Why cybercriminals want your personal data
by Joe Ross - President at CSID - Tuesday, 12 November 2013.
Over the past few years, the personal data theft landscape has changed as online behaviors and activities evolve. Online shopping is more popular than ever, businesses are storing sensitive information in the cloud and 16 minutes out of every hour spent online is spent on a social network.

As consumer habits have changed, so have cyber criminals’ strategies. Personal data is widely available and it gets into the wrong hands, the aftermath can be hugely detrimental to the victim.

How personal data theft has changed

When it comes to personal data theft, criminals will follow the money. Ten years ago, this meant stealing credit and debit card information to make unauthorized purchases and using stolen Social Security numbers to create new identities and open lines of credit.

Today, seemingly harmless details like email addresses and passwords, a mother’s maiden name and date of birth, even high school mascots and pet names are valuable to an identity thief. A mother’s maiden name or high school mascot can help answer security questions to reset a password. An email address or password can provide access to an online bank account.

The methods of personal identity theft have changed as well. Before the advent of online banking, ecommerce and social networks, the typical method of personal identity theft was stealing information from a wallet or purse, filing a change of address form with the post office to divert and secure credit card applications – low tech methods with minimal returns.

In 2013, identity theft is one of the fastest growing crimes in the U.S. According to Javelin Strategy and Research, some 12.6 million Americans were victims of identity theft in 2012 – roughly one million more than 2011. 2013 numbers are on track to be even higher.

To better understand this crime, it helps to understand what personal data is worth to an identity thief. The average identity thief doesn’t steal data to use for him or herself. In most cases, they take the personal information and sell it on the online black market. It can be surprising what an individual’s personal information is worth.

Based off of what we’ve seen at CSID, a credit card number, name and date of birth can sell for $13. A Social Security Number can go for $20. A bank account with a balance of $10,000 goes for an average cost of $625. Even the value of a person’s social media account has worth. According to RSA, 10,000 followers on Twitter sell for $15. 1,000 likes on Facebook sell for $15.

Why your personal information is valuable to others

One of the most alarming aspects of personal data theft is the threat to an individual’s financial situation. Identity thieves often want to gain control of someone’s identity for the purpose of gaining access to finances, including bank accounts and lines of credit. Thieves can use personal information to take out loans, credit cards, even mortgages. They can use a Social Security Number to file for a tax refund. The IRS reported earlier this year that it had stopped the distribution of $4.2 billion in fraudulent tax refunds associated with 860,000 tax returns that involved identity theft. According to Javelin research, the average identity theft victim spends 500 hours and more than $3,000 repairing the damage done to their credit.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th