When Progress Corp, the Massachusetts-based maker of business software, revealed its file transfer system had been compromised this month, the issue quickly gathered global significance.
A Russian-speaking gang dubbed Cl0p had used the vulnerability to steal sensitive information from hundreds of companies including British Airways, Shell and PwC. It had been expected that the hackers would then attempt to extort affected organizations, threatening to release their data unless a ransom was paid.
However, cyber security experts said that the nature of the data stolen in the attack—including the driving licenses, health and pension information of millions of Americans—hints at another way hackers would cash in: ID theft scams, which combined with the latest in so-called deepfake software may prove even more lucrative than extorting companies.