SAN FRANCISCO – Because of so many data breeches in the past year, the price for personally identifiable information – what the bad guys need to steal a person’s identity, has fallen from $4 to just a buck, a new report contends.

In Trend Micro’s new report – Understand Data Breeches – the security company looks at who is most often targeted in data breaches, how they take place, and what happens to data once it leaves corporate networks.

“Any business or organization that processes and/or stores sensitive data is a potential breach target,” Trend Micro said in the report. “In today’s interconnected world, data breach prevention strategies should be considered an integral part of daily business operations. Ultimately, no defense is impregnable against determined adversaries. The key principle of defense is to assume compromise and take countermeasures.”

When it comes to PII – a name, a full address, a date of birth, a Social Security number, and other personally identifiable information – the law of supply and demand has kicked in dropping black market prices to historic lows.

Using the Privacy Rights Clearinghouse Data Breaches database, Trend Micro found that hacking or malware was behind only 25 percent of data breach incidents from 2005 to April this year. Insiders are also a common reason for data loss, as well as the use of physical skimming devices and the loss or theft of devices including laptops, flash drives and physical files were also found to be the root cause of damaging data breaches. Unintended disclosure, through mistakes or negligence, is also a reported reason for information to end up in the wrong hands.

Payment service providers are a hot target for hackers these days, with an increase in card-related data breach reports of 169 percent over the past five years. Cybercriminals can steal data through card skimming, making a rub off cards, rigging ATMs with skimmer devices or cameras and modifying point-of-sale terminals. Interestingly, hardware keyloggers installed on cash registers have also entered as a data theft tactic.

The healthcare industry is now the most affected by data breaches, followed by government, retail and the education sectors, according to Trend Micro’s findings.

Trend Micro says personally identifiable information is the most commonly stolen record type, followed by valuable financial data. Aside from the usual card details and bank accounts, Uber, PayPal and online gaming accounts are also bartered in the Dark Web.

Burrowing into the Dark Web – a small area of the Deep Web which is not accessible unless via the Tor Onion network – stolen data for sale is easy to find. Accounts belonging to US mobile operators can be purchased for as little as $14 each, while compromised eBay, PayPal, Facebook, Netflix, Amazon and Uber accounts are also for sale. PayPal and eBay accounts which have a few months or years of transaction history can be sold for up to $300 each.

According to Trend Micro, compromised Uber accounts are in high demand in the underground – as they can be fraudulently charged and give users free rides.

Bank account details are gold, fetching between $200 and $500 per account – the higher the available balance, the more they are sold for.

Card information is sold to anyone willing to pay for the data. While price brackets vary depending on supply and demand, validation and how much can be stolen from them before deactivation, buying in bulk reduces unit price — and some sellers insist upon sales in this format, which in turn suggests the data has been acquired as a result of a large-scale cyberattack. Credit cards from every continent can be purchased, but cards which are not from the US tend to fetch higher prices than those registered to United States addresses.

Full credit reports can be purchased for $25 each. In addition, document scans of passports, driver’s licenses and utility bills, among others, are available for purchase from $10 to $35 per document.