When Progress Corp, the Massachusetts-based maker of business software, revealed its file transfer system had been compromised this month, the issue quickly gathered global significance.
A Russian-speaking gang dubbed Cl0p had used the vulnerability to steal sensitive information from hundreds of companies including British Airways, Shell and PwC. It had been expected that the hackers would then attempt to extort affected organizations, threatening to release their data unless a ransom was paid.
However, cyber security experts said that the nature of the data stolen in the attack—including the driving licenses, health and pension information of millions of Americans—hints at another way hackers would cash in: ID theft scams, which combined with the latest in so-called deepfake software may prove even more lucrative than extorting companies.
“I am not a criminal, but I’ve been studying this for a long time—if I had this much information, and it was so pristine, the sky is the limit,” said Haywood Talcove, the chief executive of LexisNexis Risk Solutions’ Government division.
Experts have long warned about the growth of deepfake scams where criminals pair artificial intelligence software with personal information to create realistic digital likenesses of people to bypass traditional security checks.
The number of deepfakes used in scams in just the first three months of 2023 outstripped all of 2022 and then some, according to Miami-based Sumsub, a verification platform, with particularly high growth in Canada, the US, Germany, and the UK.
This is because faking a Western citizen’s identities unlocks not just bank and traditional online scams, but also the theft of government benefits.
For example, Talcove said the sort of information stolen in the Progress hack—photographs, names, dates of birth, home addresses and parts of their social security numbers—could be used to create fake video selfies that many US state agencies use to verify identities.
That could allow criminals to successfully claim unemployment benefits, and apply for federal college loans, food stamps and other programs. He estimated each stolen identity can be successfully leveraged to steal as much as $2 million just from government benefit programs alone.