Phone numbers, emails, addresses and card numbers are just some of the things hackers want to get their hands on.
But there's another type of data at risk: your DNA. And it has to do with these at-home DNA testing kits.
If you're ordering this, you probably want to learn about yourself — your ethnicity or your family relationships. But that comes with a catch.
"What experts say is that a lot of people don't really recognize how much information they're putting out there, and they don't recognize what people might be able to do with that information," said Kevin Loria, a health reporter for Consumer Reports.
That information reveals details about our health and risks for certain diseases. And that information is lucrative.
"They also can use that information for research, and they might sell it to third parties that also do research, and once that happens, you don't exactly know what's going to happen with your data," Loria said.
So let's back up and define our terms. Third parties look like this:
"Without scientists, who will cure diseases and who will discover the things you never knew existed?"
This is GlaxoSmithKline, or GSK. It describes itself as a "science-led global health care company on a mission to help people to do more, feel better and live longer."
DNA samples can help with those efforts.
So much so, the company paired up with 23andMe for "research and development of innovative new medicines and potential cures" and "using human genetics as the basis for discovery."
But Loria said "once that data is out there, it's very hard to call it back."
My Heritage's terms and conditions are a solid example of this. It says, "By submitting DNA samples to us and/or DNA results to the website, you grant us a royalty-free, worldwide license to use your DNA samples."
Here's the good news.
Loria said "with kind of the bigger, better-known companies — companies like Ancestry, 23andMe, My Heritage — they have pretty clear policies and they say that if you contact them, whether you call them or whether you log in to your account and you request for them to delete your data, that they'll delete your data from their servers and they'll discard your sample."
But there are three instances where companies can't delete your DNA data: regulatory purposes; subpoenas and warrants; and DNA data already used or being used for research.
Loria said: "The really key thing for people to keep in mind is that you know, once they've sent their data in, it's really hard to get that information deleted. And so you have to be aware of that decision when you're sending in that tube of saliva."