Stolen UK consumer data up for sale on sale online

Cybercriminals are selling stolen data pertaining to UK consumers on the dark web, according to new research by Which?

An investigation by the consumer choice brand has found that account details acquired from data breaches are being offered cheaply online.

Among the personal data up for sale on the dark web are thousands of stolen Tesco Clubcard accounts, as well as details connected with fast-food chains and high-end hotels. In the case of the Tesco data, Which? found that individual accounts, which contain usernames, passwords and loyalty card balances, were sometimes available for just 42p each when purchased in bulk.

• These are the best identity theft protection tools on the market
• We've put together a list of the best malware removal solutions
• Also, check out our roundup of the best privacy tools around

“Our research has found a treasure trove of stolen data being traded by criminals on the dark web, highlighting the danger of companies acting carelessly with their customers’ sensitive personal information,” Kate Bevan, Which? Computing editor, commented. 

“The [UK’s Information Commissioner's Office] must be prepared to issue heavy fines against companies that leave customers’ personal data exposed to cybercriminals and breach data protection law, so that they are incentivised to prevent breaches.”

Data for sale

Which? was unable to ascertain how the stolen Tesco data was acquired – or even if it was legitimate – but the supermarket chain did confirm in March last year that a database of usernames and passwords stolen from other websites had been used in an attempt to access Clubcard accounts. At the time, it claimed that its own systems had not been hacked and that affected accounts had been notified and blocked.

In addition to the Tesco data, Which? researchers also found account details connected to Deliveroo, McDonald’s and the MGM Resorts hotel chain available to purchase. Prices varied depending on the information being offered but, regardless of the efficacy of the stolen data, the details could be used by cyberattackers to engage in follow-up attacks, including spear-phishing campaigns.

In addition to tougher action by the Information Commissioner’s Office, Which? also called for consumers to be granted an easier route to financial compensation when they are affected by a data breach.

• We've also highlighted the best antivirus solutions

from TechRadar - All the latest technology news https://ift.tt/3cp7PvY