Gray hats

Gray hats are likely to focus on a target that is the easiest to re-identify (presenting unique or unlikely characteristics, test results, etc.) and have the necessary tools.


To be able to maintain the data industry, privacy needs to be protected, and anonymisation techniques appear, which are then (at least theoretically) attacked again. This is yet another business around data, with new adversaries, of which some have genuine ethical concerns about the data industry.

Past patterns

This category includes an ecosystem of lawyers, journalists, (privacy) activists and gray hat hackers.


Most, if not all attacks by these adversaries are done for demonstration purposes and have no direct relation to the target(s). In these attacks, the adversary is attempting to re-identify any person in the data to prove insufficient anonymisation (something that may work towards solving the problem) and possibly to shame or embarrass the data custodian (something that has never worked to solve a problem).