When a data breach takes place, chances are that any stolen identity data will be bought and sold on the dark web—a hidden network of websites that requires special tools to access and mask users' identities. The dark web can be a hard place to find and that makes it an enticing place for criminals to buy or sell stolen personal information.
Theft of personal information online has unfortunately become a way of life and the dark web serves as another threat, putting every piece of compromised personal data at risk. Yet a 2017 survey by Experian and the Identity Theft Resource Center (ITRC) shows that almost half of Americans still aren't familiar with the dark web.
Also, nearly 7 out of 10 Americans expressed concern about their personal information being exposed on the dark web—a 44% increase from 2015. While many people are taking more precautions than ever before to protect their identity, 73% of Americans 18 to 54 years old, are still worried that their personal information is on the dark web. That concern is especially prevalent among men, as 74% said they are concerned, compared to 65% of women.
What Information of Mine Might Be On the Dark Web?
Various types of information is bought and sold on the dark web, including Social Security numbers, email addresses, credit card numbers and expiration dates, and medical records. In the same survey, 40% of respondents indicated they're worried about someone getting a hold of their Social Security number, while 22% were concerned about their financial information being bought or traded.
Criminals determine how much your personal information is worth based on the supply and demand of different types of data (and the prices can vary over time depending on several factors).
Previous victims of identity theft are also more likely to worry about future theft—77% of them said they're concerned that their personal information will be exposed or stolen again from a smart device, compared to 69% of non-victims.
77% of previous ID theft victims are concerned that their personal information will be exposed or stolen from a smart device.
How Long After a Data Breach Should I Be Worried?
While it may feel like a losing effort protecting your identity, staying diligent is the one of the best actions you can take. Javelin Strategy reported in 2017 that stolen data breach information that was 2-6 years old resulted in $3.7B of fraud losses—an increase of nearly 400% over the previous year.
Hackers will often wait out victims, betting that they will stop paying to protect themselves as more time passes after a data breach. From there they will piece together personal information from different real identities to create a fake new identity (also known as synthetic ID theft). This means that several people can be impacted by the same crime, but it can be harder to track since no single individual will be alerted to charges on their account (because the account holder is fake).
What Can I Do to Protect Myself Against the Dark Web?
These days we all might as well assume that our personal information has been compromised at one time or another. By thinking this way, it will help us stay proactive in taking the proper steps to protect ourselves against identity theft. The sense of urgency when we are involuntarily caught up in a large data breach can be fleeting. While there is no foolproof way to keep your information from showing up on the dark web you can make sure to follow these tips:
- Check to see if your information is on the dark web. You can start by running a free dark web scan on Experian.com to see if your email address is on the dark web.
- Review credit card and account statements each month. Look for that information that seems wrong on your account statement.
- Review your credit reports regularly. Check your credit report for any new inquiries or accounts that you don't remember authorizing.
- Maintain secure passwords. Don't recycle the same passwords, change them often and keep accounts strong by using two-factor authentication when possible.
- Keep an eye on things. Monitor all of your account like a hawk for any unusual activity and consider protecting your identity with an online product to help you monitor your credit. Paid members of Experian IdentityWorks get dark web surveillance, which includes daily scans of over 600,000 web pages to detect if your information is stolen.
- Act quickly. Respond immediately to suspicious activity to minimize the negative impact to you and your credit.
- Continuously monitor your identity. Protecting your identity is an ongoing job. Since identity thieves never quit, you should never stop monitoring your accounts and credit reports in order to keep an eye out for red flags.
Survey Methodology
The data points referenced in this report come from a study commissioned by Experian and Identity Theft Resource Center, produced by research firm Edelman Intelligence and conducted as an online survey of n=1,001 adults 18+ nationwide. Interviewing took place from August 17-23, 2017, prior to the Equifax data breach.