There are multiple ways that hackers employ to get your customers’ personal sensitive data. Common types are phishing, malware, man-in-the-middle attacks, using insecure VPN connections, etc. Ultimately the criminal obtains user login information and as a result, they get access to debit and credit card numbers, account names, passwords, email or social media, etc., i.e. all the information about this particular user stored in your database. With this information, a criminal can commit financial fraud, send spam messages, or even blackmail users.