Here's how much thieves make by selling your personal data online
The dark web is where the marketplaces for stolen data exist. The dark web exists on the "deep web," which is the part of the internet that is not catelogued by normal search engines, like Google. To access these dark corners of the internet special software called Tor must be used.
While credit card information can sell for only a few bucks on black market websites, health records run about $50 per record, according to a report by Dell SecureWorks. Bank account information is a higher ticket item and can sell for $1,000 or more depending on how much money is in the account.
Buyers can even buy someone's social media account for about $50 or get an entirely new identity plus a matching utility bill for only about $350.
Here's a quick look at what other personal information goes for on the dark web, according to the report:
- Bank credential: $1,000 plus (6% of the total dollar amount in the account)
- U.S. credit card with track data (account number, expiration date, name and more): $12
- EU, Asia credit card with track data: $28
- Hacking into a website: $100 to $300
- Counterfeit social security cards: $250 and $400
- Counterfeit driver's license: $100 to $150
But criminals aren't the only ones paying for your lost personal information. Companies that are affected by data breaches are having to shell out a lot of money for each record that gets leaked in a data breach.
The average global cost of a lost or stolen data record for a company in 2014 was $154, that's a 23% increase since 2013, according to a study by IBM and the Ponemon Institute published Wednesday. The cost includes the forensic and investigative work needed to address a breach, as well as the cost of identity theft programs for people whose records were leaked.
Healthcare companies are having to pay the most with the average price for a lost data record coming to $363. And retailers' cost per record went from $105 in 2013 to $165 in 2014.
The surge in data breaches, specifically those caused by organized crime, is driving the cost of lost or stolen records for companies, said Marc van Zadeloff, vice president of strategy and product for IBM security.
In the US alone, there was a total of 783 data breaches last year, a 27.5% increase from 2013, according to the Identity Theft Resource Center. And according to the IBM report, 47% of breaches in its study were caused by a malicious or criminal attack.
"As you see the rise of malicious organized criminals, they become harder to track and trace and remediate," Zedeloff said. "These criminals on the dark web are collaborating, sharing techniques and malware and when they break in, they are very good. They are able to stay on systems longer, they are stealthier and therefore they are more costly for organizations."
While consumers who are affected by a breach may be provided identity theft insurance, there's still a few things they can do to take their security into their own hands, Zedeloff said.
First, never use the same password for a service and change passwords regularly. Second, make sure to have the latest security on all of your devices and use two factor authentication when available. And last, keep an eye out for any kind of suspicious activity. Whether it's a shady email, a friend request from someone you don't know or odd activity on any of your accounts, be proactive in monitoring everything from your social accounts to your bank accounts.