Understanding the Illegal Market for Personal Information_dark photo of hands typing on a keyboard

Understanding the Illegal Market for Personal Information

Buying and selling personal information is big business—and unless you take precautions, your data may be at risk. Once your data is compromised, it can be difficult to completely recover. Starting with an understanding of how the illegal market for personal information works will help you better protect yourself from becoming a victim.

How the illegal market for personal data works

The dark web is hidden to most users and lacks typical security and oversight, which creates the possibility for buying and selling personal information. Since users can stay anonymous and hide their dealings, it is incredibly difficult to stop their fraudulent activities or undo the damage done to consumers.

So, how does your info make it from secure websites and your devices to the dark web? It’s typically stolen from emails, social media platforms and digital accounts through malware, phishing or confidence schemes. Cybercriminals can even access corporate databases through large-scale cyberattacks. In 2019 alone, more than four billion records were stolen through data breaches—a 54% increase over the prior year.

Regardless of the method, once thieves have access to your data, they will either use it themselves or sell it on the dark web.

Most valuable types of personal information

Each piece of personal info has a price tag. A Social Security number may sell for as little as $1. Credit card, debit card and banking info can go for as much as $110. Usernames and passwords for non-financial institution logins are $1, but it can range from $20 to $200 for login info for online payment platforms.

Other types of info go for hundreds to thousands of dollars, such as:

  • Diplomas
  • Passports
  • Medical records

When the data is collected from a big data breach or successful phishing campaign, you can bet that even the seemingly small amounts add up fast.

Like any marketplace, prices vary as well, leaving the fraudsters waiting on the very best moment to sell your data—it could be years before your stolen data is used. That’s why you might not even notice an issue until long after the original incident.

Minimize the impact of data breaches

If there’s a data breach, it’s often out of your control; however, you are not completely defenseless. How you choose to manage your data, including which sites you trust, and how many keep your data can play an important role in your overall level of risk. If you don’t consistently use and find ongoing value from an account, then you may consider deleting your information from the site, or not providing your info in the first place. It’s impossible to anticipate where a data breach may occur, but limiting the sources for discovering your information could make a big difference in your overall data security.

If you do have to create a digital account, always use a completely unique username and password for each one. Use the strongest password possible as well by following best practices, including:

  • Skipping any words you can find in the dictionary
  • Using numbers and symbols in unexpected places
  • Making each password well over 10 characters long

Using strong and unique usernames and passwords may seem too complicated; however, it greatly reduces your risk of one compromised account leading to several accounts becoming compromised. If a cybercriminal obtains the unique info for one account, the breach stops there. They cannot use that information to try to log into other accounts, affording your overall digital presence a layer of security. Additionally, password management software can help make managing strong passwords easier without sacrificing overall security.

Understanding the Illegal Market for Personal Information_personal info dsiplayed on a cybercriminals monitor

Data breaches may allow hackers to gather much more than your username and password, so, establishing unique credentials alone may not keep all of your info secure. Any other info available in the breach may also become available; including your full name, birthdate and financial information. If you’ve ever uploaded your driver’s license or other documents into the system, they could access that too. To avoid unnecessary exposure, consider limiting the info that you provide to non-essential accounts and be selective about where you maintain accounts. Minimizing your quantity of digital accounts and limiting the information within each will help keep your data safe.

Evaluating your exposure to past data breaches

When companies experience a data breach, they are required to let you know. However, you may not receive the notification, or you may not have realized the importance if there was not an immediate negative impact. Practice due diligence in financial security by periodically researching data breaches on your own.

For example, you can check to see if your email address has been involved in a breach by using the “Have I Been Pwned” website. The system will let you know how many data breaches have involved your email.

For a more proactive approach, you can sign up for an identity theft monitoring program to monitor your personal data security and add identity theft insurance. Typically, you will have to pay a fee for this service, though it might be well worth it for the peace of mind and protection.

Protecting your personal data

Protecting your personal data starts with recognizing that all of your data could have value to thieves. If cybercriminals obtain the right combination of data, they can open credit accounts in your name, access your financial accounts, make purchases with your info or sell your identity to others. The three most important steps that you can take to protect yourself from fraud and identity theft include:

  • Use a password manager to diversify your login info across all accounts
  • Reduce your exposure to data breaches by eliminating unnecessary digital accounts
  • Add identity theft monitoring services and identity theft insurance

Aside from data breaches, other common ways for discovering your personal data include phishing, vishing, smishing and malware. You can learn more about how to protect yourself from cybercrime by downloading our eBook The OnPoint Guide to Personal Cybersecurity.

Note: Email should not be used to share important or sensitive information.

The security and privacy of your information is important to us. When communicating with us via email please do not send any information that is considered confidential or sensitive in nature. If you need to communicate any personal information (account numbers, social security number, etc.) please feel free to call the number listed in my profile or contact OnPoint Member Services at 503.228.7077 or 800.527.3932.



You are leaving OnPoint Community Credit Union.

The website you are about to visit is the responsibility of the party providing the site. Any transactions you enter into through this third-party site are solely between you and that vendor, merchant or other party. OnPoint’s Privacy Policy does not apply to this third-party site, and for further information you should consult the privacy disclosures of this site.



Cancel Accept