Your Data Could Be on the Dark Web Right Now, Experts Warn!

Your personal details might already be floating around the dark web, and you’d have no way of knowing — or stopping it. Cybersecurity experts are warning Australians that with the surge in cyberattacks this year, sensitive information like phone numbers, email addresses, driver’s licences, passport details, and even home addresses could be up for sale to the highest bidder.

Major companies like Qantas, iiNet, Genea, Funlab, several superannuation funds, and Western Sydney University have all suffered data breaches in 2024 alone. And once your data is stolen, it’s out of your hands.

“Once it’s on the dark web, it rarely stays with just one cybercriminal,” said Tyler McGee, Head of APAC at antivirus giant McAfee. “It changes hands multiple times — one person might use it for identity theft, another for phishing scams. Victims can end up being targeted again and again.”

The value of stolen data varies. According to cybersecurity firm Enovise Group, credit card details can sell for as little as $7. But medical records are where the real money is. A full medical profile can fetch between $380 and $1500, since criminals can use it for insurance fraud, prescription scams, or even creating false medical identities.

We’ve already seen this play out — in 2022, Medibank Private suffered a massive breach that exposed a treasure trove of sensitive health data.

And it’s not just about selling data. Hackers also use it to extort companies directly. Cybercriminals extorted a record $1.7 billion globally in 2023. As cybersecurity strategist Tony Jarvis explained, “Attackers often go back to the company they’ve hit and demand ransom — pay up, or your files get encrypted, your data gets leaked, and your reputation takes a hit.”

The dark web is where much of this stolen data eventually lands. “It’s basically a black market where people quietly buy and sell data,” Jarvis said. “It’s cloak and dagger, not an open marketplace.”

Australian law enforcement is trying to fight back. The Australian Federal Police said shutting down these underground markets is a top priority: “Combating cybercrime is a key part of our efforts to protect Australians. We work to disrupt anonymous cybercriminals who are using the dark web to evade detection.”

In response, the federal government passed the Cyber Security Act 2024, which introduced mandatory reporting of ransomware attacks and payments, and created a Cyber Incident Review Board to strengthen national defences.

Still, experts warn that people can’t afford to be passive. “If your details have been leaked, act fast,” Jarvis said. “Don’t just wait for an email notification. Change your passwords immediately — especially if you’ve reused them across accounts.”

McGee added that while data can’t be scrubbed from the dark web, Australians can reduce their risks: “Review your credit statements, change your account passwords, and be extra cautious with suspicious emails.”

Despite new laws and stronger security, both McGee and Jarvis expect ransomware and cyberattacks to keep rising. The weakest link? Human error.

“The number one cause of breaches is still employees falling for convincing phishing emails or social engineering attacks,” McGee said. “Other weak points include unpatched systems, outdated apps, and suppliers with weaker defences.”

your data might already be out there — and while you can’t get it back, you can take steps now to make sure criminals can’t use it against you.

Stay tuned with Aus News Lanka – the leading platform for news for Australians.