In data theft, unauthorized persons obtain secret, protected, or data not intended for them, such as personal data. The data can then be misused. Data theft can relate to digitally stored data or data stored on physical media such as paper.
The term data theft refers to the unauthorized acquisition of secret, protected, or sensitive data that is not intended for anyone. Affected data can be personal data, access codes, payment data or company secrets, and confidential data.
What is data theft?
In data theft, a distinction can be made between physical and non-physical theft of data. Physical data theft not only steals the actual data but also the media on which it is stored. These media are, for example, paper, magnetic tapes, or other storage media. For example, letters, bank statements, identification documents, hard drives, or USB sticks containing data are stolen.
In the case of non-physical data theft, this is not theft in the true sense of the word, but rather the unauthorized copying or reading of data. For example, e-mails are copied or read, passwords are obtained through phishing attacks, or bank card PINs are stolen.
The theft of data from a legal perspective
The legislature has enshrined a separate paragraph for data spying in the Criminal Code. Section 202a of the Criminal Code (StGB) refers to the unauthorized acquisition of data by spying and makes this a punishable offense. However, it refers to data that is stored magnetically, electronically, or in any other imperceptible way.
The prerequisite is that the perpetrator has procured data not intended for him and is protected against unauthorized access. It can be deduced from this that not in principle every unauthorized access to a computer is punishable. In addition, the spying out of data is required under certain circumstances.
The distinction between data theft and data misuse
The term data theft refers to the process of illegally obtaining data. It does not yet have to result in misuse of the data. Only in the case of data misuse does the perpetrator use the procured data for unlawful acts without the knowledge of the owners. These acts can be, for example, unauthorized bank transfers, the impersonation of false identities, the compromising of e-mail accounts, or the exploitation of trade secrets.
Protective measures against data theft
In principle, the principles of data economy and data avoidance should be followed to prevent data theft. If physical data theft is to be prevented, it can make sense to secure storage media in a special way or to make them unreadable or destroy them when they are no longer needed. Data stored on paper, for example, can be made unreadable with a paper shredder.
Password theft can be made more difficult by securing computers with virus scanners and using secure passwords that are changed regularly. Multifactor authentication further secures online access. Data encryption should be used on electronic transmission paths and storage media.
To protect against data theft, it is important to make people aware of the risks and train them in handling confidential, personal, or critical data.