Millions of Brits Exposed: 72% don’t know how to respond if data hits the dark web
Millions of Brits now save their personal data online as an everyday convenience, whether entering their full name and date of birth to log into social media accounts quickly or storing bank card details and passwords across multiple websites to make online shopping easier.
As digital interactions increase, so does the risk of exposing sensitive information to cybercriminals. Personal data can be sold on the dark web for a low price, and many people are unsure what steps to take if their data is compromised.
It’s not just individual data that’s at risk. Alarmingly, a recent report found that hundreds of email addresses and passwords linked to government departments have surfaced on the dark web, clearly exposing even public-sector systems to the same persistent threats facing personal accounts.
A Bridewell survey reveals nearly 72 percent of respondents do not know what to do if their information is traded on the dark web, underlining a significant knowledge gap that puts many at risk of identity theft, fraud and further exploitation.
image002.png
The cost of personal data on the dark web varies significantly depending on the type of information but personal details could be sold for as little as £5. Research has found that credit card details cost around £8 on the dark web, while a scan of a driver’s license could cost around £6. Given that data is often bought in bulk on the dark web and resold many times over, these prices may reflect the upper value of this data with some data being available at much lower cost. Attackers can get real value by linking multiple records together, such as date of birth, passwords and mother’s maiden name.
Cyber-attacks have become increasingly common, with UK retailers including Marks & Spencer, Harrods and The North Face facing major cyber attacks this year. The North Face revealed that cybercriminals had used a method known as ‘credential stuffing.’
In this technique, attackers use usernames and passwords stolen from previous data breaches or bought on the dark web, hoping users reused the same credentials across different accounts.
When criminals sell victims’ data on the dark web, victims can face devastating consequences. Attackers may use the data to commit fraud, access bank accounts, and even open new lines of credit in the victim’s name. Many victims struggle financially and emotionally to recover their identity.
In the survey of 1,000 Brits, it was revealed that more than 50 percent of people aged 35 and over would not be sure what to do if their data were found on the dark web. Those aged between 25 and 34, are the most confident, with 46 percent stating they would know what to do if their data were leaked on the dark web.
However, the data reveals that younger generations aren’t necessarily more confident in what to do, as just 32 percent of those under 25 admitted they’d know what to do if their data was found on the dark web.
The data also reveals a massive regional divide in cybersecurity awareness. For example, 88 percent of respondents in Norwich and 84 percent in Leeds said they would not know what to do if their data was found on the dark web, making these cities the least confident regions surveyed.
In contrast, residents in Cardiff and London demonstrate relatively higher awareness, with 68 percent and 65 percent, respectively, admitting they wouldn’t know what to do if their data were found on the dark web. Though still a majority, these figures are notably lower than in other cities, indicating some regional variation in preparedness.
The survey data also shows how easily people save personal data online. Only 19 percent of respondents save no personal data online, whether on a tech device, cloud storage, or an app. Around 27 percent of people over the age of 55 report that they have not saved any personal data online, but this percentage drops among younger generations. Only nine percent of people aged 25 to 34 report never saving personal data online.
People most commonly save their full name and date of birth online, with 26 percent of Brits reporting that they do so. Many also save login details for social media (23 percent) and bank card details (22 percent).
Anthony Young, CEO at Bridewell, commented: “As digital life becomes more integrated into daily routines, we must not lose sight of the risks involved in sharing and storing personal data online. Our survey highlights the urgent need to raise awareness and educate individuals on how to respond if cybercriminals compromise their data. Cybercriminals continue to increase their sophistication, so people must move beyond simply securing passwords to understand the full threat and take proactive steps to protect themselves.”
“In reality, people buy and sell personal data on the dark web for a fraction of its true value, putting millions at risk. Businesses must also protect their customers’ information and should regularly educate them on safe digital practices.”
What to do if your data is found on the dark web:
Identify the problem: Use reputable breach-check tools such as Have I Been Pwned to see if your email or credentials have appeared in known data breaches, while Google’s Dark Web Report can identify if your personal details have appeared on the dark web.
Update passwords immediately: It’s best to update your passwords immediately if you find out your details have been involved in a data leak or appeared on the dark web. A good password is ideally completely random, with no personal details included. Consider opting for three random words that are memorable to you. Avoid words like password or qwerty or consecutive numbers like 1234, as these are most commonly used.
Set up a password manager: Using unique passwords that are sufficiently complicated across many accounts makes it difficult to remember each password, which means many people use the same password across multiple accounts. Rather, set up a secure password manager to manage all passwords. A password manager can also notify users that a password has been involved in a data breach.
Set up 2FA: It’s best to add an extra layer of security where possible. Even if a password is stolen, two-factor authentication can prevent unauthorised access to accounts.
Monitor your credit score regularly: You can monitor your credit score regularly through credit reference agencies like Equifax or Experian. If you notice any new accounts you didn’t apply for your can contact the lenders directly to report the issue.
