Summary5 min read

Podcast Summary: "What’s Supercharging Data Breaches?"

Podcast: The Indicator from Planet Money (NPR)
Date: October 7, 2025
Hosts: Waylon Wong & Cooper Katz McKim
Guests: Michele Campobasso (Cybersecurity expert, Italy), Troy Hunt (Have I Been Pwned, Australia), Stuart Madnick (MIT Sloan School of Management)

Overview

This episode dives into the rapidly changing world of cybercrime, focusing on how data breaches are becoming more frequent, sophisticated, and profitable. The hosts examine the new dynamics behind these breaches—especially how artificial intelligence (AI) and the "franchising" of hacking tools make it easier for more people (not just traditional hackers) to participate in cybercrime. The episode also discusses why data breaches are so hard to prevent and what everyone—from individuals to governments—should do in response.

Key Discussion Points & Insights

1. The Modern Face of Data Breaches (00:11 – 01:13)

Exploring the Dark Web
Katz McKim describes his experience being shown ransomware sites by Michele Campobasso, noting the variety of victims—schools, hospitals, even cities:
- Sites run “blogs” with victim notices and countdowns: pay by the deadline, or sensitive data will be released (00:25).
Extraction for Value
Data breaches—ransomware, malware, deepfake fraud, etc.—all revolve around stealing data to extract value (01:02).

“It’s a very flourishing market. It works. It just works.” — Michele Campobasso, 01:13

2. The Pervasiveness of Data Breaches (02:50 – 04:34)

Everyday Exposure
Massive breaches, like the one at AT&T, now routinely affect millions (02:50).
Have I Been Pwned?
Troy Hunt’s tool helps people find out if they've been caught up in breaches (03:17). The term “pwned” originated as a gaming misspelling of “owned.”
The Scale of the Problem
Troy Hunt receives multiple new data breaches daily. His service has indexed over 15 billion breached records (04:00).

“It’s one of those tip of the iceberg scenarios… 15 billion breached records, and I’m quite sure that would be somewhere in the order of the total number.” — Troy Hunt, 04:00

Big Money in Breaches
In eight months, cybercriminals made $140 million selling stolen data. One in five Americans has been targeted by malware (04:19).

3. How Personal Data Becomes Cybercrime Currency (04:34 – 05:18)

Even old or trivial credentials can be valuable; criminals try as many “keys” as possible in hope some will unlock something crucial (05:18).
- Example: MyFitnessPal password could also be a bank password (05:18).

4. The Market Is Growing Fast (05:54 – 06:34)

2025 Record Breaking Year
The US is on track for a record year in breaches. Reporting is inconsistent, but experts agree incidents and costs (up nearly 10%) are rising.
Cybercrime: A Fast-Moving Target
Bad actors adapt more quickly than defenders.

“The good guys are getting better, but the bad guys are getting badder even faster.” — Stuart Madnick, 06:30

5. AI and the Rise of “Franchised” Cybercrime (06:34 – 08:23)

AI Accelerates Attacks
- 16% of data breaches involve AI; 80% of ransomware attacks have been accelerated by it (06:46).
- AI automates tedious tasks, speeds up attacks, and increases sophistication, even in targeted spear-phishing (07:01).

“AI systems can do [spear phishing] splendidly—much faster, and in many cases, higher quality.” — Stuart Madnick, 07:29

Franchising Crime
- Hackers can now sell or license their tools, making it easier for non-experts to break in (07:37).
- Anyone can rent malware services or buy “how-to” guides.

“Once I built the tool to do that, it’s easy to say, for $10,000 or 50% of the gain, I will give you this tool… There’s a multiplying effect.” — Stuart Madnick, 07:45

Cybercriminals Share and Learn Fast
- Franchising enables knowledge-sharing and rapid evolution of tactics among criminals (08:16).

6. Why Defenders Struggle to Keep Up (08:23 – 09:16)

Reluctance to Share Bad News
- Companies rarely publicize breaches—bad for PR and legally complicated (08:34).

“Cybercriminals are learning faster and adjusting faster… Cybercriminals benefit from sharing that information.” — Stuart Madnick, 08:42

“Bad guys have huge egos… They sell the information: ‘I’m the one who shut down Capital One—pay me and I’ll tell you how to do it too.’” — Stuart Madnick, 08:42
A Grim Outlook
- Stuart polls cybersecurity professionals: 90% think the environment will be worse in 10 years (09:00).

“It doesn’t mean we won’t try to hold back the tide, but the tide is rising against us.” — Stuart Madnick, 09:12

7. What Can You (And We) Do? (09:16 – 09:39)

Protective Steps
- Keep systems updated, use two-factor authentication, and don’t reuse passwords (09:23).
- Still, experts caution it’s unreasonable to expect individuals alone to withstand sophisticated syndicates—collective action is needed.

“Governments, businesses, and academics… need to come together to create a more robust solution.” — Waylon Wong, 09:23

Notable Quotes & Memorable Moments

On the Market’s Growth:
“The US is already on track for a record year in data breaches in 2025.” — Waylon Wong, 05:54
On Franchised Cybercrime:
“Franchising also helps criminals because it means they’re actually sharing knowledge and collectively learning from it, which they are distinctly better at than their victims.” — Katz McKim, 08:16
On the Futility of Going It Alone:
“It’s unrealistic to expect individuals to go up themselves against these cybercrime syndicates… Governments, businesses, and academics… need to come together.” — Waylon Wong, 09:23

Segment Timestamps

| Section | Timestamp | |----------------------------------------------|-----------------| | The Dark Web & Ransomware | 00:11 – 01:13 | | Personal Data at Risk & “Have I Been Pwned” | 02:50 – 05:18 | | Record-Breaking Year & Costs | 05:54 – 06:34 | | AI’s Role in Cyberattacks | 06:34 – 07:29 | | Franchising and Knowledge Sharing | 07:37 – 08:23 | | Why Companies Don’t Share Breach Info | 08:23 – 08:54 | | Expert Prognosis & Mitigation | 09:00 – 09:39 |

Tone & Takeaways

The episode maintains a brisk, conversational, and often humorous tone despite the grim subject, balancing alarming statistics with relatable anecdotes (like checking personal emails for breaches). The message is clear: as cybercrime becomes more industrialized and democratized through technology and shared tactics, large-scale and coordinated efforts will be necessary to stem the rising tide.

Final Word:
Stay vigilant, use robust security practices, but realize that the real fix must be systemic—not just individual.

Loading summary

Transcript57 lines

[00:01]
A
Npr.
[00:12]
B
This is the indicator from planet money i'm waylon wong and i'm cooper.
[00:15]
A
Katz mckim a producer on the show okay waylon we've talked about the dark.
[00:20]
B
Web before yes it's part of the internet where people go to do all kinds of illegal business so it sounds.
[00:26]
A
Scary but you know i wanted to actually see what it looks like is it all just like a black background with red text kind of thing so i checked in with michele campobasso a cybersecurity expert in italy and he actually took me there specifically to this ransomware.
[00:40]
C
Site what they do is that they have this kind of blog where they post notices for their victims with a countdown of if you don't pay us by the end of the countdown we are going to release data and what.
[00:55]
A
He showed me were these caches of data of high schools of hospitals of entire cities that have lost their data because they didn't pay some ransom this.
[01:03]
B
Is one example of how data is breached there's also malware deepfake fraud the big corporate breaches you hear about in the news and all of it is happening for the purpose of extracting value.
[01:14]
C
From your information it's a very flourishing market it works it just works.
[01:21]
A
This week on the indicator we're bringing you a special series on the evolving business of crime when it comes to data breaches that evolution has been supercharged so today on the show we look at how that's happening and why you don't have to be a hacker anymore to get into the game.
[01:42]
D
Support for npr and the following message come from indeed just realizing your business needed to hire someone yesterday speed up your hiring right now with indeed claim your seventy five dollars sponsored job credit now at indeed dot com indicator terms and conditions apply.
[02:00]
E
This message comes from vanguard capturing value in the bond market is not easy that's why vanguard offers a suite of over eighty institutional quality bond funds actively managed by a two hundred person global team of sector specialists analysts and traders they're designed for financial advisors looking to give their clients consistent results year in and year out see the record at vanguard dot com audio that's vanguard dot com audio all investing is subject to risk vanguard marketing corporation distributor this message.
[02:35]
D
Comes from capital one with the venture x card earn unlimited double miles a three hundred dollars annual capital one travel credit and access to airport lounges capital one what's in your wallet terms apply details at capital one dot com okay.
[02:51]
A
Waylon picture this you're in your kitchen morning light beaming through the window plants getting fed you open a newspaper and there's a big headline data breach at and t sees phone records of nearly all customers stolen and you're wondering am i a part of that well i'm.
[03:08]
B
An att subscriber so probably and if you want to know for certain if your data was gobbled up troy hunt may be able to help you i.
[03:18]
C
Started the data breach search service have.
[03:20]
B
I been pwned he said pwn okay i've always wanted to know how that was pronounced because i only ever saw it spelled p w n e d.
[03:30]
A
Right yeah looks kind of like gibberish and it actually is gibberish because it comes from a misspelling of the word owned from the video game world so.
[03:40]
B
When someone's data has been stolen they've been owned i guess or pwned right.
[03:44]
A
So troy's company is based in australia it's actually a free service that he offers to anyone around the world whenever there's a breach troy finds the public information and indexes it on his website to let people know if they've had their data stolen this unfortunately happens a lot because data breaches happen a lot.
[04:00]
C
Well look i'm receiving data every single day on average i would receive multiple data breaches a day it's a little bit of one of those tip of the iceberg sort of scenarios we've got fifteen billion breached records and have i been pwned and i'm quite sure that that would be somewhere in the order of of the total number that have occurred over the course of time one.
[04:19]
A
In five people living in the us have been targeted with malware that steals their information according to one estimate in an eight month period cybercriminals made one hundred forty million dollars in revenue from selling stolen data products alone so yeah cybercriminals clearly value your information and are.
[04:35]
B
Getting it okay cooper i'm going to put my personal email into have i been pwned to see to see if i'm one of those one in five.
[04:44]
A
I'M curious yeah let's find out okay.
[04:47]
B
Here i go oh twenty six data breaches okay it says oh no pwned this email address has been found in multiple data breaches so i scroll down oh neiman marcus when was the last time i shouted neiman marcus that was.
[05:03]
A
Something troy was saying actually was that sometimes it just shows up in random things because other data breaches lead to.
[05:10]
B
Other data breaches this is all very.
[05:11]
A
Demoralizing i know we're learning a lot about you it's like it's almost like this information shouldn't be made public okay.
[05:18]
B
So like one of my credentials that has been compromised is for my fitness pal which i don't even remember the last time i logged in or used it or anything and i don't think that's necessarily that valuable but it's like cybercriminals just want a bazillion passwords and then hope one of them leads to something of value that password is one key in a metaphorical pile of keys criminals don't know where they lead but they're willing to try every house and car in the neighborhood until they find something that works for instance maybe my myfitnesspal password is the same as my bank password yes hopefully not nope it's not don't even try it do not.
[05:54]
A
Try it but look this market is growing the us is already on track for a record year in data breaches in twenty twenty five so it's not actually easy to quantify just how many data breaches there are because they're often not reported but experts agree they've gone up between twenty twenty three and twenty twenty four the cost in the us of a data breach has actually increased.
[06:14]
B
Nearly ten percent the reason this market is moving like a freight train is because it's hard to protect against bad actors are adjusting very quickly stuart mannick is a professor at the mit sloan school of management and the founding director of cybersecurity there i often say the.
[06:30]
F
Good guys are getting better but the bad guys are getting badder even faster.
[06:34]
B
So how are they doing this stewart says one way that cybercriminals are staying ahead of the curve is ai we've.
[06:41]
F
Seen several examples of how cyberattacks have been greatly accelerated due to ai tools.
[06:47]
A
A study by ibm found sixteen percent of data breaches now involve ai another found that eighty percent of all ransomware attacks have been accelerated because of it stewart tells us it changes every aspect of cybercrime because data collection tasks just.
[07:02]
B
Become easier and you might think this is just for bulk breaches like recently we saw ticketmaster or transunion but i can even help with higher effort individual crimes take spear phishing this is a kind of hyper focused cybercrime where you learn as much as you can about someone and then you pretend online to be their trusted colleague or boss or partner and you impersonate that person and you ask for your login info or to transfer some money that takes time.
[07:29]
F
And effort guess what ai systems can do that splendidly much faster and in many case higher quality and not only.
[07:38]
A
That he says ai offers another franchising hackers are finding what works and then just selling it to other people once.
[07:45]
F
I built the tool to do that it's kind of easy to say for ten thousand dollars or fifty percent of the gain here i will give you this tool so there's a multiplying effect going on on the bad guy world.
[07:57]
B
Yeah while once upon a time the darknet was just full of products like credit card and social security numbers there are now more services for sale it's allowing cybercriminals without a technical background to get into the game too anyone can for example pay a subscription to license a top notch malware service franchising also.
[08:16]
A
Helps criminals because it means they're actually sharing knowledge and collectively learning from it which they are distinctly better at than.
[08:23]
B
Their victims cybercriminals are learning faster and adjusting faster big companies could certainly learn from other data breaches but oftentimes they're not desperate to share that they've been.
[08:34]
F
Hacked it's bad for publicity it raises all kinds of legal issues it encourages.
[08:39]
B
Copycats meanwhile cybercriminals benefit from sharing that.
[08:43]
F
Information the bad guys have huge egos and number two they sell the information so i can say hey i'm the one who shut down capital one and for ten thousand dollars i'll tell you how you can do it to another.
[08:54]
A
Bank stuart what are you admitting to.
[08:56]
B
Us calls coming from inside the house.
[09:00]
A
Stewart'S been to a lot of conferences lately and he keeps asking rooms full of people if they think the cybersecurity situation will be better worse or the same in ten years ninety percent say it'll be worse than today doesn't mean.
[09:13]
F
We'Re not going to try to hold back the tide but the tide is.
[09:17]
B
Rising against us there are plenty of ways to protect yourself keep your systems updated use two factor authentication and don't.
[09:24]
A
Repeat passwords you know but ultimately experts tell us it's unrealistic to expect individuals to be the ones to go up themselves against these cybercrime syndicates i mean it's not reasonable governments businesses and academics in some experts opinion they need to come together to create a more robust.
[09:40]
B
Solution here so stay wary if your boss suddenly asks you to send over ten grand maybe double check.
[09:50]
A
Tomorrow we're bringing you another episode of the vice series this one details how the drug trade is wreaking havoc on the environment this episode was produced by corey bridges with engineering by siena lofredo it was fact checked by sierra juarez cagan cannon edits our show and the indicators of production of npr yeah speaking of waylon could you send me ten grand this.
[10:11]
B
Is not a deal oh yeah sure.
[10:12]
A
What'S your venmo oh perfect okay it.
[10:14]
E
Works this message comes from npr sponsor capella university with capella's flexpath learning format you can set your own deadlines and learn on your schedule a different future is closer than you think with capella university learn more at capella edu this message comes from mint mobile at mint mobile their favorite word is no no contracts no monthly bills no hidden fees plans start at dollar fifteen a month make the switch at mintmobile dot com switch that's mintmobile dot com switch upfront payment of forty five dollars for three month five gb plan required equivalent to fifteen dollars a month new customer offer for first three months only then full price plan options available taxes and fees extra see mint mobile for details this.
[11:01]
D
Message comes from warby parker prescription eyewear that's expertly crafted and unexpectedly affordable glasses designed in house from premium materials starting at just ninety five dollars including prescription lenses stop by a warby parker store near you.