data breachWeek after week, reports of stolen credit cards, social security numbers and other sensitive information flood the media. While data breaches are a headache, what’s worse is that the evolution of malware has made it so that thieves can nab your information at nearly any time, like when you’re connected to public Wi-Fi or using an outdated device. Regardless of how your information is stolen, the end location is usually the same. We have the breakdown of what usually happens to your information after a data breach and how you can protect yourself.

What happens to my information after it’s breached?

When your information is stolen through a breach or malware attack — regardless of whether it’s personal data, financial information or login credentials to popular services like Spotify, Netflix or Uber — it may come as a surprise that the thief usually doesn’t intend to use the information themselves. Instead they opt to post it to forums and other pages on the dark web and sell it for profit. You won’t find these sites on Google, though, as the sales take place in an area of the Internet called the deep web. The deep web refers to web pages not indexed by search engines or freely accessible to the general public — some estimates suggest that this accounts for about 96% of the Internet. If you’ve used an online email or banking service, you’ve accessed some of the deep web, as those are pages that someone without the login information cannot get into. Among web pages and websites within the deep web, there is a small subsection of even more restrictive sites collectively referred to as the dark web. The dark web can only be accessed with special technology because of the way its content is encrypted. As such, specific programs like the popular encryption software Tor, are necessary to access these hidden websites.

It’s in the dark web, the most private parts of the deep web, where your stolen information ends up. But not everything on the dark web is bad; for example, political protesters in oppressive countries or even journalists and whistleblowers use the dark web to communicate without fear of repercussion. On the flip side, dark web markets or dark markets allow for transactions involving everything under the sun – from stolen financial and personal information to drugs, weapons and other illicit goods and services. Essentially, if someone wants something, they can probably find it for sale on the dark web. Aside from housing black markets, the dark web is also where malicious hackers develop new malware and provide around-the-clock “tech support” to aspiring hackers planning data breaches of their own.

Have there been any attempts to put an end to the dark web?

Globally, law enforcement has put a lot of effort into stopping this criminal activity, but given the anonymous and decentralized nature of the dark web, dark markets and other shady websites persist. For example, in 2013 when the FBI shut down Silk Road, a high-profile drug trafficking market, Silk Road 2.0 was launched almost immediately. While the FBI and Europol eventually shut down the relaunched site in 2014, new markets, including a Silk Road 3.0, appeared sometime later. Although it’s been possible to slow down illegal activities on the dark web, law enforcement’s efforts seem to amount to a simple inconvenience for the overall online black market economy, as criminals, who are usually anonymous on these sites, just create a new market.

What can you do to protect your information?

Because of the speed at which your information can end up in a dark market, rigorous cybersecurity practices are key to protecting your identity. Most important of all, you’ll need to maintain strong passwords, which you change on a regular basis, and use two-factor authentication for your online accounts that allow it. As for your financial information, the standard advice of being mindful about where you swipe your credit card — remember to also use your chip whenever possible — as well as monitoring your bank or credit card statements closely applies. Be sure to report any fraudulent transactions whenever they pop up, as your bank will issue you a new credit or debit card. After all, if the account information thieves have is inaccurate, it’s no good to them or any other criminal they intend to sell it to. In addition, you should think twice before giving out personal information like your legal name, address, date of birth or social security number. Always ask yourself whether or not it’s practical for your doctor, gym, dentist or any other organization to have that information.

While identity theft appears to be an unavoidable part of our world, you don’t have to wait until a breach to learn if your information has been stolen or is floating around on the dark net. That’s because many identity theft protection services scan the dark net for the presence and usage of even the smallest traces of your personal information. Some of our top-rated services, like Identity Guard and LifeLock Ultimate, offer this service, notifying you if any of your information appears on the Internet black market and advising you what to do to combat it. While it’s true that most companies that have been breached offer identity theft protection services for free to victims, most of the services they offer are often lacking, and by the time you get signed up for the service, it may be too late to do anything. In a world with weekly data breaches and the nearly-constant threat of malware, it’s almost a guarantee that your information is for sale on the dark web. As such, it may be your best bet to be proactive and consider signing up for an identity theft protection service for assistance in the case your information is misused.

Check out our identity theft protection reviews to learn more about these services and the features they offer. Also, keep up with our identity theft protection blog for more information about protecting your information in every aspect of your life.

Disclaimer: This content is not provided or commissioned by the companies referenced in this article. Opinions expressed here are the author’s alone and have not been reviewed, approved or otherwise endorsed by the companies mentioned. NextAdvisor.com may be compensated through advertiser affiliate programs.