laptop user using a credit card online

Cybercriminals in credit card details giveaway to promote new “service”

In one of the most surreal data breach incidents in recent years, cybercriminals have recently given away around one million sets of credit card details.

A cybercrime group called AllWorldCards has done this as part of a “PR campaign” to promote a new website it has launched selling personal data. According to Cyble’s reporting of the incident, around 20% of the cards to which the details are attached remain valid, with many more available for criminals to buy online.

The data records released in the leak included:

  • Credit card holders’ names
  • Email addresses
  • Credit card numbers
  • Additional details, including expiry dates, CVV numbers, and Bank Identification Numbers
  • Credit card holders’ postcodes
  • Other private and personal details

Do we know which credit cards have specifically been affected?

According to reports, details linked to hundreds of banks worldwide are included in the leak.

Barclays, Bank of Scotland, and The Royal Bank of Scotland are among the UK banks significantly affected. Hundreds of records relating to their customers’ credit card details are said to be included in the leak.

Cyble, who undertook significant research into the origins and contents of the leak, is directing consumers to its AmIBreached platform, where you can search the dark web for your details.

How much do credit card records sell for?

While AllWorldCards has attracted attention with this data dump, its long-term success will depend on the price it can sell the data it attains.

Currently, individual records are available from $0.30 (22p) to $14.40 (£10.38), with around three quarters selling for between $3 (£2.16) and $5 (£3.61).

What do cybercriminals do with credit card data?

It depends on the type of criminal they are.

For many cybercriminals, the value is in the data itself. As you can imagine, selling a million credit card records at the prices noted above is a hell of a lot of money!

Those who buy the credit card data will purchase products or gift cards until the card is cancelled or they max it out. Gift cards are an increasingly popular purchase for people in possession of stolen credit card data as they’re usually difficult to trace.

What can consumers do to combat any threat?

The first step is to use the AmIBreached platform or another service to identify whether your details have been included in a data breach. If you browse the internet using Google Chrome, for example, and save things like your log-in and credit card details to your Google account, Google will alert you if your data has been found in a breach.

Having checked, you can then change any passwords, cancel credit cards, or take any other necessary action to protect yourself from fraud. Check out our guidance in this recent article around choosing hard to hack passwords and other tips for protecting yourself online.

It isn’t just credit card data for sale, either!

While stealing credit card data to sell on the dark web is lucrative for cybercriminals, it isn’t the only way they’re facilitating access to data.

Another growing trend is for ransomware attackers to sell access to the systems and data they’ve taken control of to other criminals. A recent Forbes report highlighted that access to data was being sold for as much as $500,000 (£363,000), with access often being auctioned off to the highest bidder via dark web platforms. While the primary motivation here is to gain access to business networks and systems, this can subsequently lead to being able to access, download, and use vast numbers of consumer records.

What’s more, cybercriminals are safeguarding their “credibility” by validating access credentials and data before selling it, enabling them to drive the price higher.

How much would your data be worth to a cybercriminal? If a business holding your data falls victim to a ransomware attack, it could be far more than you might think!

If your data has been leaked, you could be entitled to compensation

If your details have been found in a data breach, you could be entitled to claim compensation against the business or organisation from whom the data was stolen. You don’t need to have been a victim of fraud; the fact your data was leaked and your privacy put at risk is enough grounds for making a claim.

If you’re concerned about your data being involved in a breach, contact LawPlus today for a FREE assessment of your claim.