I was just thinking about the upcoming WFR and how historically it's always been the same few departments that get hit hard. Those departments don't exactly hold much - if any - truly sensitive data I think? idk, to me it seems like certain departments rarely ever get hit due to what those employees do and posses?
I am a bit surprised that you don't hear of companies having their internal sht released publicly and/or to dark web type sites very often. I'm sure it happens all the time but I'm not one who keeps up with that stuff so idk.
A network engineer for example could release a massive list of internal network maps. Those who manage firewalls could release the entire rule base of what is in the firewalls. A person in sales could release a list of clients they have, or clients they won't work with possibly, etc... Or maybe someone who works with PCI stuff releases a giant list of customer names/address's/CC info?
In my mind I think anyone who does that is stupid, first of all. But those who do it I suppose do it for a profit? Which still seems d-mb because I feel there is a high chance of getting caught anyways.