A new report has put a hard price on an individual data breach — and demonstrated just how cheaply cybercriminals sell off our sensitive stolen financial data.
The latest research reveals that credit and debit card information taken from unsuspecting Canadians is often packaged up and sold for less than the price of a tank of gasoline on the black market. The report from Intel Security and McAfee Labs, titled The Hidden Economy: The Marketplace for Stolen Digital Information, shows that Canadian card information sells for as little as $20 to $40 to prospective buyers and cybercriminals.
“Like any unregulated, efficient economy, the cybercrime ecosystem has quickly evolved to deliver many tools and services to anyone aspiring to criminal behaviour,” said Raj Samani, CTO for Intel Security EMEA, in a statement. “This ‘cybercrime-as-a-service’ marketplace has been a primary driver for the explosion in the size, frequency, and severity of cyber attacks. The same can be said for the proliferation of business models established to sell stolen data and make cybercrime pay.”
The research examined prices for various types of stolen data — primarily card data, bank account login details, online payment service credentials and hospitality loyalty login info — for victims from a swath of Western nations and provided an intriguing comparison. For example, the sticker price for debit/credit info dipped even further for cards from South of the Canadian border — American card info only fetched $5 to $30.
Based on the report’s findings, any cybercriminal with an extra $40 could also obtain every detail of a particular Canadian card and its owner. And the loss of this kind of information could lead to disastrous results for the data’s owner — including drained bank accounts and potential identity theft.
“A criminal in possession of the digital equivalent of the physical card can make purchases or withdrawals until the victim contacts the card issuer and challenge the charges,” said Samani. “Provide that criminal with extensive personal information which can be used to ‘verify’ the identity of a card holder, or worse yet allow the thief to access the account and change the information, and the potential for extensive financial harm goes up dramatically for the individual.”
To compile the information for the report, the McAfee Labs team partnered with IT security specialists and law enforcement to observe and assess dark web destinations where sensitive data was bought and sold on the digital black market.