As more and more personally identifiable information (PII) has moved online, cybercriminals have been able to gain access to deeper stores of data and build more complete pictures of their victims. Whether the information concerns health, movement, or political views, it adds up to a rich, complete version of an individual that can be stolen, mimicked, or manipulated.
The largest data breach so far, the Yahoo incident, didn't involve financial data - instead exposing the real names, email addresses, dates of birth, telephone numbers, and security questions of roughly 3 billion people to hackers. The next largest, that of Adult Friend Finder, gave names, email addresses, and passwords to the attackers. In neither of these cases were credit card or social security numbers released, but both were highly damaging to many of those effected and in the case of Yahoo, devastating to the company itself.
This shows that if criminals are willing to attack an organization to gain non-financial information on users and customers, then the IT department should be willing to treat that information as important, too.
Here's a look at seven data types many companies have collected and hoarded with abandon, and that need to protected just like financial data. If your organization has terabytes of any of these data types sitting in a warehouse, lake, or cluster, then it may be time to start the audit to see just how exposed it — and your company — truly are.