What is Your Personal Information Worth on the Dark Web?

By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow

The dark web is often known for the illegal activities conducted there, and while not everything on the dark web is illegal, it’s most appealing factor is its anonymity. The dark web is often a place where stolen data and personal information is bought and sold following a data breach or hacking incident. An article on Experian takes a look at what your personal information is worth on the dark web and how you can help protect yourself from being exposed.

How much is your information worth to an identity thief on the dark web?

Social Security number: $1

Credit or debit card (credit cards are more popular): $5-$110

With CVV number: $5

With bank info: $15

Fullz info: $30

Note: Fullz info is a bundle of information that includes a “full” package for fraudsters: name, SSN, birth date, account numbers and other data that make them desirable since they can often do a lot of immediate damage.

Online payment services login info (e.g. Paypal): $20-$200

Loyalty accounts: $20

Subscription services: $1-$10

Diplomas: $100-$400

Driver’s license: $20

Passports (US): $1000-$2000

Medical records: $1-$1000*

*Depends on how complete they are as well as if it’s a single record or an entire database

General non-Financial Institution logins: $1

Note: Prices can vary over time and prices listed below are an estimation and aggregation based on reference articles and hands on experience of Experian cyber analyst the last two years.

How are criminals purchasing this information on the dark web?

Information can be bought and sold a variety of ways on the dark web, however the most common include:

  1. Purchasing data as a single item, such as a Social Security number.
  2. Purchasing bulk data, such as batches of the same information.
  3. Purchasing bundled data containing various types of information bundled together.

The cost of personal information on the dark web fluctuates, but what is responsible for the change?

The four main factors driving the cost of personal information on the dark web include:

  1. The type of data and the demand for it. The cost often depends on the type of data and the need or ability to use that data.
  2. The supply of the data. If there is less data available for a cybercriminal to purchase, the value of that data increases.
  3. The balance of the accounts. The higher the balance in the stolen account, the higher the cost of the data. The balance could be the amount of money in a particular account as well as points value (i.e., a loyalty account).
  4. Limits or the ability to reuse the data. If the data being purchase can only be used once, the value of that data is worth less to a cybercriminal than data that can be reused multiple times or across various platforms.

How can you protect yourself?
Data breaches are becoming increasingly common and are often outside of your control. It is important to help minimize your risk of a hacker gaining access to your accounts by utilizing healthy password practices and by keeping your personal information private unless it is absolutely necessary to share. Keeping antivirus software and all other software up to date will also play a crucial role in protecting your information, as these updates could contain security patches to fix potential vulnerabilities that could expose your information.

It is also recommended to run a dark web scan on your email address, utilize a dark web monitoring tool and monitor your credit report for potential red flags that your identity may have been compromised.

This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.