Leaked Nudes Threat: The Horrifying New Low of a Data Breach

Data breaches have taken a terrifying turn as cyber criminals stoop to new lows, threatening to expose personal and intimate photos of female data breach victims. Nikki Webb investigates the painful consequences that breach victims face

Louise, a resident of South Wales, found herself caught in a web of deceit and fear after her private data was stolen in a breach affecting over 500 current and former employees of Shiseido, a renowned cosmetics company.

Louise’s nightmare began when fraudsters, armed with her stolen information, audaciously applied for a loan in her name. A phone call from someone claiming to be from her bank, Natwest, soon plunged her into despair. Armed with personal details like her full name, address, and postcode, this imposter tried to coerce her into acknowledging the loan. Sensing something was amiss, Louise ended the call without giving in.

“We will put your nude photos online”

Filled with trepidation, Louise contacted her actual bank and discovered an unauthorised payment of £3,000 in her account. It became clear that these cyber criminals were sophisticated and relentless.

Later that day, Louise received another call from the same voice. “He said, ‘All we need you to do is send that money back and here’s the account, send us that money’,” Louise told BBC Online. She was threatened with violence against her and her family if she didn’t return the money. The chilling twist came when the criminal uttered: “We will put your nude photos online.”

Those bone-chilling words left Louise trembling and violated, completely robbed of her sense of security. So, how did the cyber criminals obtain these images? Frustratingly, there’s no real way of knowing if they actually did. There are three possibilities:

1. They do have the images. Stolen credentials (gained from the information acquired in the data breach) gave attackers log-in access to the individual’s account, and with it, any associated photos or files.
2. They don’t have any images. They use the threat as a blackmail technique to coerce Louise into sending the money.
3. They are employing the use of deepfakes to create images of the victim.

Whichever of the above possibilities is reality, this incident demonstrates that the impact of data breaches extends far beyond financial loss and identity theft. Data breaches can strike at the core of a person’s emotional well-being, leaving them devastated and violated.

Sadly, Louise’s traumatic experience is not the only trauma from the Shiseido breach. Angela from the West Midlands discovered she had been named director of a company she had never heard of, registered just a short distance from her home. When she stumbled upon this evidence on the Companies House website, panic engulfed her, and her reality crumbled. Unbeknownst to her, she had become a pawn in a heartless game of deception.

To make matters worse, criminals posing as a tax rebate company submitted false claims to HMRC on behalf of both current and former Shiseido employees. Heartbreakingly, these fraudulent claims resulted in letters from HMRC informing victims of payments made, not to them but to the criminals exploiting their vulnerability. While some victims were genuinely owed tax rebates, others had their refund claims fabricated, further intensifying the trauma they endured.

“The emotional and psychological toll of such an invasion is immeasurable”

Shiseido, the cosmetics giant behind popular brands like NARS and Issey Miyake, expressed deep concern and commitment to those affected. The company offered impacted individuals access to credit and identity monitoring services through Experian Plus Protection. They have provided regular updates, guidance, and support to all current and former employees, striving to alleviate the immense distress caused by this malicious breach.

Shiseido took swift action and obtained a court order to safeguard its employees’ personal details from misuse. Additionally, the company has worked in close collaboration with HMRC to combat tax rebate fraud and minimise the devastating consequences suffered by the victims.

Louise, Angela, and countless others are trapped in a nightmare they never saw coming. The emotional and psychological toll of such an invasion is immeasurable, leaving them violated and perpetually fearful. Each data breach statistic hides a deeply human story, filled with pain, fear, and shattered trust.

As society grapples with the ever-evolving threat of cybercrime, it becomes crucial for individuals, corporations, and regulatory bodies to unite in strengthening data protection measures. Safeguarding personal information and ensuring the well-being of innocent victims must be prioritised more than ever.

In the battle against this relentless and heartless cyber criminal enemy, we must tirelessly work to prevent such violations, protect the vulnerable, and advocate for justice. Only then can we hope to mitigate the devastating consequences of data breaches and uphold the fundamental right to privacy in our increasingly interconnected world.