Data Breach 101: All the terms you should know

Written by Dessi on June 16, 2020

Visualisation of a data breach on a laptop

We’re often asked by our customers about what a data breach is and what some of the terms that are used in the media around your security and privacy. So, we have composed a dictionary of many common topics and terms around a data breach.

Personal Identifiable Information (PII)

Personal Identifiable Information, commonly referred to as PII, does not have a strict definition, but as the name suggests is any information that is able to identify an individual. Names, email addresses , social security numbers all are considered PII. Data hackers look to capture PII that can be linked to individuals and then be sold. Companies that hold your data will often anonymize and aggregate individual data so that it is harder for employees and hackers to identify individuals.


Encryption is the process of taking regular text, called “plaintext”, and rearranging it with a specific code, called a key, so that it is disguised, or encrypted. Companies will encrypt your PII and passwords and store it’s encrypted form; where only authorized people or systems can decrypt the data back to its original format. In this state your sensitive data is a series of letters and numbers and can be easily read by a human. Encryption may seem safe but it has it’s problems; many times the same encryption methods will be used and hackers can easily return the data back to its original format, leaving you at risk.


An exploit seeks out software bugs or vulnerabilities, essentially a design flaw, within the code of a system which allows for unauthorised access to a system. Hackers use regular visited sites, such as search engines, online shopping, and travel sites, to fingerprint your computer, operating systems, programs and seek out any vulnerabilities. Websites can be compromised via a malicious piece of code placed on the website or through the advertising displayed, without any need for you to click on it. Your information is then logged and categorized to see if you are a candidate for subsequent exploitation.


Malware stands for “malicious software” and is an umbrella term for any program or code that is built with the intention to harm systems and users. Spyware is a type of malware that infects your computer or network to collect personal information and activity on you. Effectively creating a window for the criminals to look into your deviceMalware usually depends on the user accidentally downloading and installing the software by clicking on advertisements, malicious emails, or downloading toolbars that are disguised as offers or helpful tools. Once your system is infected, the spyware scans for and collects your data to send back to the cyber criminals that created the spyware.

Phishing attacks

Phishing attacks are when criminals attempt to trick you into providing personal information such as usernames and passwords not knowing that you aren’t dealing with a reputable website. The most common way is by sending emails disguised as if they are coming from your bank, insurance provider or employer and asking you to log into a webpage that will store your information. Other ways are through agents calling you, claiming they are from an institution you use, and requesting information about yourself. Check the web address (URL) of any websites you visit from a link you receive and click on the Padlock in the navigation to ensure it is secure. At any point, if you are suspicious, or it seems different, stop! Then call the service concerned, on a number they provided to you previously, to verify it is a legitimate communication and request.

Combo list

A combo list is a list of PII that has been obtained from multiple data breaches by criminals and combined to build a more complete picture of a user’s accounts and passwords. This information is then packaged and sold as a ‘lead list’ for fraudsters on the dark web. An example of this would be combining email addresses from one breach, with passwords from another data breach. More sophisticated combo lists combine breaches to identify secret answer questions (such as child or mother's maiden name) with account password data that further increases the potential for a criminal to take over your account. It is worth ensuring that any breach monitoring you use, such as, monitors the ‘attack surface’ the criminals have obtained through multiple breaches to assess your risk and recommend the steps you should take.

Spam list

A spam list is a list of email addresses that have been combined through data breaches for the purposes of mass email marketing of illegal goods / services. Although being involved in a spam list is frustrating (we could all do with less email!) The risk is relatively low, especially if you use an email provider with sophisticated email filtering and spam detection.


A botnet is a series of interconnected computers that are controlled by a centralized criminal “owner” that can be used to carry out malicious actions. An example of this is using a device's processing power to do illegal tasks such as decrypting stolen passwords or generating cryptocurrency. Often these networks are rented or sold on the darkweb, and integrates this data into our platform when we are able to source it though our partners. A good quality, commercial, antivirus program such as Symantec or Mcafee will be able to detect if this is taking place on your computer.

Finally, take control with today

The above is a starting point and not an exhaustive list that should better inform you, but keep in mind that technology is evolving both for those looking to protect your privacy and security and for the criminals looking to steal information. is committed to protecting and educating customers by staying ahead of trends and continually updating our product offering to keep our customers safe. To protect yourself against Data Breaches and the sale of your data on the Dark Web , join today