According a 2022 poll by Ipsos, 84% of Americans are highly concerned about their personal data safety and privacy on the internet. Further, 37% reported that they have fallen victim to an online data breach. More specifically, 86% of Americans believe that businesses and organizations collect more information than they need and 51% are worried that this data could fall into the wrong hands.
Given the growing concern Americans have regarding data privacy as shown in the statistics above and in honor of data privacy week, our analysts decided to shed some light on what data privacy is, why it is important to understand, the role the darknet plays in data privacy and how DarkOwl views data privacy. According to the National Cybersecurity Alliance, the goal of Data Privacy Week is to spread awareness about online privacy – data privacy should be a priority both for individuals and organizations.
According to the Storage Networking Industry Association “data privacy, sometimes also referred to as information privacy, is an area of data protection that concerns the proper handling of sensitive data including, notably, personal data but also other confidential data, such as certain financial data and intellectual property data, to meet regulatory requirements as well as protecting the confidentiality and immutability of the data.”
Personal data or Personally Identifiable Information (PII) is data tied to a specific individual that could potentially identify them. This would include one’s social security number, address, contact information, medical records, online behavior and more. Data privacy is the idea that an individual can decide what personal information to share and with whom.
As the internet plays a vital role in our daily lives, data privacy importance continues to increase. Understanding what you are sharing and how that information is being used is increasingly vital to ensure your data is protected.
A recent study conducted by Imperva revealed that 42.7% of the time, hackers go after personally identifiable information (PII). The number of compromised records year-over-year has grown 224% since 2017 and cybercriminals target PII on the darknet, as it is the most valuable information to then commit fraud or identity theft. The darknet continues to grow at an alarming rate, and as the darknet data market grows with increased product variety and volume, prices fall.
DarkOwl’s Vision UI is the industry leading platform for analysts to simply, safely, and comprehensively search the largest commercially available source of darknet data.
The data stored in DarkOwl’s repository offers a stark glance into the vast amount of PII exposed on the darknet and deep web. As of time of publishing, DarkOwl’s database contains:
One of the ways that threat actors leverage the trove of PII on the darknet – including data such as credential, healthcare, and account information – is to cross reference data with other potentially unconnected information (like CC numbers) to parse together and exploit payment information. This often includes hacked and verified credit cards, some of which come with a pre-disclosed balance.
DarkOwl frequently observes these types of items for sale on darknet marketplaces, as pictured here.
According to a recent study done by Privacy Affairs, credit card data, such as a Walmart account with credit card information, can be purchased for just $10 and a USA backed credit card details with CVV for just $17.
By having visibility into the exposed data on the darknet, businesses can ensure their clients and customers PII is not being exploited for financial gain.
The National Cybersecurity Alliance provides lots of tips and tricks to help individuals protect and manage their personal data, from adjusting privacy settings to turning on multi-factor authentication (MFA) and how to identify phishing messages. This article from CyberNews also provides tips and free tools to protect your data.
Some tips from DarkOwl analysts:
For some interesting statistics around passwords, check out our infographic and more information on password best practices, check out our blog.
For businesses, the Federal Trade Commission provides a great resource when it comes to protecting personal information for their employees and customers, as most all companies keep some level of personal information in their files. If this information is leaked or falls into the wrong hands, there is a large risk of reputational and financial loss, not to mention law suites. As the FTC states, “safeguarding personal information is just plain good business.”
Additional tips from DarkOwl’s IT and Security Teams center around honing in what matters the most to your business. For example, a company that houses large quantities of sensitive customer data in-house will likely need to focus on safeguarding that information via internal measures to a greater extent than a company that works with third party companies to store such information. In the latter case, a greater emphasis may be placed on managing potential risks to the vendor storing this customer data, as well as putting additional restrictions around email communications and network privileges granted to that vendor.
Phrased differently, in order for companies to keep their data safe, security teams need to audit and assess what data is the most vital to protect the operations and privacy of the organization and its customers, as well as what type of data that is. Once determined, business should:
Further recommendations include:
DarkOwl considers Data Privacy to be one of the most paramount aspects of business’ cybersecurity posture. To put this into practice, we have continually invested in technologies and practices that ensure that both our internal system data, and all information related to our clients and partners are highly protected.
For example, customer search and query information process by the DarkOwl API offerings is not saved or logged for any period. Furthermore, all end-user login information is safeguarded in accordance with the most up-to-date privacy and security recommendations, including least privilege access parameters as well as others that minimize human risk.
Of additional note, none of the data we collect is purchased or illegally obtained, making DarkOwl the most prolific darknet dataset in the industry to exist on the market that does not enable or perpetuate cybercrime. You can find out more about where we get our data here.