What is your stolen data worth?

You think your personal information is priceless. But everything has a price, even your stolen bank account information.

McAfee Avert Labs has discovered a price list that criminals use to buy and sell credit card numbers, bank account log-ins, and other consumer data that have been filched from unsuspecting Web surfers.

"Last Friday morning in France, my investigations lead me to visit a site proposing top-quality data for a higher price than usual," writes Francois Paget of McAfee. "But when we look at this data we understand that as everywhere, you have to pay for quality."

For example, a Washington Mutual Bank account in the U.S. with an available balance of $14,400 is priced at 600 euros ($924), while a Citibank UK account with an available balance of 10,044 pounds is priced at 850 euros ($1,310).

There's even a guarantee that if the buyer is unable to log into the account within 24 hours, maybe because the owner of the data canceled the account, the buyer can get a replacement stolen account to use.

Criminals can even buy skimmers, fake face-plates for ATM machines that steal credit card data when the card is swiped, and so-called "dump tracks" used to create fake credit cards, the McAfee blog entry says.

This follows on news earlier this week from Web security company Finjan of the discovery of a server containing stolen consumer and business data. Finjan said it found a server controlled by hackers that had more than 1.4 gigabytes of data--more than 5,000 log files--stolen from infected PCs. The stolen data included consumer and business e-mails, as well as health care patient data and bank customer data from individuals, financial institutions, law enforcement agencies, and other companies around the world.

Screenshot of price list for stolen credit card numbers and available balance amounts discovered on the Web by McAfee Avert Labs.

(Credit: McAfee Avert Labs)

[JCPayne]

That's why the law should read--- that any company with anybody's private data should have to notify customers 30 days in advance to get their consent before that info can be shared and or sold to another company or entity. If you can control who gets your data in the first place you can help prohibit from getting into places where it might get into the wrong hands.... Plus if thieves can't find any companies that want to purchase their stolen data they'd lose the potential for making a buck off it.

[mrtheduke]

Sounds like a nice idea JC, however in this case the data has been captured via trojans and phishing websites where the account holders have either been tricked into entering their information on-line by fake websites or it has been stolen from them by malicious software, so such legislation wouldn't have prevented them from getting 'filched'

[benjaminstraight]

Sounds good to me. Now just get the legislation passed.