Dark web trade with Aussie’s personal data on the rise
Share
With almost one thousand notifiable data breaches reported in Australia last year, most victims have not yet realised their personal data ends up on the dark web.
According to the Office of the Australian Information Commissioner, last year’s data breaches have increased by over six per cent over the second half of 2021 alone.
Contact details are most commonly stolen, followed by the date of birth, passport and driver’s licence information and financial data like bank accounts and credit card particulars.
Aside from this, almost 18 per cent of all breaches targeted the health sector, with medical records being the hottest commodity. Other data breaches happened in the finance sector along with legal, accounting and management services.
The breaches were commonly committed through a process called phishing, where hackers trick people into giving up access to company customer databases and then stealing multiple personal files.
“Once the data is stolen, hackers sort the information into what is most valuable including details such as names, emails, passwords, personal identifiers, phone numbers and addresses,” cybersecurity expert Lawrence Patrick from security firm Zirilio said.
“The data is then repackaged and sold to other hackers on the dark web on marketplace websites”.
Marketplaces have even been created on the dark web to traffic personal information from as little as $20 for PayPal accounts to $4500 for medical records, crypto account details up to $550, driver’s licences for up to $200 and Facebook or Instagram log-ins to $50-60.
Most of the data appearing on the dark web are believed to be harvested from hacks of large companies.
According to IBM’s 2021 Cost of a Data Breach Report, it took organisations an average of 212 days to realise they’ve been hacked and 75 more to contain the breach.
“This means your personal information is out in the wild being bought and sold and traded by hackers for almost a year before the problem is fixed,” Mr Patrick said.
“It is likely your existing password has already been compromised and is being sold. Use strong passwords on your accounts and don’t re-use the same password everywhere.”
Phones or browsers can also issue alerts when details are leaked, while both Apple and Google have free built-in password managers and there are several payment options with extra features.
With AAP
Eliza is a content producer and editor at Public Spectrum. She is an experienced writer on topics related to the government and to the public, as well as stories that uplift and improve the community.