May 15, 2024

My Data was Leaked on the Dark Web. Now What?

Close-up of computer screen displaying binary code in blue and white, highlighting data and cybersecurity.

When you think of the Internet, you might believe it's just there for scrolling on social media, shopping, checking your email, or even reading the news. While we generally know that the Internet is a vast place where you can shop and keep in touch with the world around you, did you know there is something called the dark web and that your personal information could be sold to the highest bidder?


Understanding the Dark Web

We hear so much about the dark web and how it is a dangerous place. But what exactly is the dark web, and how do you even know when you're on it? Given the name, it's natural to assume that the majority of the events that occur on the "dark web" are shrouded with negative connotations. However, the dark web is only one tier of the Internet, and many experts believe it only makes up roughly 5% of the Internet as a whole. The other areas of the Internet are made up of what is known as the "open web" and the "deep web." 

Open Web: Also referred to as the "visible" layer of the Internet, it makes up most of the commonly public-facing websites accessed via traditional browsers like Google Chrome, Internet Explorer, and Firefox. Websites found on the visible layer are commonly labeled with registry operators like ".com" and ".org." The open web is said to make up under 5% of the total Internet.

Deep Web: Sometimes confused for the "dark web," the "deep web" refers to anything on the Internet that is not indexed by and, therefore, accessible via a common search engine, like Google. Content on the deep web typically includes anything behind a paywall or sign-in credentials, such as medical records, membership websites, or confidential corporate web pages. Some estimate the deep web makes up between 96% and 99% of the Internet. 

Dark Web: The dark web is a subset of the deep web that is intentionally hidden and requires a specific browser to be accessed. The dark web was originally created to keep the use of internet activity anonymous and private. The use of the dark web is legal and is often used by journalists, political dissidents, and whistleblowers. Law enforcement agencies have also used the dark web to identify, surveil, and shut down criminal operations.


Types of Threats on the Dark Web

While the dark web may be used legally, this doesn't stop others from using it for illicit and even illegal purposes, such as buying or selling illegal drugs, weapons, passwords, and stolen identities. In some cases, sites on the dark web have been dedicated to the trading of illegal pornography, human trafficking, and other potentially harmful materials. 

Over the years, several sites on the dark web hosting illegal material have been discovered and shut down, including Silk Road, AlphaBay, and Hansa. However, it is believed there are still many sites popping up on the dark web that continue to pose various cybersecurity threats to people all over the world. Some of the noted risks from the dark web include, but are not limited to, the following:

  • Scams and fraud: As mentioned, the dark web does not trace its users, which makes it easy for criminals to lure you in. Scammers will trap you in a scheme that will allow them to either potentially scam you out of money or blackmail you.
  • Malware infections: When using the dark web, and you unknowingly click on the wrong link or download a file, you are at risk of triggering a malware download that can infect your devices and steal your private information.
  • Data leaks/breaches: While you may not be traced on the dark web, it is still not as private as you might have thought, as hackers and ransomware groups often find ways to access your personal information and may choose to "leak" your data after a data breach or even steal your identity themselves.


Monitoring Your Credit After a Data Breach

In recent years, more and more data breaches have been reported by companies, hospitals, universities, and even government agencies from all around the globe. A study written by Professor Stuart E. Madnick, Ph.D., the co-founder and co-director of Cybersecurity at MIT Sloan, reports that while these entities have expanded their resources to secure themselves, year after year, data breaches continue to be on the rise. From 2022 to 2023, there was a reported increase of data breaches by 20%, and the number of victims who suffered from ransomware gang activity doubled. 

Professor Madnick believes the rise in data breaches is mainly credited to the misconfiguration of cloud environments, the emergence of new and more dangerous types of ransomware, and increased exploitation of vendor systems. His theories have been mostly proven through recent breaches like the MOVEit data breach and the Catholic Medical Center breach. These breaches are not only costing us our security but millions of dollars, as IBM reported the global average cost of a data breach in 2023 was USD 4.45 million, a 15% increase over three years. 

These numbers are not to be taken lightly, as it would seem the situation is predicted to only get worse in the coming years. As hackers and ransomware groups continue to evolve their methods of accessing your stored data, companies are tasked with not only keeping their systems secured from previous attempts but also trying to keep ahead of the game on what new cyberattacks may be on the horizon.


Steps You Should Take After a Data Breach

As we've covered, the rise of cyberattacks has left millions of individuals all over the world exposed and at the mercy of hackers and ransomware groups. However, while your information may have been exposed during a breach or leaked onto the dark web, you still have a chance to fight back and keep yourself protected from harm. Below, we're breaking down the steps you can take to help secure your data should you receive notice that your information was leaked on the dark web.


Safeguard Your Data

If you think that once your data is on the dark web, there is no chance of staying safe from harm, then you'd be wrong. Just because your data was leaked doesn't mean you are out of options. The moment you receive word your information was stolen, we highly recommend you take the following actions.

  • Change your passwords: If you have not already been locked out of your accounts, now is the time to change your password. Remember to use passwords that are not easily identifiable, and avoid passwords that include your name, date of birth, or other personally identifiable information.
  • Set up 2-factor authentication: Changing your password is not enough. If your account was hacked once, it can happen again. Help keep your accounts protected by using a 2-factor authentication login. That way, you can monitor who, where, and when someone tries to access your accounts and thwart the attempts right away.
  • Identity protection services:  After a breach, if you are affected, a company may offer you free identity protection services. This service can help you keep your information out of the hands of those trying to steal your money or commit crimes in your name. Often, identity protection services will also keep you alerted should your personal information be exposed on the dark web or other places, allowing you to take further action if necessary.
  • Monitor your credit: You've taken all the steps you can to keep your information secure from harm; now, it's just a matter of monitoring your credit. Should you find any suspicious activity on your accounts, like large purchases or increased credit limits, immediately report it as fraud. 


Remember the Law Is on Your Side

Yes, there are certain laws in place that can help aid your journey to ensure your personal data is better protected after a data breach has leaked your information on the dark web. However, these laws require you to be more proactive in your pursuits; they allow you to have complete control over your credit file and who has access to your information moving forward. After your data has been leaked on the dark web, you'll want to utilize the following laws to help keep yourself protected from fraud.

Fair and Accurate Credit Transactions Act: Consumers are entitled to one free credit report annually from each of the three major credit reporting bureaus: Equifax, Experian, and TransUnion. Reviewing your reports allows you the ability to correct any errors in your credit history and protect your credit identity.

Fair Credit Reporting Act: Provides victims of fraud have the right to be informed the information in their credit file has been used against them in a fair, timely, and accurate manner. Under the FCRA, you have the right to review that report and correct any errors that may be in your credit file.

Should you find your information has been used against you, you also have the right to place a "credit freeze" on a credit report, which will prohibit a credit bureau from releasing information on the credit report without the consumer's express authorization. A credit freeze is designed to prevent credit, loans, and services from being approved in your name without your consent.

Those who are interested in more frequent credit monitoring should use sites like Credit Karma, which offers free and daily access to their credit reports, suspicious activity alerts, and other financial protective services to its customers. If you discover activity on your accounts, contact the Federal Trade Commission, your state's Attorney General's office, or law enforcement to report the incident. 

For more information about data breaches and how you can protect yourself from fraud, head to the FTC's website at


Consulting With a Data Breach Attorney 

Speaking of the law, did you know that after your data was leaked due to a breach, contacting an attorney may be your best bet for recovering compensation for your damages? After a company fails to protect your personal information from third-party hackers, they may try to work around the situation and sweep it under the rug by offering you free credit monitoring services or even placing the onus on you to secure your accounts after the attack. 

For more information about how you may be able to seek justice after your information was leaked on the dark web due to a data breach, connect with a Morgan & Morgan attorney today.