The Lucrative Cost of Cybercrime of PII

At a rate of three new breaches per day in 2018, the selling of Personal Identifiable Information (PII) is a growing and lucrative marketplace. Every week new underground storefronts pop up on the dark web ready to facilitate the sale of stolen PII, including names, birthdates, Social Security numbers, credit card and banking information, and even voter records.

For an unbelievably small investment, cybercriminals can walk off with valuable personal information:

$1 for Social Security number (SSN)

$1+ for Medical records (depending on how complete)

$5 for Credit card and CVV number

$20 for Payment services

$20 for Driver’s license

$30 for Credit Card Fullz*

$1,000+ for U.S. Passport

*Fullz is a bundle of information that includes a “full” package of name, SSN, birth date, account numbers, voter records and other data that make them desirable since they can often do a lot of immediate damage.

Intellectual property, corporate trade secrets, and investment information can go for substantially more, but their payout is significantly higher as well and has a limited clientele.

Like going to your farmers’ market, the “harvested” information can be sold individually or in bulk, with vetted information — that proven legitimate — getting a higher price than those not vetted. And like any retail market, most stolen data prices follow the principles of supply and demand.

It’s not only personal information up for sale in the market. Threat actors advertise their services, looking for nefarious business partners. Empire Market, a dark web marketplace, saw its user base double from 3,000 listings in April 2018 to more than 6,000 listings in July of that year.

Some personal data is acquired one-off from individuals who gave it willingly, though unknowingly, most is gained from cyberattacks aimed at large organizations, such as government agencies, financial institutions, healthcare facilities, and credit card companies.

Though the cost may be low for the criminals to get this information, it can mean substantial fines, a damaged reputation, decrease in stock prices, and lost jobs for the organization that let it happen.

Find out how Spirion can help you protect your business’s and customers’ sensitive data – Learn More!