UK adults unprepared for dark web data leaks, survey finds

A recent survey has found that 72 percent of UK adults would not know how to respond if their personal data was found on the dark web.

The study, commissioned by cybersecurity firm Bridewell and involving 1,000 adults from across the UK, draws attention to a substantial gap in knowledge about online risks and the steps to take should sensitive information be leaked or traded online.

Cyber awareness gaps

Analysis of the survey responses reveals that over half of adults aged 35 and over admitted they would not know what steps to take if their data was compromised and discovered on the dark web. Meanwhile, the younger population appears only marginally more prepared, with just 32 percent of those under 25 indicating confidence in responding to such an incident.

Those in the 25 to 34 age bracket showed the greatest assurance, with 46 percent stating they would know what to do if their data were found on the dark web. Nonetheless, this leaves a majority of all age groups either unaware or uncertain about how to address the threat of dark web exposure.

Regional variations

The survey also points to differences across UK regions. According to the findings, Norwich and Leeds had the highest proportion of respondents feeling unprepared, with 88 percent and 84 percent, respectively, stating they would not know how to react. By contrast, Cardiff and London residents fared somewhat better, at 68 percent and 65 percent, though the majority in these cities remain unprepared for data breaches involving the dark web.

Storing personal data online

Only 19 percent of survey participants stated that they do not store any personal data online. Among those over 55, the figure was higher at 27 percent, but it drops to just nine percent among people aged 25 to 34. Many commonly store their full name and date of birth (26 percent), login details for social media (23 percent), and bank card details (22 percent) on digital platforms.

The cost and consequences of data leaks

The research outlines how personal information can be sold on the dark web for relatively low sums. A typical package containing full name, date of birth, and bank details could be purchased for as little as GBP £5. Other research referenced places the cost of credit card details at around GBP £8, while a scan of a driving licence could fetch GBP £6. Data is often bought and sold in bulk and can be linked with other available information to maximise opportunities for fraud.

Once stolen, such data may be used to commit various crimes, including identity theft and financial fraud, with long-term repercussions for victims. Attackers have also targeted UK retailers using techniques such as credential stuffing, where previously breached usernames and passwords are reused in attempts to access user accounts. This trend was recently observed in publicised attacks on major retail brands.

The threat is not limited to individuals. The findings reference a recent report indicating that hundreds of email addresses and passwords connected to government departments have appeared for sale on the dark web, highlighting the broad scope of this issue.

Expert warning

Anthony Young, CEO at Bridewell, commented: “As digital life becomes more integrated into daily routines, we must not lose sight of the risks involved in sharing and storing personal data online. Our survey highlights the urgent need to raise awareness and educate individuals on how to respond if cybercriminals compromise their data. Cybercriminals continue to increase their sophistication, so people must move beyond simply securing passwords to understand the full threat and take proactive steps to protect themselves.”

Young also addressed the wider responsibilities of businesses and individuals, stating: “In reality, people buy and sell personal data on the dark web for a fraction of its true value, putting millions at risk. Businesses must also protect their customers’ information and should regularly educate them on safe digital practices.”

Recommended actions

Bridewell has listed several steps for individuals concerned about their digital safety. These include using breach-checking tools such as Have I Been Pwned and Google’s Dark Web Report to determine if their details have been compromised, updating passwords immediately following a breach, and ensuring passwords are complex and not easily guessable. The firm recommends utilising password managers for secure record-keeping and enabling two-factor authentication where possible to add an additional layer of security.

Monitoring credit scores through reference agencies such as Equifax or Experian is also advised, to spot any unexpected activity that might suggest identity theft. If any new accounts are detected or unauthorised transactions appear, individuals should contact lenders directly.

The survey conducted by Censuswide underlines the need for further education and awareness programmes to equip the public with the tools required for safe and secure online activity. The findings indicate that a majority of the UK population, across all regions and age groups, lack the necessary knowledge to effectively respond to the possibility of personal data being sold or leaked on the dark web.