What is the true cost of identity theft?

With fraud and identity theft taking place on an industrial scale, it's no surprise your customers & employees expect business to safeguard them. The cyber and identity theft landscape is complex and unpredictable. When attacks happen, they happen fast, in just minutes.

Did you know? - 80% of Cybercrime starts with identity theft

Data breaches and cyber-attacks seem to be recurring news of late, primarily due to the mandatory reporting of a data breach to the supervisory authority within 72 hours of it occurring. No more secrets and no more sweeping incidents under the carpet. As with most organizations, primary focus is on the prevention of these attacks ever becoming successful and not necessarily the processes that need to be in place, to recover from these potentially devastating breaches.

Unfortunately, these security barriers do fail and consequently we’ve seen some of the corporate giants succumb to the endless onslaught of cyber-attacks that are being executed per minute & per second on a mass scale all over the world.

An endless list of large organizations falling prey to tenacious hackers whose intention is to wreak havoc, to damage and seek reward. The fines associated with these breaches can be enormous, not forgetting the reputational damage associated with these incidents.

Where does my stolen personal data go?

Most likely Identity thieves will use the Dark Web to buy and sell personal information. If you have ever been a victim of a data breach, the Dark Web is a place where your sensitive information might live. If your information is there, criminals can potentially use it to commit fraud. The Dark Web is the part of the World Wide Web that is only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable.

How is this Information purchased by Identity Thieves on the Dark Web?

There are three main ways that personal information is commonly bought and sold on the dark web:

• Purchase data as a one-off, such as a Social Security number
• Purchase bulk data, batches of the same types of information
• Purchase bundled data, this is the "premium" package for identity thieves as it includes various types of information that are bundled together

Did you know? Every second in the day, 12 people online become a victim of identity theft; more than 1 million victims around the world EVERY day

What is my personal information worth?

The answer may surprise you. The fact is various pieces of information may be more valuable to criminals and it depends on a variety of factors. Here are some of the most common pieces of information sold on the dark web and the general range of what they're worth—or rather can sell for:

• Social Security number: €1
• Credit or debit card (credit cards are more popular): €5-€110; With CVV number: €5; With bank info: €15
• Driver's license: €20
• Passports (US): €1000-€2000
• Medical records: €1-€1000*

What is your obligation as organization when a breach is discovered?

Article 34(2):  According to this provision, the controller should at least provide the following information:

• a description of the nature of the breach;
• the name and contact details of the data protection officer or other contact point;
• a description of the likely consequences of the breach; and
• a description of the measures taken or proposed to be taken by the controller to address the breach, including, where appropriate, measures to mitigate its possible adverse effects.

Source European Commission: https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612052

‘Response and recovery are just as important as protection and detection. A post breach or contingency plan will help reduce the amount fined for the data beach and soften the impact on your organizations image’

How do Experian Approach this?

• We can help organizations by implementing or co-implementing an Identity Theft Protection Education and Awareness Program. Turning this threat in to a business advantage, protecting both your customers and employees.
• Subscribing to our service – will allow you to monitor activity on the Dark Web, Internet and Social Networks to proactively detect stolen PII (Personally Identifiable Information) and see if it is being traded and/or sold online.
• This monitoring provides you with alerts that drives responses and recovery to your customers and employees and will continue to educate them in the protection of their identities and can also help,
• When a live incident occurs, we work with you to finalize and activate the notification fulfilment, call centre support and web/credit monitoring services to affected individuals.

More importantly, your company will be able provide evidence to the regulator that steps have been taken, to not only educate and alert of such incidents, but also to aid in recovery and restoration.

Would you like to know more?

Please do not hesitate to contact me on the details below.

Download our white paper analyzing the impacts and remedies of data breaches - https://www.experian.com.pl/digital-onboarding/cyberagent-whitepaper.html

Andrew Vayro - Experian

?? [email protected]

?? +31 6 55395640