Once your valuable data has been accessed by a cybercriminal, there's no controlling where it might end up.
Your private details could be on the dark web data economy right now waiting for the highest bidder, cybersecurity experts have warned.
A rapid increase in cyberattacks targeting major Australian companies means countless phone numbers, passwords, email addresses, driver's licences, passport details or even street addresses are in the hands of malicious hackers.
Qantas, iiNet, Genea, Funlab, several superannuation funds and Western Sydney University have all been impacted by data breaches this year alone.
READ MORE: Albanese claps back at Netanyahu as relations hit brink of collapse
Once your valuable data has been accessed by a cybercriminal, there's no controlling where it might end up.
And you are powerless to remove it.
Head of APAC at antivirus company McAfee Tyler McGee told 9news.com.au that your details could be passed into the hands of one cashed-up criminal to the next.
"Once it's on the dark web, it rarely stays in the hands of just one cybercriminal," McGee said.
"Often, it changes hands multiple times. One attacker might buy the data to commit identity theft, while another might use it to craft convincing phishing campaigns."
This means victims of a cyberbreach could be repeatedly targeted by scams, McGee explained.
The value of your information is determined by a few factors, including how much there is, how recently it was stolen and how it can be used.
Do you have a story? Contact reporter April Glover at april.glover@nine.com.au
According to cybersecurity firm Enovise Group, credit card information can be bought for as little as $7.
Medical records are the most valuable stolen data.
A complete medical profile might sell for $380 to $1500 since criminals can use it to perpetrate insurance fraud, buy prescription medicines and even create false medical identities.
This treasure trove of sensitive information was pilfered from private health insurer Medibank Private in August 2022.
READ MORE: Man who attacked baby with hot coffee remains free in China one year on
Cybersecurity strategist and Dartrace vice president Tony Jarvis said hackers may also hold private details for ransom before deciding to turn to the dark web.
Large companies with deep pockets face a high risk of data blackmail.
Cybercriminals extorted a record $1.7 billion in ransom payments from victim organisations around the world in 2023.
"Getting the data is the first step, but then there's using the data for their own revenue," Jarvis said.
"That could be as simple as going back to the organisation the attacker has just impacted and saying, 'I've got your data, either you pay me a ransom or I'm going to encrypt your files, I'm going to put it out up on the internet, you're going to be financially impacted, and your reputation is going to be impacted.
"That is done a lot."
Jarvis said the dark web, which hosts a roaring trade of personal information, is the most common place stolen data will end up.
"It's basically a market where people will bid or make offers on that data and people will ultimately buy it," Jarvis said.
"It's a little bit cloak and dagger. It's not an open market."
READ MORE: 'Significant and intense' rainfall to batter most of NSW coast for 72 hours
Law enforcement agencies are working overtime to shut down criminal marketplaces on the dark web.
"Combating cybercrime is a key part of our efforts to stay ahead of serious criminal threats to Australia and Australians," the Australian Federal Police said.
"We work to disrupt anonymous cybercriminals who are using the dark web to evade detection."
In 2024, the federal government passed the Cyber Security Act in a bid to strengthen cybersecurity across public and private sectors.
It included a reporting obligation of ransomware attacks or ransomware payments and the establishment of a Cyber Incident Review Board.
Jarvis tempered fears that your identity will permanently be at risk if you've been impacted by a cyberattack.
Instead, he urged cautiousness and said changing passwords is the safest way to mitigate the damage.
And if you suspect your details have been compromised, don't simply wait for an email alerting you to a breach.
Jarvis said act fast before you can't undo a lot of the damage.
"And if you use that same password on anything else, go and change that as well," Jarvis said.
McGee also warned information can't be taken off the dark web, but you can "review credit statements and reports, change account passwords, and use caution with suspicious emails" to minimise access for malicious hackers.
Both expect more ransomware and cyberattacks will be perpetrated against organisations big and small in Australia despite investment in cybersecurity.
But McGee said the biggest cause is human error.
"In terms of weak spots, the number one cause of breaches is still human error, with employees falling for sophisticated and usually very convincing phishing emails or social engineering attacks," he added.
"Other causes include third-party suppliers with weaker defences, unpatched systems and legacy applications and credential reuse where stolen passwords still work for companies that don't have strong authentication policies."
DOWNLOAD THE 9NEWS APP: Stay across all the latest in breaking news, sport, politics and the weather via our news app and get notifications sent straight to your smartphone. Available on the Apple App Store and Google Play.
NATO warplanes scrambled after Russian drone strike comes close to neutral territory
Two teens charged after second shopping centre stabbing
Bruce Lehrmann lied on stand to conceal rape, court told
Teen charged with murder over alleged underworld shooting
Trump calls Israeli PM a 'war hero', and adds 'I am too'
Bank reverses decision to cut dozens of call centre jobs for AI chatbot
Woman assisting police after baby found in Perth stormwater drain
Children with mild autism to be removed from the NDIS by 2027
Scientists get a rare peek inside of an exploding star
Tassie tigers and toad war: De-extinction giant's Aussie projects
Childcare centres failing to meet national standards named and shamed
New Call of Duty game revealed
Reality TV star offered $10,000 to injured pilot's family, court hears
Perth doctor pleads guilty over drunken high-speed crash that killed young woman
BHP called to foot the bill after fire ant outbreak in Queensland
Toddler's painful shopping centre eye injury sparks call for change
Beta blockers could halt triple-negative breast cancer, new study suggests
More Aussies are becoming solo mums by choice. Claire had no other option
