While the theft of data is one of the largest cybersecurity concerns, corporations and individuals should also be aware of what criminals are doing with that stolen information. As recent cases highlight, data theft can result in dangerous situations in the physical world.

When people hear the phrase “cyber attack,” they likely envision criminals sitting at computers stealing intangible data. The term “cyber” seems to remove the physical, real world danger of the criminal act. Even when the attack results in monetary loss, the threat of physical harm associated with other crimes like robbery or theft is not present. But this is not always the case.

Take pirating for example.  (Not the illegal pirating of music or movies, but actual pirates at sea.) In a recent string of attacks, millions of dollars’ worth of cargo was stolen from half a dozen ships in the South Pacific. Strangely, the pirates involved in these attacks worked quickly and targeted only those containers carrying diamond jewelry — leaving other, much larger cargo, such as cars, untouched.

Investigators initially suspected an “inside man” working for the shipping company but, instead, found that the company’s network had been hacked. Hackers had installed a “web shell” on top of the company’s content management system (CMS), the digital storeroom for the shipping data. The web shell gave hackers a backdoor to access the company’s digital storeroom of shipping data from the internet. At their fingertips was near-real-time GPS tracking of the company’s ships, which included detailed information on their cargo — essentially a gold mine of information for the thieves.

Once the web shell was discovered, the company was able to temporarily shut down the GPS tracking and re-route ships to avoid future attacks. The web shell was then removed and a firewall was added to protect the CMS. 

This isn’t the first case where a cyber attack has posed a physical threat. Just last month, hackers shut down theHollywood Presbyterian Medical Center and demanded ransom to relinquish control, putting patients’ lives at risk. As criminals continue to learn to access and utilize sensitive information, it is important that companies and individuals take steps to prevent data theft and put in place plans to respond to both the tangible and intangible implications of a cyber attack.