How much do you think a criminal would pay for your company’s sensitive data that’s been stolen by hackers? As it turns out, your data may not be worth as much as you may think, and that’s a bad thing for you and your business.
Where (and How) Data is Sold
When your data is stolen, it will more than likely be put up for sale on the dark web. The dark web is only accessible via specialized identity-cloaking software. Many of the pages offering stolen data and illegal services look just like a ‘normal’ sales website would, complete with buyer ratings. These dark websites offer caches of stolen data that other criminals would find useful, and sing cryptocurrency like Bitcoin, anyone can buy stolen identities or credentials.
Let’s assume for a moment that you fell victim to a cybercriminal that managed to steal the information for a variety of corporate bank accounts and credit cards. A buyer can access the seller’s page and specify what information they are looking for, which will influence the price of the information. Buyers can request specific information such as:
- The kind of credit card, like Visa, MasterCard, etc.
- The card’s security codes
- Any associated login credentials
- The card’s expiration date
- The name that appears on the card
- The card holder’s credit score
- The Social Security Number associated with the card
- The card holder’s date of birth
- History of where the card has been used
- The original owner’s mother’s maiden name.
Once the purchaser has selected which information they want, the cost is calculated and the data can be downloaded.
Like any business transaction, the price for stolen data is subject to the laws of economics. The less that the data is currently available, the higher the price will be. Alternatively, if a recent hack has flooded the black market with a massive supply of the desired data, then prices are apt to decrease significantly.
Due to the rapid changes that this black market experiences, these prices vary wildly. On average, the data from a stolen credit card will cost someone somewhere between $13 to $21. These cards are typically bought will a comprehensive (or very nearly) set of the associated information, denoted as “fullz” in dark web jargon.
Pricing for other types of data is a little different. Many cybercriminals are mostly interested in online payment service accounts, which are priced based off of account balances. Bank account information can vary from $100 for a $2,000-account, to $1,000 for a $15,000-account, while electronic medical records can bring a cybercriminal $350 each.
What This Means
These days, it’s more important than ever to secure your company’s data against theft. Cybercriminals tend to reach for the low-hanging fruit when selecting a target. 4IT can help you put the security measures in place to keep your data secure and off the dark web. Give us a call at 305-278-7100.