Today, mountains of digital information generate substantial business and personal value, but also invite a new type of crime: cybercrime. To shed light on how firms respond to data breaches, we gather detailed firm-level talent hiring data from online job postings and exploit arguably exogenous data breach events, which were required to be reported by law. Using a difference-in-differences design, we find that breached firms hire significantly more cybersecurity experts. This effect is most pronounced three months after the incident announcement date and is most persistent in the Information, Finance, and Retail sectors. However, only hacks, credit card fraud and other thefts of digital information led to this effect, while theft of physical information did not.