Data violations that expose the personal information of millions of people can have very real consequences for people, especially: identity theft.
A new study found that personal information more than one individual is easily accessible to criminals on the dark website, it is more likely that this person is a goal for criminals.
The probabilities are triggered if the information includes the person’s social security number, which is generally necessary for financial applications, such as opening a bank account, requesting a credit card or submitting tax statements, all of which are common objectives for scammers.
The findings, published on Monday by Sentilink, a company that monitors customer data for fraud on behalf of financial companies, are intuitive. But it is believed that they are the first of its kind that shows a clear correlation between the solid cybercriminal trade of the identities of the people and the attempts of the real world where criminals try to commit fraud against those victims.
David Maimon, head of Sentilink fraud, told NBC News that he conducted the study by comparing three data sets of people whose information is available online.
For a base list of people whose names and addresses were available online, used publicly available voters records. For a set of people whose names and addresses, but not social security numbers, were widely exchanged among criminals, took the names of stolen checks from a ring of fraud of checks that operated on Telegram.
For a list of people whose names, addresses and social security numbers were widely marketed among cybercriminals, downloaded a database of around 100,000 victims, joined several hacks and exchanged repeatedly on the dark website since 2021.
Then, Maimon compared more than 2,000 people of those data sets with the internal Sentilink records of identity theft attempt to see how often each of those people had been directed.
The results were dramatic. Only 2.1% of the people in voter registration forms had been attacked by identity thieves. Of those whose names were found in the stolen verification ring, 12.1% had been attacked. But almost all people in the 2021 database with social security numbers, 97%, had been victims of the attempt to theft of identity, Maimon found.
Data violations have become increasingly common, to the point where the information of most Americans have been repeatedly stolen. The United States Federal Commission of Commerce received 1.1 million identity theft claims in 2024, although it is believed to be a severe lower content of the full number of victims.
Even children often have their stolen social security number, and credit monitoring services rarely help victims. According to the statistics provided to the NBC news by the non -profit identity theft resource center, there were 1,857 new data violations in 2024 that included the US social security numbers of the Americans.
While social security numbers are pirate routinely, it is often impossible for a victim to know how wide their information has been shared: a key component of Sentilink’s findings. Not all infractions are the same, and cybercriminals often sell pirate data only to the best bidder to keep it more exclusive.
When a person’s information is packaged again and marketed repeatedly among criminals, it is attacked by thieves repeatedly for a longer period of time, Maimon found.
The best course of action, said Maimon, is that people freeze their credit grades with the three main credit agencies and control their Chexsystems consumption score to see if someone has opened bank accounts in their name.
