Illegal web trade of personal information soars to record highs

More than 110 million pieces of personal information traded online already in 2014.

London, UK, 20 October 2014 - New research* from Experian®, the global information services company, reveals that while people are getting better at taking steps to protect their personal information online, the volume of illegally traded information online is soaring with more than 110 million pieces of data bought and sold by criminals so far in 2014.  

The independent study was commissioned by Experian using web monitoring technology – which monitors the web to help people quickly detect ID theft, loss or disclosure of vital personal and financial information – and showed an increase of 40% from last year alone and 300% on the total amount traded in 2012.
96.5% of the illegally traded data consists of login credentials – username and password combinations – as online accounts can give identity fraudsters access to huge amounts of information such as where you bank or shop, linked accounts which may have passwords saved automatically and all the personal information you may have shared over email. Compromised email accounts also contain personal contact lists that in turn could be targeted by these fraudsters.
With the remaining data consisting primarily of passport details and payment card details e.g. card number, expiry date and the security code (three-digit CVV2 number) from the back of the card, the importance of protecting online accounts is clear.
The findings come despite signs that Britain is becoming increasingly web-savvy. Separate research commissioned by Experian among 2,000 adults has discovered that:

  • The average Briton now has 19 different online accounts (27% lower than 2012)
  • 25-34 year olds are the most prolific with 28 accounts each (30% lower than 2012)
  • Just one in 20 sign up to six or more new online accounts each month, compared to one in five in 2012.

People are also closing down the accounts that they don’t use, leaving less opportunity for criminals to exploit their online identity:

  • This year, 18% claim to have inactive social media accounts left open, down from 26% in 2012
  • 10% have inactive e-mail accounts open (down from 18%)
  • 10% have online retail accounts that are no longer used (21% in 2012).

But despite some improvements, there are still signs of poor online password behaviour:

  • 1 in 10 Britons use an average of just seven different passwords to keep their information safe
  • One in 20 use the same log in details for all of their online accounts
  • 1 in 10 Britons never change their passwords.

Peter Turner, Managing Director with Experian Consumer Services, UK & Ireland said:
“These results are startling and combined with the knowledge that we have also seen a 37% increase in those receiving help from the Experian Victims of Fraud team in the last year, it is clear that identity theft and resulting fraud is a real concern.
“Given the number of online services that we all use each and every day, it is so important that we are all vigilant in protecting our information online. While this may seem like a mammoth task, know that companies are using ever more sophisticated technologies to detect and prevent fraud and if we all implement even the basics of online identity protection, we will together make it far more difficult for online criminals to succeed.
“Remember fraudsters operate to make money, and so if your personal information has been compromised, one of the first places that you can spot potential fraud is by seeing unfamiliar credit applications being made in your name on your credit report. Prevention is better than cure when it comes to identity fraud so keep a very close eye on your credit report and if you see anything suspicious take immediate steps to investigate and resolve before you are negatively impacted.”
Follow the basics of online identity protection to protect yourself from ID Theft
Online Passwords:

  • Use secure unique passwords for as many online accounts as possible, at the very least one for each type of service provider such as financial services, retail services, email and social.
  • Passwords should always be a series of letters, for example the first from each word in a sentence to help you remember, as well as a number.
  • Change your online passwords every couple of months - at least!


  • Phishing emails are getting ever more sophisticated, so don’t be tempted to click on links or attachments received in emails from people you don’t know.
  • If you do click on a link and are redirected to a website asking for your account information, do not enter any information without at the very least checking that the website address at the top of the page is that of the real service provider.
  • If you have any doubts, contact the company in question and a quick internet search about the email content can also quickly highlight current scams. 

On The Move:

  • Always passcode or gesture lock your mobile device and be aware of the information stored on your device for example in emails and apps that are not password protected. It could be a goldmine for fraudsters if your device is lost or stolen.
  • Open Wi-Fi hotspots that do not require a password are riskier than private networks so don’t access sensitive financial information on an open network
  • Keep your antivirus up to date on all your internet connected devices to protect you from malware

Know where your details go:

  • Monitor your credit report regularly to ensure everything is accurate paying special attention to credit checks being carried out in your name or new accounts being opened
  • If you think you don’t always protect your personal online information as you should, services like Experian’s web monitoring tools will monitor the wider web for mentions of your personal information 24/7, sending you an instant notification if your information appears somewhere new online. This helps ensure you can take immediate steps together with the Victims of Fraud team to resolve any potential fraudulent activity before you are negatively impacted.
  • If you suspect or fear you have had your identity stolen or been a victim of fraud, act fast and contact your bank, Action Fraud, the service provider in question, and your credit reference agency.

For more information please contact:
Melville Communications
Karolina Davison or Mumtaz Hussain – 01483 489089 /

Experian Consumer Services
Joanne Leahy – 07791894469 /
Notes to editors:
*Research methodology

  • Analysis carried out every six months by an independent security consultant on behalf of Experian
  • External consumer research conducted by Opinion Matters among a representative sample of 2,000 UK adults in October 2013.

About Experian
Experian is the leading global information services company, providing data and analytical tools to clients around the world. The Group helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.

Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended 31 March 2014 was US$4.8 billion. Experian employs approximately 16,000 people in 39 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and São Paulo, Brazil.
For more information, visit