ORLANDO, Fla — Chances are your personal information is out there ready for criminals to grab at any time.
“And it’s not just your first name, last name, it’s your social, it’s your mom’s maiden name, it’s your siblings, your family, anything identifiable about you,” said Collin Ellis, Onboarding Engineering Manager with cybersecurity firm ThreatLocker.
Many people think of the dark web as just a seedy marketplace for illegal goods, but hackers are now taking personal information from data breaches and posting it on the dark web for free. If you hand over personal information to any company, at some point it could end up in the wrong hands.
Do you have a consumer complaint or need help from Jeff Deal and Action 9? Click the banner below to submit a tip.
Collin Ellis told Action 9 Consumer Investigator Jeff Deal, “It’s actually getting easier for bad things to happen, and that’s something every consumer, everyone at home, should really,really be thinking about.”
Ellis has seen it firsthand and even experienced it after his identity was stolen as a teenager. That’s why he recently showed Action 9 the dangers lurking on the dark web at ThreatLocker’s Zero Trust World conference in Orlando.
“HIPAA, all these regulations, they strive to provide really good guidelines for organizations, etc, but that personal identifiable information, it’s just out there,” Ellis said.
By out there, he means on the dark web. Not just for sale, but the information is posted by ransomware groups and it’s available free to anyone who looks. Once the ransomware groups compromise a company and steal the data, they will demand payment from the company and post screengrabs of the data to show they’re serious.
Ellis explained, “So, without a pay wall existing, every organization that they’ve compromised, all the data that they’ve taken are there.”
That means criminals on the dark web can take it to steal your identity. Last year our sister station in Atlanta was provided information found free on the dark web and tracked down one of the victims, DJ Gibson.
Reporter Justin Gray from WSB-TV said to Gibson, “This looks like a picture you took of your license.”
Gibson replied, “Yeah. Yeah, it was for me. I know exactly what it was for, too.”
It wasn’t just his social security number. It was his date of birth, email password, even the picture ID that Gibson once shared through what he thought was a secure website as a security measure to prove his identity.
“It was for a payday loan,” Gibson said.
Collin Ellis said artificial intelligence is making it easier for scammers to use more realistic phishing messages to infiltrate company servers. He showed us hackers even advertise their services on the dark web. He also pointed out every single day, the publicly available website posts the companies and organizations believed to be hit by ransomware groups. The posts list the type of data that’s available from each incident and likely can be found on the dark web. In the short time he was speaking at the conference three more companies got added to the list. Even data stolen from major universities has been sitting on the dark web for years.
Gibson said, “You think about registering a student for school, it’s almost like a car loan, right? You’re signing off on the kid. So, mom, dad, siblings, all that information just right there.”
Jeff Deal replied, “That’s pretty scary.”
Ellis said, “It is.”
While you can’t stop your information from ending up on the dark web, you can try to stop criminals from using it. The best way is to freeze your credit. It’s free to do for all three of the major credit bureaus. You can always unfreeze it if you need to apply for a loan or new credit card.