Buying and selling personal information is big business, and unless you take precautions, your data may be at risk. Once your data is compromised, it can be difficult to completely recover. Understanding how the illegal market for personal information works will help you better protect yourself from becoming a victim.
How the illegal market for personal data works.
The dark web is hidden from most users and lacks typical security and oversight, which creates the possibility of buying and selling personal information. Since users can stay anonymous and hide their dealings, it is incredibly difficult to stop their fraudulent activities or undo the damage done to consumers.
So, how does your info make it from secure websites and your devices to the dark web? It’s typically stolen from emails, social media platforms, and digital accounts through malware, phishing, or confidence schemes. Cybercriminals can even access corporate databases through large-scale cyberattacks. In 2023 alone, over 17 billion records were stolen through data breaches—a 34.5% increase over the prior year.
Regardless of the method, once thieves have access to your data, they will either use it themselves or sell it on the dark web.
Most valuable types of personal information.
Each piece of personal info has a price tag. A Social Security number may sell for as little as $1. Credit cards, debit cards, and banking info can go for as much as $110. Usernames and passwords for non-financial institution logins are $1, but it can range from $20 to $200 for login info for online payment platforms.
Other types of info go for hundreds to thousands of dollars, such as:
- Diplomas
- Passports
- Medical records
When the data is collected from a big data breach or successful phishing campaign, you can bet that even the seemingly small amounts add up fast.
Like any marketplace, prices vary as well, leaving the fraudsters waiting on the very best moment to sell your data—it could be years before your stolen data is used. That’s why you might not even notice an issue until long after the original incident.
Minimize the impact of data breaches.
If there’s a data breach, it’s often out of your control―however, you are not completely defenseless. How you choose to manage your data, including which sites you trust and how many keep your data, can play an important role in your overall level of risk. If you don’t consistently use and find ongoing value in an account, you may consider deleting your information from the site or not providing your info in the first place. It’s impossible to anticipate where a data breach may occur, but limiting the sources for discovering your information could make a big difference in your overall data security.
If you do have to create a digital account, always use a completely unique username and password for each one. Use the strongest password possible as well by following best practices, including:
- Skipping any words you can find in the dictionary
- Using numbers and symbols in unexpected places
- Creating passwords well over 10 characters long
- Consider using a passphrase instead of a password
Using strong and unique usernames and passwords may seem complicated; however, it greatly reduces your risk of one compromised account leading to several accounts becoming compromised. If a cybercriminal obtains the unique info for one account, the breach stops there. They cannot use that information to try to log into other accounts, affording your overall digital presence a layer of security. Additionally, password management software can help make managing strong passwords easier without sacrificing overall security.
Data breaches may allow hackers to gather much more than your username and password, so establishing unique credentials alone may not keep all of your info secure. Any other info available in the breach may also become available, including your full name, birth date, and financial information. If you’ve ever uploaded your driver’s license or other documents into the system, they could access that, too. To avoid unnecessary exposure, consider limiting the info that you provide to non-essential accounts and be selective about where you maintain accounts. Minimizing your quantity of digital accounts and limiting the information within each will help keep your data safe.
Evaluating your exposure to past data breaches.
When companies experience a data breach, they are required to let you know. However, you may not have received the notification, or you may not have realized its importance if there had not been an immediate negative impact. Practice due diligence in financial security by periodically researching data breaches on your own.
For example, you can check to see if your email address has been involved in a breach by using the “Have I Been Pwned” website. The system will let you know how many data breaches have involved your email.
For a more proactive approach, you can sign up for an identity theft monitoring program to monitor your personal data security and add identity theft insurance. Typically, you will have to pay a fee for this service, though it might be well worth it for the peace of mind and protection.
Protecting your personal data.
Protecting your personal data starts with recognizing that all of your data could have value to thieves. If cybercriminals obtain the right combination of data, they can open credit accounts in your name, access your financial accounts, make purchases with your info, or sell your identity to others. The three most important steps that you can take to protect yourself from fraud and identity theft include:
- Use a password manager to diversify your login info across all accounts
- Reduce your exposure to data breaches by eliminating unnecessary digital accounts
- Add identity theft monitoring services and identity theft insurance
Aside from data breaches, other common ways to discover your personal data include phishing, vishing, smishing, and malware. You can learn more about how to protect yourself from cybercrime by downloading our eBook, The OnPoint Guide to Personal Cybersecurity.