baby is in the well, but actively take care of the security of your data. You can take the following measures to avoid a rude awakening:
Use strong passwords. So do not 123456 or hello123 – which, amazingly, are still among the most popular combinations among Germans. Instead, rely on passwords that consist of a combination of upper and lower case letters, special characters and numbers. The Federal Office for Security and Statistics recommends a length of at least eight characters. You must use a separate, strong password for each account. And no: You don’t have to remember all these cryptic passwords yourself. Use password managers instead. We have tested the best for you.
The basic equipment of every computer includes virus scanners, which also ensure security on your tablet, smartphone and many other end devices. A virus scanner protects you from the full range of malware that can do massive damage to you and your computer. We have put the best virus scanners through their paces for you. You can find the results in our antivirus test.
Be careful with e-mails
Be careful with e-mails. This also applies to e-mails from acquaintances, friends and family. You can never be sure that their e-mail accounts have not been hacked by hackers who now use them to send spam e-mails. Never click on links in e-mails without thinking, because you could catch malware in the process. Do not open any unknown file attachments.
Use public WLAN with caution
In more and more places, such as schools, cafes or even the train, you can see a public, free WLAN available. As nice and convenient as that is: Your device is visible to criminals on these networks and easy to hack. Protect it effectively with a VPN tunnel, that encrypts your traffic and makes your device invisible to potential attackers. We have tested the best providers for you.
Update the operating system
Promptly update the operating systems of your Internet-enabled devices when new updates are available. The same goes for any other programs and apps you use: Always keep them up to date to avoid security gaps. It is particularly important that your security software, such as the virus scanner or your antispyware tools, are always "up to date". This is the only way to protect yourself effectively against new threats.
Caution on the Net
Even the best tools, services and features can only protect you to a limited extent. The most important "tool" is your own mind. Be cautious as a matter of principle and always remain suspicious. Do not trust anyone lightly with your data and give yourself away on Facebook, Instagram, YouTube& Co. not too permissive.
What to do if I am affected by data theft?
There is no protection that works 100% of the time. Even if you have internalized all measures in an exemplary manner, you may still be affected by data theft. You may react in anger, fear or panic at first. This is only too understandable – but emotions can paralyze you. It is therefore essential that you keep a clear head, because you should take action immediately. We explain how you can best protect your data – depending on the type of threat:
passwords& Change your e-mail address
If your email account has been hacked, then a new password is not enough. Hackers could reset the password and set a new one instead. The safest way to do this is to create a new e-mail address. Then log in to your most important accounts, such as your bank account, online stores and social media accounts. Then change the e-mail address and the respective passwords.
File a report
Online crimes are also crimes. Therefore, go to the police and file a criminal complaint. Some companies even require this notification so they can suspend your account. In addition, you can protect yourself from further damage, such as outstanding debts.
Inform friends and family
Contact your family, friends and acquaintances and inform them that you have been affected by data theft. If your e-mail account has been hacked, ask your environment to delete newly received mails unseen.
Request deletion of false information
You can send Schufa an urgent message if you have been affected by data theft. Schufa lets partner companies know that you are an identity fraud victim when new applications and contracts are made in your name. This way, your risk of suffering from further scams will decrease considerably.
Hire a service provider or lawyer
Get a lawyer to stand up for your rights. You can also hire special service providers who are very experienced with the issue of data theft. You know immediately what to do.
If your account data has become known, inform your bank immediately and, if necessary, have your account blocked immediately. If you have multiple accounts, then it may be necessary to block them as well.
Resist unwarranted claims
File an objection to all unjustified claims. It is important here that you refer to the criminal complaint that you have filed. This will help you convince service providers, as well as debt collectors, that you are a victim and not a perpetrator.
Anyone can fall victim to data theft. This is true even for people who never use the Internet. The methods used by cyber thieves are becoming more and more sophisticated, and unfortunately there is no such thing as perfect protection. But there is a lot you can do to minimize your personal risk. To keep the damage as low as possible, it is also crucial that you take the right countermeasures immediately if the worst happens.
With EXPERTS.EN you can find reviews of programs that help you stay safe online, such as VPNs, password managers or antivirus software. But as is often the case, common sense is the first line of defense. Therefore, be vigilant on the net, do not open any suspicious websites or e-mails and do not use insecure passwords.
Frequently asked questions& Answers
What to do in the event of data theft?
It all depends on where exactly the problem lies. If there are suspicious debits, for example, you should contact your bank immediately and have your account blocked if necessary. If your email address has been hacked, you should create a new one and change it on all services. If in doubt, file a criminal complaint with the police and get professional support, for example from a lawyer.
How can I check whether my data has been stolen??
Always remain vigilant and watch for suspicious activity such as unusual account activity or reminders and invoices for goods you never purchased. Also use free tools such as the email leak check from EXPERTE.de and check whether your e-mail address and other personal data have been stolen in a data leak.
How to prevent data theft?
There are a number of measures you can take to protect yourself. For example, use strong passwords and secure password managers. Protective software such as virus scanners and VPN tunnels can also help you to stay safe on the Net. But above all, be careful, especially with suspicious e-mails or websites.
What is identity theft?
In the case of identity theft, personal data of third parties is misused for criminal activities. As a rule, this involves fraud, whereby the perpetrators enrich themselves personally. In some cases, the perpetrators’ personal motives play a decisive role, and they want to specifically damage the reputation of their victims.
What are the penalties for data theft?
According to Penal Code § 202a, a prison sentence of up to three years can be imposed, or alternatively a fine. But this concerns only the act of hacking. Companies are obligated to protect customer data especially well. If you fail to do so, this will be considered a violation of the European General Data Protection Regulation (GDPR), which will result in severe penalties.