Data Privacy: The Basics

January 27, 2023

According a 2022 poll by Ipsos, 84% of Americans are highly concerned about their personal data safety and privacy on the internet. Further, 37% reported that they have fallen victim to an online data breach. More specifically, 86% of Americans believe that businesses and organizations collect more information than they need and 51% are worried that this data could fall into the wrong hands. 

Given the growing concern Americans have regarding data privacy as shown in the statistics above and in honor of data privacy week, our analysts decided to shed some light on what data privacy is, why it is important to understand, the role the darknet plays in data privacy and how DarkOwl views data privacy. According to the National Cybersecurity Alliance, the goal of Data Privacy Week is to spread awareness about online privacy – data privacy should be a priority both for individuals and organizations. 

An Intro to Data Privacy 

According to the Storage Networking Industry Association “data privacy, sometimes also referred to as information privacy, is an area of data protection that concerns the proper handling of sensitive data including, notably, personal data but also other confidential data, such as certain financial data and intellectual property data, to meet regulatory requirements as well as protecting the confidentiality and immutability of the data.” 

Personal data or Personally Identifiable Information (PII) is data tied to a specific individual that could potentially identify them. This would include one’s social security number, address, contact information, medical records, online behavior and more. Data privacy is the idea that an individual can decide what personal information to share and with whom. 

As the internet plays a vital role in our daily lives, data privacy importance continues to increase. Understanding what you are sharing and how that information is being used is increasingly vital to ensure your data is protected. 

Cybercriminals Are After Your Personally Identifiable Information (PII)

A recent study conducted by Imperva revealed that 42.7% of the time, hackers go after personally identifiable information (PII). The number of compromised records year-over-year has grown 224% since 2017 and cybercriminals target PII on the darknet, as it is the most valuable information to then commit fraud or identity theft. The darknet continues to grow at an alarming rate, and as the darknet data market grows with increased product variety and volume, prices fall.

PII and Credentials

DarkOwl’s Vision UI is the industry leading platform for analysts to simply, safely, and comprehensively search the largest commercially available source of darknet data.

The data stored in DarkOwl’s repository offers a stark glance into the vast amount of PII exposed on the darknet and deep web. As of time of publishing, DarkOwl’s database contains:

  • 392,474 Unique social security numbers
  • 9,333,991,605 Email Addresses
  • 2,543,145,887 Unique email with associated passwords 
  • 1,974,025,999 IP Addresses
  • 16,725,211 Credit Card Numbers
Figure 1: Example of PII being offered for sale on a Tor darknet site, including Social Security Numbers, Source: DarkOwl Vision
Figure 2: Example of Corporate Gmail accounts being sold for as little as $13.16 USD on a darknet marketplace, Source: DarkOwl Vision

Exploitable Financial Banking/Credit Card Info

Figure 3: Breakdown of exposed Credit Card Numbers in DarkOwl’s data by type, Source: DarkOwl Vision

One of the ways that threat actors leverage the trove of PII on the darknet – including data such as credential, healthcare, and account information – is to cross reference data with other potentially unconnected information (like CC numbers) to parse together and exploit payment information. This often includes hacked and verified credit cards, some of which come with a pre-disclosed balance.

DarkOwl frequently observes these types of items for sale on darknet marketplaces, as pictured here.

According to a recent study done by Privacy Affairs, credit card data, such as a Walmart account with credit card information, can be purchased for just $10 and a USA backed credit card details with CVV for just $17.

By having visibility into the exposed data on the darknet, businesses can ensure their clients and customers PII is not being exploited for financial gain.

Figure 4: Sample of average cost per sale of credit card information on dark web, Source: Privacy Affairs
Figure 5: Example of multiple accounts and credit card/financial assets for sale – likely as the result of threat actors taking advantage of various instances of leaked data, Source: DarkOwl Vision

Tips to Protect Your Data 

For Individuals

The National Cybersecurity Alliance provides lots of tips and tricks to help individuals protect and manage their personal data, from adjusting privacy settings to turning on multi-factor authentication (MFA) and how to identify phishing messages. This article from CyberNews also provides tips and free tools to protect your data.

Some tips from DarkOwl analysts: 

  • Don’t reuse passwords across different accounts 
  • One in five passwords is “easy to guess” – make sure your password does not include personal information such as birth dates or family names. 
  • Use an automated complex password manager like Lastpass, Bitwarden, or 1Password
  • Use multi-factor authentication (MFA) for important accounts like financial and banking sites
  • Follow this step-by-step guide to removing your personal info from common web directories such as ZoomInfo and

For some interesting statistics around passwords, check out our infographic and more information on password best practices, check out our blog.

For Businesses

For businesses, the Federal Trade Commission provides a great resource when it comes to protecting personal information for their employees and customers, as most all companies keep some level of personal information in their files. If this information is leaked or falls into the wrong hands, there is a large risk of reputational and financial loss, not to mention law suites. As the FTC states, “safeguarding personal information is just plain good business.”

Additional tips from DarkOwl’s IT and Security Teams center around honing in what matters the most to your business. For example, a company that houses large quantities of sensitive customer data in-house will likely need to focus on safeguarding that information via internal measures to a greater extent than a company that works with third party companies to store such information. In the latter case, a greater emphasis may be placed on managing potential risks to the vendor storing this customer data, as well as putting additional restrictions around email communications and network privileges granted to that vendor.

Phrased differently, in order for companies to keep their data safe, security teams need to audit and assess what data is the most vital to protect the operations and privacy of the organization and its customers, as well as what type of data that is. Once determined, business should:

  • Control access to that data by implementing least privilege access measures
  • Encrypt it
  • Install an alerting system that logs actions and can alert proper people on events

Further recommendations include:

  • Implement security training across the company
  • Physical safe guard if you house on premises data
  • Move to the cloud
  • Monitor third-party access
  • Keep software up to date
  • Routinely check industry standards
    • Security Technical Implementation Guides (STIG)
    • National Institute of Standards and Technology (NIST)
    • Institute of Electrical and Electronics Engineers (IEEE)
    • Open Web Application Security Project (OWASP)
    • International Organization of Standards (ISO 2700)

DarkOwl’s Stance on Data Privacy

DarkOwl considers Data Privacy to be one of the most paramount aspects of business’ cybersecurity posture. To put this into practice, we have continually invested in technologies and practices that ensure that both our internal system data, and all information related to our clients and partners are highly protected.

For example, customer search and query information process by the DarkOwl API offerings is not saved or logged for any period. Furthermore, all end-user login information is safeguarded in accordance with the most up-to-date privacy and security recommendations, including least privilege access parameters as well as others that minimize human risk.

Of additional note, none of the data we collect is purchased or illegally obtained, making DarkOwl the most prolific darknet dataset in the industry to exist on the market that does not enable or perpetuate cybercrime. You can find out more about where we get our data here.

To learn more how your business can make sure to protect your customers, prospects, and employees PII, contact us.

See why DarkOwl is the Leader in Darknet Data

Copyright © 2024 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.