Four million British identities are up for sale on the internet

Four million British identities are up for sale on the internet
23 July 2009 | | Internet

The identities of more than four million Britons are being offered for sale on the internet, The Times has learnt.

Highly sensitive financial information, including credit card details, bank account numbers, telephone numbers and even PINs are available to the highest bidder.

At least a quarter of a million British bank and credit card accounts have been hacked into by cybercriminals, exposing consumers to huge financial losses. Most of the personal data has been gathered as a result of “phishing” — a process whereby members of the public are duped into handing over their key details, such as user names, passwords and credit card details.

Unsuspecting victims hand over the information by e-mail to people posing as reputable sources such as banks or online stores. Other data has been stolen after criminals infect a person’s personal computer with viruses and then raid it for information.

They are then sold to the highest bidder on online forums or hacking websites. Individual credit card details have been sold for as little as 30p. The Times has also learnt that the communications and e-mail systems of some of Britain’s biggest public bodies and private companies are open to possible attacks. This is because the corporate e-mails and passwords have been sold to cybercriminals. The details of policemen, doctors and military personnel are also at risk.

The information being traded on the web has been intercepted by a British company and collated into a single database for the first time. The Lucid Intelligence database contains the records of four million Britons, and 40 million people worldwide, mostly Americans. Security experts described the database as the largest of its kind in the world.

The database, which has been seen by The Times, raises important data protection concerns. The Information Commissioner, the data protection watchdog, is monitoring the development of the database. Police in London have also been informed but no action has been taken.

The database is held by Colin Holder, a retired senior Metropolitan police officer, who served on the fraud squad. He has collected the information over the past four years. His sources include law enforcement from around the world, such as British police and the FBI, anti-phishing and hacking campaigners and members of the public. Mr Holder said he had invested £160,000 in the venture so far. He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached.

The legality of the database could be put to the test in the coming week. The Information Commissioner’s Office said it could not endorse a commercial service or make a ruling on its validity unless someone made a complaint. But the privacy watchdog said it had “provided advice to help the company comply with the principles of the Data Protection Act”.

A police source, who did not wish to be named, said that he had seen Mr Holder’s information as he passed it on to the relevant authorities, and “it could only have come from phishing or hacking”.

“I’m concerned, but I’m not surprised in the least,” said Mikko Hyppönen, chief research officer at F-Secure, the computer security experts. “We’ve seen this going on for quite a while. There’s a mind-boggling amount of information that’s being sold on the underground forums.”

One man from Clapham whose details are on the database, but who cannot be named for legal reasons, said: “I was appalled to discover personal information about me was being traded. Financial services companies should be more aggressive in pursuing the fraudsters instead of passing on the cost in bank charges.”

Most of the records in the database are considered at “low risk” of identity fraud. However, even big collections of e-mail addresses are useful for those wanting to inundate people with huge amounts of “spam” messages.

Among the places vulnerable to security breaches are banks, financial institutions including the Bank of England and Companies House and multinational defence companies.

All organisations where employees’ e-mails have appeared on the database have been contacted.

More posts from our team


Previous Post:
Next Post:

Back to all news

Reviews2024
Five Star
Reviewed Marketing
5 gold stars
google review logofacebook review with 5 stars
"Excellent service from James at Dental Design, thank you very much for your prompt attention whenever I get in touch! Would definitely recommend to a friend" Alison Tarmey View Full Testimonial
Google reviews logo "Would definitely recommend to a friend"
5 gold stars
"As a dental practice manager I cannot recommend Dental Design highly enough. They are just brilliant at what they do. Lucy and her colleagues are just an email or a phone call away...." Emma Smith View Full Testimonial
Google reviews logo "I cannot recommend Dental Design highly enough"
5 gold stars
"Really great company to deal with. They always respond quickly and are truly reliable. I would 100% recommend, the staff are so friendly and helpful." Michelle Molloy View Full Testimonial
Google reviews logo "Really great company to deal with"
5 gold stars
"I got increased traffic and new patients applying to my surgery, once Dental Design upgraded my website. They are very professional, efficient & adaptive to new situations..." Joanna Gallop View Full Testimonial
Google reviews logo "Very professional, efficient & adaptive to new situations"
5 gold stars
"Lucy has been a star, responding to and acting upon our requests in a prompt, efficient and professional manner, as well as the rest of the Dental Design team..." Abhay Shah View Full Testimonial
Google reviews logo "I cannot recommend them highly enough"
5 gold stars
"...Since the website has been up and running Lucy Mander has been our point of contact. She has been invaluable and gone out of her way to help us, especially during COVID-19 lockdown... " Lucy Jones View Full Testimonial
Google reviews logo "Has been invaluable and gone out of her way to help us"
5 gold stars
"Thank you for all your help and support, and the provision of valuable learning aids for our patients and staff alike in these difficult times. We love the look of our practice website. Very professional!" Sandra Luck View Full Testimonial
Google reviews logo "We love the look of our practice website. Very professional!"
5 gold stars
"Dental Design stood out both in their knowledge of the industry and their professionalism and can-do attitude. All of their staff are exceptionally competent and knowledgeable..." Harvey Rook View Full Testimonial
Google reviews logo "Dental Design stood out both in their knowledge of the industry and their professionalism"
5 gold stars
"Having done extensive research into all the dental website companies, the team and package offered at dental design was unrivalled..." Neil Shah View Full Testimonial
Google reviews logo "The team and package offered at dental design was unrivalled"
5 gold stars
"The team at dental design (especially Rosie) are absolutely fantastic and are always on hand to help. They are professional, friendly and extremely efficient. Rosie always gets back..." KiKi Wilmot View Full Testimonial
Google reviews logo "absolutely fantastic and are always on hand to help"
5 gold stars
"Dental Design are fantastic to work with, our website is amazing and the support they provide is second to none. Our account manager Rosie L is a fabulous point..." Luke Lucas View Full Testimonial
Google reviews logo "Dental Design are fantastic to work with"
5 gold stars
"Having worked with the Dental Design team for the last six months, I've found them not only helpful, but friendly and approachable too. I bombard Marcus with regular..." Sophie Harper View Full Testimonial
Google reviews logo "always met with a swift and professional response"
5 gold stars
desk with branded documents