Data pilfered from various sources is on sale for as little as $1 (around 65p, or AU$1.40) on the dark web.
A new report released by Trend Micro entitled "Understanding Data Breaches" lays bare the cost of data breaches and shows that personally identifiable information (PII) is the most common type of information stolen and ultimately the cheapest.
PII, which is able to facilitate identity fraud, is available at just $1 (around 65p, or AU$1.40) per line and for that you can get a name, full address, date of birth, social security number and other information that identifies someone personally.
What is the dark web?
The dark web, a small area of the Deep Web accessible via the Tor network, is where the data in the form of individual records and accounts is being traded willy-nilly. This includes compromised eBay, PayPal, Facebook, Netflix, Amazon and Uber accounts as well as those offered by US mobile networks, the last of which can cost as little as $14 (around £9.18, or AU$20) each.
Bank accounts are at the expensive end of the scale and sold for between $200 (around £131, or AU$287) and $500 (around £328, or AU$718) with the price dependent on the amount that is in the account. Card data works in much the same way although that is often sold in bulk for far cheaper prices.
Using the Privacy Right Clearinghouse Data Breaches database, the Trend Micro report found that hacking and malware were only responsible for 25% of incidents between 2005 and April 2015. Other reasons ranged from insiders giving away data and the use of skimming devices to loss or theft of devices such as laptops, flash drives and physical files. Unintended disclosure is also a source of data breaches.
Healthcare industry targeted the most
Payment service providers are one of the most targeted by hackers and it has meant an increase in card-related data breach reports of 169% over the last five years. They aren't the most targeted sector, however, and that dubious honour falls to the healthcare industry.
Personally identifiable information (PII) is the most common record stolen followed by card details and bank accounts. With data breaches affecting a different site on what feels like an almost fortnightly basis, this information won't come as much of a surprise although it is still very worrying.