U.S. flag

An official website of the United States government, Department of Justice.

Dot gov

The .gov means it’s official.
Federal government websites always use a .gov or .mil domain. Before sharing sensitive information online, make sure you’re on a .gov or .mil site by inspecting your browser’s address (or “location”) bar.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Exploring and Estimating the Revenues and Profits of Participants in Stolen Data Markets

NCJ Number
Date Published
Thomas J. Holt, Olga Smirnova, Yi Ting Chua
Researchers have begun to explore the problem of mass data breaches, where consumer information is acquired by cyber criminals and sold in open markets on-line.
Although studies document the social processes of the market and relationships between buyers and sellers, few have considered the revenues earned from market transactions. This study explored these issues using a sample of threads from 10 Russian language and 3 English language Web forums used to sell stolen data. Estimates were generated on the total number of transactions completed by participants along with the advertised prices for the two most common forms of personal information sold. The findings demonstrated that buyers may earn a range of revenues from the sale of stolen data, although this figure was smaller than the potential profits earned from fraudulent use and identity crimes by data buyers. The implications of this study for cyber crime research and policy are explored in detail. (Publisher abstract modified)
Date Created: April 6, 2017