From what I've read many, many folks personal financial information may have unknown to them already been stolen for no telling how long and listed for sale on the "Dark Web" along with countless thousands of other's info. Only reason it has not been exploited yet is because it hasn't been bought.
You mean this
http://fortune.com/2017/12/22/experian-data-breach-alteryx-amazon-equifax/ https://www.cnet.com/uk/news/the-price-of-your-identity-in-the-dark-web-no-more-than-a-dollar/"Your identity is sold for $1 in the Dark Web
If you or your company is a victim of a cyberattack, where does this stolen data go, and to what purpose?
by
Charlie Osborne
23 September 2015 1:20 pm BST"
... But what happens to this data afterwards can often be lost in the news. While sensitive, stolen information used in identity theft can cause heartache for victims, for those who trade in this data, personal information can be sold at a pittance. Unintended disclosure, through mistakes or negligence, is also a reported reason for information to end up in the wrong hands.
Payment service providers are a hot target for hackers these days, with an increase in card-related data breach reports of 169 percent over the past five years. Cybercriminals can steal data through card skimming, making a rub off cards, rigging ATMs with skimmer devices or cameras and modifying point-of-sale (PoS) terminals. Interestingly, hardware keyloggers installed on cash registers have also entered as a data theft tactic.
The healthcare industry is now the most affected by data breaches, followed by government, retail and the education sectors, according to Trend Micro's findings.
Trend Micro says personally identifiable information (PII) is the most commonly stolen record type, followed by valuable financial data. Aside from the usual card details and bank accounts, Uber, PayPal and online gaming accounts are also bartered in the Dark Web.
Burrowing into the Dark Web -- a small area of the Deep Web which is not accessible unless via the Tor Onion network -- stolen data for sale is easy to find. Accounts belonging to US mobile operators can be purchased for as little as $14 each, while compromised eBay, PayPal, Facebook, Netflix, Amazon and Uber accounts are also for sale. PayPal and eBay accounts which have a few months or years of transaction history can be sold for up to $300 each.
According to the firm, compromised Uber accounts are in high demand in the underground -- as they can be fraudulently charged and give users free rides.
Bank account details, naturally, are offered for a steeper price of between $200 and $500 per account -- the higher the available balance, the more they are sold for.
Card information is sold to anyone willing to pay for the data. While price brackets vary depending on supply and demand, validation and how much can be stolen from them before deactivation, buying in bulk reduces unit price -- and some sellers insist upon sales in this format, which in turn suggests the data has been acquired as a result of a large-scale cyberattack. Credit cards from every continent can be purchased, but cards which are not from the US tend to fetch higher prices than those registered to United States addresses.
When it comes to PII, sales are conducted on a per-line basis of approximately $1. Each line of data contains a name, a full address, a date of birth, a Social Security number, and other personally identifiable information. If someone buys just a few lines, they can commit serious identity fraud. Trend Micro says this data used to go for $4 a line, but as so many data breaches have occurred in recent times, supply has increased and demand dwindled.
However, if someone really wants the skinny on a potential victim, full credit reports can be purchased for $25 a go. In addition, document scans of passports, driver's licenses and utility bills, among others, are available for purchase from $10 to $35 per document.
Trend Micro says:
"Any business or organization that processes and/or stores sensitive data is a potential breach target. In today's interconnected world, data breach prevention strategies should be considered an integral part of daily business operations. Ultimately, no defense is impregnable against determined adversaries. The key principle of defense is to assume compromise and take countermeasures..