Hackers Are Stealing Data They Can't Read Yet

Attackers are stealing encrypted data now, betting they can crack it later with quantum computers. Most companies are not yet prepared.

A significant but often overlooked security threat is gaining attention: "harvest now, decrypt later." In this attack, malicious actors are actively stealing large volumes of encrypted data today. They don't have the ability to read this data yet, but they are stockpiling it for the future. The strategy relies on the eventual arrival of powerful quantum computers, which are expected to be capable of breaking the encryption algorithms that currently protect most of the world's sensitive information. While the timeline for a cryptographically relevant quantum computer is uncertain, the data theft is happening right now, creating a long-term risk for any organization with valuable data. This approach turns today's secure data into a future vulnerability.

The implications of this threat are substantial, especially for data that needs to remain confidential for many years, such as intellectual property, financial records, and personal health information. The core problem is that once this data is stolen, it cannot be retroactively secured. Despite growing awareness of the issue, a recent survey highlighted a critical lack of preparedness across the industry. Many organizations have not yet started to assess their exposure or develop a strategy for migrating to quantum-resistant encryption. This inaction puts companies at risk of having their most valuable secrets exposed in the future, creating a ticking time bomb within their stolen data archives. For CTOs and security teams, this is no longer a theoretical problem but a present-day strategic challenge.

The primary defense against this threat is the transition to post-quantum cryptography (PQC). These are new encryption standards designed to be secure against attacks from both classical and quantum computers. However, migrating an entire organization's infrastructure to PQC is a complex and time-consuming process. It requires a complete inventory of all systems that use cryptography, followed by a phased rollout of the new algorithms. Security leaders are urged to begin planning their migration strategy now. Waiting until a powerful quantum computer is a reality will be too late, as the data harvested today will already be in the hands of adversaries, ready for decryption.