I had lunch with a colleague lately who was wondering what happens with all the stolen information from data breaches, where we have seen quite a few lately. Latest breaches included personal information like credit card data, identity data, and fingerprints… A research article on DLP products published in the July/August 2015 IEEE Security and Privacy magazine arrives at the bleak result that none of the 3 tested DLP products addressed internal attackers or malware. So the problem isn’t going to go away unless customers demand better products.
But let us go back to the original question. What happens with all the stolen data? Unfortunately or should I say – as to be expected – there is quite a big black market out there, where you can buy identities at your heart’s content so to speak. You can define how many identities you need, say a couple hundred, and classify the data by required buying profile, age range, location and credit history for example. Prices range from a few dollars per identity to up to a couple hundred.
Soon we will see fingerprints from stolen identities appearing at crime scenes. Just imagine the law enforcement agencies showing up at your door with an arrest warrant and you have no idea what this is all about. How Kafkaesque is that?