Selena Larson reports:
Cybercriminals claim to be selling the Social Security numbers of babies on the dark web.
The personal details of children — including dates of birth and mother’s maiden names — have been sought after for years. Now, researchers have found an ad on a forum for the sale of data claiming to be from infants.
The cost: $300 worth of bitcoin for each baby’s data set.
Read more on CNN.
I haven’t stumbled across any infant data sets yet, but I have certainly seen a number of postings/offerings for children’s data. Many of them are described as coming from pediatricians’ offices or schools, as I reported for one vendor back in May, 2017. That vendor was offering children’s “fullz” for $3.00, so I’m not sure where these criminals asking $300 for infant “fullz” are getting their pricing advice from.
That said, if these are infants’ Social Security numbers, and mother’s maiden name is also available, that seems to limit the number of possibilities in terms of identifying what kind of entity was breached, as who would have records on infants with all of those fields?
And this may be a somewhat rhetorical question, but why haven’t we seen any breach notifications that would correspond to these offerings?