Data stolen in the massive hack of U.S. consumer credit reporting agency Equifax Inc. could be worth more than $32 million on the dark web, according to estimates made by one security company.

The number comes from Intsights Inc., which tells SiliconANGLE that it has used its knowledge of the dark web, a shady part of the Internet accessible through special software, and Internet black markets to calculate the potential monetary value of the leaked consumer data.

According to the research, a credit card number is usually sold for around $8 to $10 on the dark web, whereas a valid card along with full personal information, including social security number and date of birth, would typically sell for $20. A single registry of full identification details including SSN, DOB, phone number and address would sell for around 20 cents on average without a valid card, but the details still hold value as hackers can use them to commit various acts of fraud such as tax refund scams, ordering credit cards on behalf of the victim, or opening a fake account.

By the numbers, Intsights estimated that, given that the Equifax data included 143 million entries, of which 209,000 records included credit card data, the data would be worth $32.7 million on the dark web.

Who is behind the hack remains a mystery, although one group calling itself PastHole Hacking Team was at one stage claiming responsibility on a now-removed dark web page. That page asked for a payment of 600 bitcoin ($2.37 million) for the data and said if it didn’t receive a payment, it would release the data for free.

Of interest, according to data shown to SiliconANGLE by Intsights, the hacking group appears to be Russian as emails included a Russian signature. However, that could also be an attempt to throw investigators off the trail.

Others claim that the PastHole Hacking Team is nothing more than a scammer attempting to profit from the hack, with Motherboard noting that they “are likely nothing more than amateur scammers.”

A search by SiliconANGLE for further details about the group on the dark web was unsuccessful. Its main page was suspended and there’s no record of the group existing prior to the hack of Equifax. Although it’s not impossible that an entirely unknown group was behind the Equifax hack, it’s highly unlikely given the sophistication required to steal data from the company over a period of two months.

Who is responsible for the hack – Russians or otherwise — may be discovered in coming weeks as the group behind the attack will likely soon look to start selling the data they have stolen. When that begins, we will have a better idea as to who was behind one of the most significant hacks in U.S. history.

Photo: Pixabay