What is PII and Why Criminals Want Yours

As any cybersecurity expert will tell you: the ultimate goal of securing your online presence is protecting your PII data. PII, also known as Personally Identifiable Information, is simply any information that can be used to identify, locate or contact you or an individual. Examples of PII data include information as basic as a name, more personal info like your social security number and, unfortunately, even extremely private data like health and financial information and records.

And to criminals involved in PII data discovery, your email happens to be an absolute goldmine. It’s why email hacks are becoming more commonplace. For instance, you might have heard about the effective Gmail phishing campaign from 2017 that affected thousands of users, or when Yahoo admitted last year that they suffered a massive hack that compromised three billion user accounts.

Fortunately, it isn’t a hassle to protect your PII data anymore, as there are quick and simple methods to secure it.

What is Your PII Data?

Your PII is basically any information used for identification, such as:

  • Name
  • Birthdate
  • Social security number
  • Addresses
  • Telephone numbers
  • Passwords
  • Payment methods
  • Education information
  • ID numbers
  • Insurance information
  • Medical records

Look familiar? It’s likely that you’ve emailed many of these items in one form or another.

It’s important to point out that even seemingly unrelated PII data can be pieced together like a puzzle; an enterprising cyber-criminal can use that information to complete an online profile of you to impersonate you or others online. Little details like street addresses, the name of spouse, and other bits of information commonly used for security questions are common targets for hackers with the time and patience to sift through your information.

And, considering the types of accounts protected by these security questions: social media accounts, online banking, e-commerce sites, it’s not hard to see how PII data discovery could be a gateway to other, more serious breaches.

What’s My PII Worth?

Believe it or not, consumer data and businesses alike have a very high monetary value. Not just because a hacker can potentially access your bank account and credit card numbers (although that’s always a risk), but because your information can fetch a pretty penny on the dark web and online black market.

On average, a consumer’s passwords sell for around $80, while even small details like purchase history can sell for $20. Credit card numbers can sell for as little $5, while passports might fetch up to $2,000.

Where My PII Is Sold

Your PII is a hot item on the dark web, the underground markets where hackers can illegally sell your information. Depending on the information they extract from your emails, your PII can be sold for identity fraud, fraudulent loans, counterfeit credit cards, money transfers, or even more complicated schemes like blackmail and extortion.

A cybercriminal can use PII data for activities such as paying bills, performing fraudulent online transactions, creating counterfeit credit cards for their own use and transferring money out of a victims’ bank account.

What Can I Do to Protect My PII?

Your emails function as a type of online ID, which is why it’s so essential that you take great care to secure PII data when communicating online. If you’re sending important documents like marriage certificates or tax forms, make sure to encrypt the attachments—encryption will protect your information and keep it from anyone other than the intended recipient. You should also encrypt emails if you feel like there’s any relevant PII in the content. Even a name, address or phone number. Tracking and postmarking electronic communication are also great ways to secure your emails to make sure they are going where they should—and to whom they should.

According to a recent survey by Generali Global Assistance, 75% of online users are worried about online identity theft. Yet surprisingly, another survey by TransUnion showed that only 15% of consumers believe they have the proper tools to protect their personal data. Thankfully, the tools are definitely out there. If you’re ready to protect yourself from online threats, look for trustworthy secure email service with the ability to track and encrypt all your emails. Your PII—and your online identity—will thank you.

About the Author

What is PII and Why Criminals Want YoursIdan Udi Edry is the CEO of Trustifi, a software-as-a-service company offering a patented postmarked email system that encrypts and tracks emails. Before his work with email encryption, Idan served as an Israeli Air Force officer for more than eight years, reaching the rank of captain and leading hundreds of professionally trained military personnel in building and operating advanced information systems. A trusted authority in information technology and data security, Idan has 13 formal certifications from the most renowned IT and telecommunications organizations, and his insight has been featured in major publications like Fox News, Bloomberg BNA, and MD Edge.


February 28, 2019

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...