How stolen personal details are traded on the dark web and why fraud is increasing

How stolen personal details are traded on the dark web and why fraud is increasing

Many people only think about fraud when they see an unusual transaction on their bank statement. But in many cases, the problem started long before the money disappeared. Personal information can be taken from data breaches, phishing scams, fake job offers, online forms or even discarded paperwork. Once the information is collected, it can be sold or exchanged on hidden online marketplaces known as the dark web.

Understanding how this happens can help explain why identity theft and unauthorised financial activity have become more common in recent years. This article is for general information only and does not assess or determine individual risk.

What is the dark web?

The dark web is a hidden part of the internet that cannot be accessed through normal browsers or search engines. It is used for both legitimate and illegitimate purposes. Some journalists and security professionals use it for privacy and research, while others use it to trade stolen data, hacking tools or illegal goods.

According to law enforcement agencies, data sold on the dark web may include:

• Bank account login details
• National Insurance numbers
• Email addresses and passwords
• Passport or driving licence copies
• Credit card numbers
• Business customer databases
• Medical information

Source: National Crime Agency – https://www.nationalcrimeagency.gov.uk

How personal information ends up on the dark web

Personal data can be obtained in many ways, including:

• Phishing emails or fraudulent sign-up forms
• Data breaches at legitimate businesses such as retailers, insurers or online platforms
• Malware that captures saved passwords
• Fake job listings asking for ID documents
• Social engineering, where someone is tricked into giving information voluntarily
• Theft of physical documents such as bank statements or loan paperwork

Once collected, stolen data may be packaged into files called "fullz", which include enough personal information to attempt identity theft, credit applications or account access.

Guidance on data protection rights:
Information Commissioner’s Office – https://ico.org.uk

How the information is used in fraud

Fraudsters use personal information for different purposes:

• Applying for loans or credit cards in someone else’s name
• Accessing online banking accounts
• Creating fake businesses using stolen identities
• Targeting individuals with convincing scam messages
• Making fraudulent insurance claims
• Pretending to be someone else during verification

According to the National Fraud Intelligence Bureau, identity theft continues to increase, with many cases involving data acquired online.

Source: National Fraud Intelligence Bureau (Action Fraud) – https://www.actionfraud.police.uk

Why some people are unaware their data has been compromised

Fraud does not always happen immediately. In some cases, personal information is sold and resold multiple times. It may sit on databases for months or even years before being used. This delay is one reason people only discover a problem after receiving letters about loans, accounts or bills they never applied for.

While not all suspicious activity is linked to the dark web, law enforcement agencies confirm that underground marketplaces remain a significant source of criminal data exchange.

The role of financial institutions

Banks, card issuers and payment providers use fraud detection systems to identify unusual activity. These may include:

• Flagging high-risk transactions
• Checking login attempts from new devices or locations
• Verifying identity through two-step authentication

While these measures can reduce fraud, they cannot stop data from being stolen elsewhere or traded online.

Financial crime prevention guidance:
Financial Conduct Authority – https://www.fca.org.uk/firms/financial-crime

Why understanding digital privacy matters

Even though individuals cannot control every data breach, having a basic understanding of how data is collected, stored and used may help explain why fraud continues to grow globally. Online accounts, job applications, school records and medical systems all hold personal data that could be exposed if security is compromised.

This article does not provide advice or assess individual circumstances. It is intended to help people understand how stolen data can travel beyond the original breach and how it contributes to rising fraud.