Approximately 500,000 pediatric medical records -- many from doctors' offices that didn't know they had been breached -- were spotted for sale on the dark web.
A black hat by the alias Skyscraper was selling children's information including records containing both child and parent names, Social Security numbers, phone numbers and addresses for as little as $3 a pop, according to Databreaches.com.
Skyscraper told the publication the data came from a number of sources and were all acquired within recent months, including 200,000 records which were taken from K-12 schools. A sample of the information reportedly was verified by calling the parents of those involved as well as through voter registration rolls and public sources. However, it is unclear which pediatrician's offices were the source of the information.
When questioned on his methods, black-hat said they were able to find entire databases simply by searching the word “patient.”
