Why cybercriminals want your personal data

Over the past few years, the personal data theft landscape has changed as online behaviors and activities evolve. Online shopping is more popular than ever, businesses are storing sensitive information in the cloud and 16 minutes out of every hour spent online is spent on a social network.

As consumer habits have changed, so have cyber criminals’ strategies. Personal data is widely available and it gets into the wrong hands, the aftermath can be hugely detrimental to the victim.

How personal data theft has changed
When it comes to personal data theft, criminals will follow the money. Ten years ago, this meant stealing credit and debit card information to make unauthorized purchases and using stolen Social Security numbers to create new identities and open lines of credit.

Today, seemingly harmless details like email addresses and passwords, a mother’s maiden name and date of birth, even high school mascots and pet names are valuable to an identity thief. A mother’s maiden name or high school mascot can help answer security questions to reset a password. An email address or password can provide access to an online bank account.

The methods of personal identity theft have changed as well. Before the advent of online banking, ecommerce and social networks, the typical method of personal identity theft was stealing information from a wallet or purse, filing a change of address form with the post office to divert and secure credit card applications – low tech methods with minimal returns.

In 2013, identity theft is one of the fastest growing crimes in the U.S. According to Javelin Strategy and Research, some 12.6 million Americans were victims of identity theft in 2012 – roughly one million more than 2011. 2013 numbers are on track to be even higher.

To better understand this crime, it helps to understand what personal data is worth to an identity thief. The average identity thief doesn’t steal data to use for him or herself. In most cases, they take the personal information and sell it on the online black market. It can be surprising what an individual’s personal information is worth.

Based off of what we’ve seen at CSID, a credit card number, name and date of birth can sell for $13. A Social Security Number can go for $20. A bank account with a balance of $10,000 goes for an average cost of $625. Even the value of a person’s social media account has worth. According to RSA, 10,000 followers on Twitter sell for $15. 1,000 likes on Facebook sell for $15.

Why your personal information is valuable to others
One of the most alarming aspects of personal data theft is the threat to an individual’s financial situation. Identity thieves often want to gain control of someone’s identity for the purpose of gaining access to finances, including bank accounts and lines of credit. Thieves can use personal information to take out loans, credit cards, even mortgages. They can use a Social Security Number to file for a tax refund. The IRS reported earlier this year that it had stopped the distribution of $4.2 billion in fraudulent tax refunds associated with 860,000 tax returns that involved identity theft. According to Javelin research, the average identity theft victim spends 500 hours and more than $3,000 repairing the damage done to their credit.

The dangers of personal data theft go beyond financial repercussions. Medical ID theft is now the fastest growing type of fraud. The Medical Identity Fraud Alliance found that the number of medical identity theft victims has increased significantly this year – by 19% from 1.5 million victims in 2012 to 1.8 million in 2013. Medical fraud is especially alarming, as identity thieves can use stolen health-insurance numbers to file false claims, secure prescriptions or even gain access to medical care, which often results in incorrect medical records, misdiagnoses, incorrect prescriptions and high medical bills for the victim.

Even seemingly innocuous personal information like an email address or a pet’s name can hold value to identity thieves. As we share more online, we make it easier for identity thieves to piece together profiles that can be used for fraud. For example, a pet’s name and mother’s maiden name can be used to answer common password reset security questions or even be used as a password. And while it may seem time intensive for an identity thief to guess a password on each and every banking and ecommerce site out there, it’s not. There are programs available that can test a suspected login credential against hundreds of ecommerce sites or financial sites in a matter of seconds. All the identity thief needs is an email address and a guess at a password.

The bottom line
Personal data theft can have major repercussions ranging from financial annoyances to financial ruin, from a hacked social media profile to a compromised Amazon account. Evolving digital trends such as a propensity to share more and more online have caused cyber criminals to reimagine ways to steal personal data. People can best defend against cyber criminals by staying educated, keeping abreast of their credit reports and medical records, being cognizant of what they share online, and using an identity monitoring service that can keep an eye on their identity in obscure places online and offline. The risks and repercussions of personal data theft apply to everyone. Be aware of these risks and always take a proactive approach to defend against the ever-evolving trends in personal data theft.