If you've ever wondered where data goes once it's stolen or how many cybercriminals view and download the information worldwide, there's finally an answer. A hint? The numbers are staggering. 

 

The threat research team at cloud security company Bitglass conducted an experiment where they compiled a spreadsheet of nearly 1,600 fake names, Social Security numbers, credit card numbers and addresses and then subsequently transmitted the spreadsheet through the company's proxy. Each time the file was opened, a spreadsheet watermark "called home" as officials explained, recording the viewer's IP address, geographic location and device type. 

 

[See also: HIPAA breaches: The list keeps growing.]

 

The file was also posted anonymously to cybercrime marketplaces on the Dark Web. Company officials billed the experiment as the "world's first" A/B test for stolen credit card numbers in this location. The experiment, as company officials emphasized, provided valuable insight into how stolen data is used, purchased on the black market and shared globally. So what happened to the data?

 

In just a few days, the data had traveled to more than five countries, three continents and was viewed more than 200 times. In just 12 days, the data was viewed 1,081 times and spread to a total of 22 countries and five continents. The most common geographic access points to the data were Russia, China and Brazil. Two cybercrime syndicates in Russian and Nigeria also showed high rates of interaction with the data, findings showed. 

 

22 countries in 12 days is a sobering statistic, especially when considering that it takes on average 205 days for an organization to discover a breach even occurred, according to the report. That "days to discover" number varies according to different reports, but one thing remains consistent: it's taking the attackers a lot less time to swipe the data than it is for the defenders to realize the data has been compromised.

 

In fact, in Verizon's 2014 data breach investigations report, researchers found an attacker's time to compromise a data asset averaged in the days, compared to time of breach discovery by the defender, which averaged in the months. In 2013, some 90 percent of breaches had their compromise time in days or less. Breach discovery time? About 20 percent were able to discover a breach in days or less. 

 

[See also: PHI of 485K swiped in USPS data breach and Mock cyberattacks coming to healthcare.]

 

"This experiment demonstrates the liquidity of breached data, underscoring the importance of discovering data breaches early,” said Nat Kausik, Bitglass CEO, in an April 7 press statement announcing report findings.  

 

"The key is being able to track and identify data as it leaves your network," company officials said in the report.