How to limit your personal data exposure when a company is hit with ransomware

Ransomware exposure

Modern ransomware seldom targets individual users. Instead, threat actors focus their efforts on businesses, corporations and government entities – organizations with high-value data assets, and the resources and motivation to pay for their recovery.

However, while the crosshairs might be firmly focused on commercial targets, there’s more than just business data getting caught in the crossfire. With data theft and data publication becoming the standard mode of operation among ransomware groups, many incidents now involve the exposure of customers’ personal data, including medical reports, financial information, social security numbers, academic results and much more.

This raises some serious security and privacy concerns for you as a consumer. But what can you do about it?

Customer data getting caught in the crossfire

Double extortion has quickly become the norm in the ransomware world. No longer content with merely encrypting data on a target system and holding it for ransom, bad actors are also stealing data from their victims and using it as added leverage. Failure to pay the ransom results in the stolen data being published or sold on the dark web.

While these data dumps are primarily made up of company-related assets – financial information, company emails, internal reports and the like – they also tend to contain large amounts of sensitive customer information.

This introduces significant concerns not only for the company affected by ransomware, but also for you, the consumer. When the victim company refuses to pay the ransom, it’s your private data that is exposed to the world. And, with data collection practices becoming increasingly aggressive, the breadth and depth of personal information exposed in a ransomware incident can be startling.

A ransomware incident at a car dealership, for instance, might result in the public exposure of your driver’s license, credit application, social security number, home address and contact information. Similarly, an attack on your healthcare provider could lead to your medical records, insurance information, prescription history and perhaps photographs and body scans being leaked online.

Once compromised, this information can easily be used to commit a wide range of fraudulent activities or sold on the dark web as part of a batch of stolen data.

What can you do about it?

As a consumer, there’s not much you can do to prevent a business from getting hit by ransomware. But there are some things you can do to limit your personal exposure.

Check out this guide for five steps you can take today to drastically improve your online privacy.

Emsisoft Endpoint Protection: Award-Winning Security Made Simple

Experience effortless next-gen technology. Start Free Trial


Ransomware incidents often involve the exposure of your personal data. As a consumer, you can’t stop the companies you do business with from falling victim to ransomware, but you can limit the amount of your personal data that is exposed during an attack.



Writer. A picture is worth a thousand words but unfortunately I can't draw. The world of IT security has always fascinated me and I love playing a small role in helping the good guys combat malware.

What to read next