The U.S. experiences the most data breaches of any country: in 2021, 212.4 million American users were affected.

Alarmingly, the average cost of a data breach in the U.S. is also significantly higher than the average global cost: 9.44 million dollars, according to IBM’s 2022 Cost of a Data Breach Report.

Main actors targeting U.S. data

As organizational cybersecurity leaders seek to protect their institutions from cyber threats, it is important to ascertain who exactly is targeting U.S. data via cyberattacks.

Organized criminal groups

According to Verizon’s 2020 Data Breach Investigations Report (DBIR), organized criminal groups were responsible for 55% of breaches. Cybercrime is highly profitable: after acquiring user data, organized criminal groups sell the confidential financial information (e.g., credit card numbers and bank accounts) on darknet markets, where purchases of illicit information and goods are brokered. Other personal information, such as medical data and health records, are also highly sought after, as they can be used to illegally purchase prescriptions, file fake medical claims, or even commit identity fraud.

Why do these groups target U.S. data? Simply put, the U.S. is a wealthy nation with a high concentration of people who are going to be likely profitable targets of cybercrime. In recent years, hackers have also ramped up efforts to target organizations overseeing large databases of sensitive information, including schools and hospitals. These attacks held organizations at ransom and compromised information of American students and patients. Unfortunately, a number of targeted organizations still had to pay significant ransom amounts to regain access of their systems.

State-aligned actors

Financial incentives are not the only motivations for external actors targeting U.S. user data, especially when considering those operating on behalf of a sovereign government.

Why do sovereign nations and state-aligned actors target U.S. data? For these malicious actors, personal user information can be valuable for stealing proprietary technology, conducting industrial and military espionage, or coordinating public influence campaigns.

In 2018, U.S. intelligence sources confirmed Chinese government hackers were behind a cyberattack on the Marriott hotel chain that exposed the information of up to 500 million guests. Given that the Marriott is the top hotel provider for the U.S. government and military, many in the intelligence community suspected the data breach as an intelligence-gathering operation.

For state-aligned actors, valuable data goes beyond personal bank accounts and Social Security numbers. For example, the ability to compile geolocation data can be an extremely valuable asset when gathering intelligence on an individual. Even when geolocation data is anonymized, the collected data can reveal an alarmingly high amount of personal information. Mobile apps are known to collect precise location data, and one investigation even revealed how an app was able to provide live location updates more than 14,000 times a day. By leveraging geolocation data, a state-aligned actor would be able to easily identify and track individuals of interest (e.g., public figures, journalists) to monitor their daily routines and movements.

What are the privacy implications for U.S. users? 

In today’s age of endless information, the threat to U.S. user data privacy will only continue to grow. From directly attacking corporate databases with confidential consumer information to coordinating phishing text campaigns, external actors are employing a wide variety of sophisticated tactics to illegally acquire sensitive data from Americans.

To ensure users can protect their information from malicious external actors, both the private and public industry will need to keep pace with increasingly sophisticated methods and consider how to enhance the legal protections of domestic user data.