Senior UK government officials have revealed that hackers have stolen personal information pertaining to tens of thousands of Britons in 2014, and that these identities are being sold on the Dark Web.
The personal identities of 609,239 UK individuals were hacked from either a “government gateway” database that consisted of information from departments like the Department for Work and Pensions and HM Revenue & Customs, or from UK businesses, many in unreported incidents.
These details were revealed to the Financial Times by security firm Symantec, and the figure was confirmed by the UK government. Symantec said that the stolen identities include all the bank account details required to steal money from an individual, and each identity is now being sold on the Dark Web for $30 (£20) on average.
The Dark Web is a section of the internet not discoverable by conventional means through a Google or Bing search, or by directly entering a website URL.
As the websites are hidden, they are perfect for cyber criminals, who put thousands of goods and services for sale on secret underground marketplaces, which include illegal drugs, chemicals, firearms and counterfeit goods, as well as adverts for services such as hacking, gambling and sports betting.
A government spokesperson told the Financial Times that the UK government has invested £860m into cyber security and has a number of schemes designed to help UK businesses improve their security measures: “We are looking carefully at the level of regulation. Every company body should be fully aware of the risk from cyberattack, and be confident that the company has proper security in place.”
The revelations come just after the TalkTalk hack on 22 October, which saw the names, addresses, dates of birth, contact numbers, email addresses, bank details and credit card numbers of customers stolen in a major cyberattack, with some customers reporting that money had been stolen from their bank accounts.
On Tuesday 27 October, a 15-year-old boy in Northern Ireland was arrested in connection with the TalkTalk data breach, but he is now out on bail as enquiries continue.