Sale of personal information – right down to verified health insurance data as well as Social Security numbers and bank account logins – is thriving, according to a new report from Atlanta- based Dell SecureWorks, which claims that a complete package, called a “kitz,” will fetch upwards of $1,200 in underground criminal bazaars.
That kit includes health insurance information but it also involves supporting ID that will let the buyer establish his or her counterfeit identity.
Don Jackson, senior security researcher with the SecureWorks’ Counter Threat Unit research team, said in an interview that prices for this kind of personal information has “really jumped” in the past year.1
Buyers, he suggested, are people in urgent need of expensive medical care, but these information packages would also facilitate account takeovers at credit unions and banks. Essentially all that is needed for an account takeover is included.
Jackson indicated that supply of healthcare specific information is bountiful and the sources, he suggested, are everything from data stolen from doctors’ offices to hacked records at insurance companies.
Probably the main deterrent to broader sale of the documents is that the sale tends to occur in shadowy venues that would not be known to the general public.
Sellers also prefer irreversible payment, often via wire, said Jackson, although he noted at least some request Bitcoin, the virtual currency that is inherently anonymous.
“Our CTU researchers discover caches of stolen data frequently, and we have found that the hackers will steal anything they think they can sell on the underground,” said Jackson in a prepared statement. “Health insurance credentials continue to rise in value as we see the cost of health insurance and the cost of medical services continue to rise.”