One day I got a call from Sarah*, the in-house counsel at a large financial institution. “Our [information security] team was doing a routine search and found a list of our employee passwords for sale on the dark web,” she told me. “The business folks want to buy it back. What should we do? Should we buy it ourselves? Are there any downsides?”
Your Company’s Data Is for Sale on the Dark Web. Should You Buy It Back?
Paying for stolen data — even when it’s your own — comes with substantial legal and reputational risks.
January 04, 2023
Sara Melhuish/EyeEm/Getty Images
Summary.
In the course of routine monitoring, you may come across proprietary company information on the dark web. So should you try to buy it back? The short answer is that in most cases, the legal and reputational risks far outweigh the benefits of purchasing the information. Here’s a closer look at eight of those risks.
New!
HBR Learning
Ethics at Work Course
Accelerate your career with Harvard ManageMentor®. HBR Learning’s online leadership training helps you hone your skills with courses like Ethics at Work. Earn badges to share on LinkedIn and your resume. Access more than 40 courses trusted by Fortune 500 companies.
Avoid integrity traps in the workplace.
Learn More & See All Courses
New!
HBR Learning
HBR Learning
Ethics at Work Course
Accelerate your career with Harvard ManageMentor®. HBR Learning’s online leadership training helps you hone your skills with courses like Ethics at Work. Earn badges to share on LinkedIn and your resume. Access more than 40 courses trusted by Fortune 500 companies.
Avoid integrity traps in the workplace.