Your Company’s Data Is for Sale on the Dark Web. Should You Buy It Back?

In an increasingly digitized world, the security of a company’s data has never been more critical. A breach or a leak can spell disaster, tarnishing a brand’s reputation, eroding customer trust, and incurring hefty fines. Imagine discovering your company’s sensitive data is up for sale on the dark web. The knee-jerk reaction might be to buy it back, but is this the right move? Brenda R. Sharton, an internationally recognized expert in cybersecurity, weighs in on this complex issue.

Understanding the Dark Web

Before delving into the question at hand, it’s essential to understand what the dark web is. It’s a part of the internet that is not indexed by search engines and is accessible only through specific software, allowing users and website operators to remain anonymous or untraceable. Often, the dark web becomes a marketplace for selling illegal goods, including stolen data.

The Temptation to Buy Back Data

When a company finds that its data is being sold on the dark web, the immediate impulse might be to buy it back. The rationale is straightforward: regain control of the information to prevent misuse. However, the decision is not as simple as it seems.

The Expert’s Stance

Brenda R. Sharton, a litigation partner and the global Chair of Dechert LLP’s Privacy & Cybersecurity practice, has extensive experience dealing with such dilemmas. Sharton has quarterbacked over 1,000 data breach investigations and has been the strategist behind negotiating ransom in several high-profile cyberattacks. Given her vast experience and expertise, her advice is invaluable for any company finding itself in this situation.

The Risks of Buying Back Data

According to Sharton, purchasing stolen data on the dark web is fraught with risks. Firstly, there’s no guarantee that the seller will honor the agreement. After receiving payment, they could easily sell the data to someone else, or demand more money. Additionally, buying back stolen data can inadvertently fund criminal activities, including further cyberattacks. There’s also the ethical consideration—paying a ransom or buying back data could be perceived as an admission of guilt or a sign of weakness, potentially inviting more attacks.

The Alternatives

So, what should a company do if it finds its data is for sale on the dark web? Sharton advocates for a multifaceted approach:

  • Conduct an Immediate Investigation: Understand how the breach occurred and the extent of the compromised data. This involves engaging cybersecurity experts to analyze the breach and mitigate further risk.
  • Legal Counsel: Seek legal advice on the obligations towards notifying affected individuals and regulatory bodies. Laws and regulations regarding data breaches vary by jurisdiction, and compliance is crucial.
  • Strengthen Security Measures: Post-breach, it’s essential to bolster your company’s cybersecurity infrastructure to prevent future incidents. This could include updating software, training employees on security awareness, and implementing more robust access controls.
  • Communicate Transparently: Be honest with your stakeholders about the breach. Maintaining transparency can help preserve trust and signal that you are handling the situation responsibly.

Long-Term Implications

Buying back stolen data may seem like a quick fix, but it fails to address the underlying security flaws that allowed the breach to occur in the first place. Strengthening cybersecurity measures and fostering a culture of digital security awareness among employees are crucial steps in safeguarding a company’s data against future incidents.


The decision to buy back stolen data is complex and fraught with potential pitfalls. Brenda R. Sharton’s expertise underscores the importance of a comprehensive strategy that includes immediate action, legal compliance, and long-term preventive measures, rather than resorting to negotiations with criminals. In the battle against data theft, a proactive stance on cybersecurity is not just beneficial—it’s essential.

In closing, companies must navigate the murky waters of cyber threats with caution, understanding that the integrity of their data is paramount. By adhering to expert advice and prioritizing the security of their digital assets, businesses can better protect themselves against the ever-evolving landscape of cybercrime.

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

SEC Chairman Gensler Responds to Bitcoin Spot ETF Approval Misinformation and SEC Account Hack Incident

SEC Chair Gary Gensler Speaks Out on False Bitcoin Spot ETF Approval…

AI’s Challenge to Internet Freedom: Unmasking the Threat to Online Free Speech and Privacy

AI’s Challenge to Internet Freedom: A Rising Threat In October 2020, while…

Nucleus Security Lands $43 Million Series B Funding: Propelling Innovation in Vulnerability Management

Nucleus Security Secures $43 Million in Series B Funding to Lead Innovation…