Since 2005, when watch groups started keeping track of U.S. data breaches, more than 607 million confidential records have been lost, stolen, improperly disposed of, or accidentally exposed to the world.1 A "record" can be in electronic form or a physical file, and can be a Social Security number, bank account number, medical file, login credentials, debit/credit card number, and other such sensitive information. To put that number into perspective, that is nearly 2 records for every man, woman, and child in the United States. In 2011 alone, there were 855 reported data breaches in the United States that collectively exposed 174 million confidential consumer and business records.2
So, where does all of that information go?
In some cases, it may go nowhere - or at least not into the hands of the criminally inclined. The information may be recovered, or may not have been accessed by unauthorized persons. Unfortunately, however, that is not always the case as information has become the new gold.
Whether it occurs through loss or theft, hacking, spyware and crimeware, or human error, the ongoing exposure of confidential consumer and business information through data security breaches fuels a thriving internet black market in which this sensitive information is traded, sold, and re-sold on a daily basis through online black market websites, secret chat rooms, and underground forums.
The stolen information obtained through these sources is then used to defraud unsuspecting consumers and businesses.