To crooks, it's the new gold: data in the form of Medicare numbers, bank account details and social media passwords they can onsell.
Marketplaces have even been created on the encrypted portion of the internet known as the dark web to traffic personal information from as little as $20 for PayPal accounts to $4500 for certain medical records.
Almost one thousand notifiable data breaches were reported in Australia last year.
The increase over the second half of 2021 alone was six per cent, according to the Office of the Australian Information Commissioner.
Contact details are most commonly stolen (85 per cent), followed by date of birth, passport and drivers licence information (40 per cent) and financial data like bank account and credit card particulars (39 per cent).
Almost 18 per cent of all breaches target the health sector, with medical records the hottest commodity. A further 12 per cent occur in finance and 11 per cent in legal, accounting and management services.
However most people don't realise where their personal data ends up or how much it's worth, says cybersecurity expert Lawrence Patrick from security firm Zirilio.
It's most commonly stolen via a process called phishing, where hackers trick people into giving up access to company customer databases and then steal multiple personal files.
"Once the data is stolen, hackers sort the information into what is most valuable including details such as names, emails, passwords, personal identifiers, phone numbers and addresses," Mr Patrick said.
"The data is then repackaged and sold to other hackers on the dark web on marketplace websites".
Healthcare records sell for $400 or more, crypto account details up to $550, driver's licences about $200 and even Facebook or Instagram log-ins $50-60.
Most of the data appearing on the dark web is thought to be harvested from hacks of large companies.
According to IBM's 2021 Cost of a Data Breach Report, it takes organisations an average of 212 days to realise they've been hacked and 75 more to contain the breach.
"This means your personal information is out in the wild being bought and sold and traded by hackers for almost a year before the problem is fixed," Mr Patrick said.
So what to do?
Change passwords, Mr Patrick says.
"It is likely your existing password has already been compromised and is being sold. Use strong passwords on your accounts and don't re-use the same password everywhere."
To check whether someone's details are already in the hands of hackers, they can search haveibeenpwned.com/ or check support.apple.com/en-au/HT212195.
Phones or browsers can also issue alerts when details are leaked, while both Apple and Google have free built in password managers and there are several pay options with extra features.
Australian Associated Press
Sign up for our newsletter to stay up to date.