Europol Reports Significant Increase in Criminal Demand for Data

Europol has issued a warning about the significant increase in demand for data related to the cybercrime underground, which is leading to the establishment of a flourishing underground economy centered around fraud, ransomware, child exploitation, and extortion.

The recently released 2025 Internet Organised Crime Assessment report draws on intelligence from Europol’s own investigations, the EU Serious and Organised Crime Threat Assessment 2025, and feedback from Europol experts and advisory groups.

The report highlights that as the volume of digitally stored data has skyrocketed, it has become the “central commodity” of cybercrime, vulnerable due to a widespread lack of digital literacy among consumers and businesses, compounded by the intricacies of IT systems.

Data, particularly in the form of access credentials and personally identifiable information (PII), is identified as both a target and a means for cybercriminals. They exploit this data for various malicious acts including extortion, fraud, unauthorized system access, business email compromise (BEC), espionage, and even targeting victims in child sexual exploitation (CSE).

The issue of data breaches creates a “vicious cycle” where stolen credentials grant access to accounts, enabling further breaches or account takeovers, which in turn puts even more data and credentials at risk. The report underscores that stolen information is transformed into a commodity that can be exploited by various criminal actors in their operations.

Europol notes that this illicit data is marketed across several criminal platforms, including specialized marketplaces, underground forums, and specific channels within end-to-end encrypted (E2EE) communication applications. The primary methods of acquiring data include social engineering, infostealers, vishing, and vulnerability exploitation.

Initial access brokers (IABs) play a critical role in enabling data access, while data brokers facilitate its sale, fostering a service-oriented underground economy that facilitates these transactions.

Consequently, the demand for data is surging, and the illicit trade in data is projected to expand further within underground economies, contributing to disruptions in legitimate economic activities and a decline in trust in governance structures.

Policy Recommendations

In response to the escalating situation, Europol has proposed three policy considerations aimed at improving the current landscape:

1. Establish “lawful access by design” to end-to-end encrypted communications, a contentious approach criticized by experts for its potential to undermine security and privacy for everyone.
2. Develop “clear and harmonized” EU standards for the targeted retention and rapid access to essential metadata to enhance the efficacy of cross-border investigations.
3. Promote “broad digital literacy, critical verification skills, and responsible online sharing practices” focusing on educating parents and young individuals.

Interestingly, the report does not indicate any recommendations for improving corporate security, despite the rising frequency of enterprise data breaches. The Identity Theft Resource Center reported an alarming increase in victim counts, with breaches impacting U.S. firms rising to a staggering 1.7 billion last year.