The Commonwealth Bank has admitted it lost customer statements linked to 20 million accounts, although the institution has spent the night assuring customers they are not at risk.
While the data has never been located — either on the road or on the dark web — the Commonwealth Bank says there has been no evidence the information had been compromised.
The bank also ensured customers the lost data did not include passwords or PINs.
Although there is no way to link the lost data with various reports of counterfeit credit cards and identities from CBA-owned Bankwest available for sale on the dark web, it's a timely reminder look at where your stolen personal information could end up.
What is the dark web?
The dark web is a part of the World Wide Web that is only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable.
The seedy underbelly of the internet has almost anything you want — drugs, malicious code with instructions, IT infrastructure for rent like email servers, even consulting is available from a huge host of vendors, all of whom are competing to convince buyers that their product or stolen data is the best.
What details of yours are for sale on the dark web?
There is big business in selling the personal details of people on shady websites operating on the dark web.
Last year it was also revealed the Medicare details of Australians were for sale on the dark web upon request, with the same vendor selling a raft of other personal details of unwitting Australians including dozens of email logins, which were reportedly linked to iiNet, Optus, Bigpond and TPG accounts as well as business credit cards allegedly linked to companies in Melbourne.
One user who claims to have purchased stolen data advertised as 'Aussie Business Credit Cards' praised the "great quality" while another wrote that the vendor was "polite and trustworthy," SBS reported at the time.
When it comes to things like credit card fraud, principal research scientist at cyber security firm Sophos, Chet Wisniewski, said it's definitely organised criminal groups responsible.
"They've got people that are money mules, they've got people making imprints of the actual cards and magnetic strips, they've got people that operate dead drop locations for packages to be shipped for internet purchases," Wisniewski said.
"Those type of crimes tend to be pretty organised and sophisticated."
Last year it was also revealed one dark web vendor was selling the driver's licenses of 90 Victorians who scanned the cards to enter a club for A$950 ($1018).
"Hey there, I am selling 90 Victorian licences, which were acquired from nightclub patrons scanning on the door," the vendor posted. "Please note they are 10 years old but the details can still be used."
This kind information is sought by those who are keen to likely use if for fraud purposes and it's far more likely that vendors like these are operating individually.
Wisniewski, who is currently in Asia speaking about the nature of online crime, believes such individuals make up a majority of those pushing nefarious products on the dark web.
"It depends on the size of the crime, I suspect a vast majority of what I see are individuals," he said. "The guy selling me a kit to build a malicious word doc, to me, that looks like a (single) person."
And in many instances, the laws of countries are not keeping up with the nature of cyber crime, according to Wisniewski.
"In many countries it's not against the law to write a tool kit for exploits, it's against the law to use the exploits," he said.
"So I think some of these guys are just like, 'Well, I can write this stuff as a hobby on the weekend and sell it on the dark web,' and make a couple grand here and a couple grand there and they won't go to jail."
How much does your info sell for on the dark web?
Most expensive is a complete medical record — gaining up to A$1350.
A driver's license would make someone A$950
Next up is your credit card details — getting up to A$30 per person.
Your precious Netflix password will go for around A$4 — so if you've noticed some strange viewing on your account that might be the reason why.
Spotify passwords cost A$4 and email addresses get a measly A$0.70-A$3.