Cifas Homepage
NewsroomCareersContact Us

New report reveals where personal data is compromised online

19 June 2018
  • Personal information is sold both on the dark web and the surface web
  • Almost a third of victims of identity fraud found to have had a visible digital footprint on the surface web, with the vast majority on social media
  • Younger victims more likely to be found on social media compared to older victims, whereas older victims more likely to have their details leaked multiple times via a data breach
  • 76% of victims who were company directors had their home address registered as their business address
  • Researchers estimate that overall 65% of victims of identity fraud have a visible social media presence or have been victims of a data breach

A new collaborative report, released today (Tuesday 19 June) by Cifas, the UK’s leading fraud prevention service, and Forensic Pathways, an internationally recognised organisation operating at the forefront of digital forensics, highlights that alongside the dark web, the surface web plays an integral role in the selling of personal information.

The new research reveals that personal data is being sold on the surface web via forums and is available through online shops, which are accessible via normal search engines. Furthermore, the findings also show that those selling the data give some individuals’ data away for free by using it as an advert to display what information can be purchased.

In a sample of 30,000 victims of identity fraud, almost a third (8,646) were found on the surface web using name, date of birth, email and/or telephone number, with the majority of those identified on a social media platform. Over two-thirds (69%) of individuals were found on Facebook, with 38% on both Facebook and LinkedIn. Individuals aged 61 years and over were found to have a smaller social media presence; they were, however, more likely to have had an account compromised through a data breach.

Once again, as highlighted by last year’s Who are the victims of identity fraud? report, launched jointly with LexisNexis® Risk Solutions, victims that are company directors are more likely to be identifiable from their social media presence and public director registers. This is particularly the case when the correspondence address is the same as a company director’s home address. 76% of company directors had their home address as their correspondence address and in some cases this related to dissolved companies.

Based on the findings in this report, Cifas and Forensic Pathways have put forward a number of recommendations, including:

  • Deactivate and delete old profiles on social media sites that you no longer use. Keep track of your digital footprints. If a profile was created ten years ago, there may be personal information currently available for a fraudster to use that you’re are not aware of or you have forgotten about.
  • Social media platforms should consider automatically setting a profile to the highest security settings available. It should be an ‘opt-in’ approach for individuals to share personal information, giving them the ability to select what information they choose to reveal.
  • Minimise the data you display publicly online. Take a second before adding information to your profile and question how necessary it is to make this information public. The more personal information you reveal, the more comprehensive a picture a fraudster can create to impersonate you.
  • Owners of forums should monitor and manage them more strictly. This report shows that forums are being used, not for their intended purpose, but for the selling of personal data. Creators of forums should monitor them regularly and there should be sufficient channels to report abuse.
  • Organisations should consider the transparency and proportionality of publicly available data. Further research should be conducted into the balance between transparency and proportionality of publicly available data.

Deborah Leary, CEO Forensic Pathways, said:
 “The findings are eye-opening. This report not only demonstrates the vulnerabilities of personal data held on surface web platforms, but also highlights the pressing need to monitor these with more vigour. It also reminds us that although illegal activity occurs on the dark web, it is also prevalent on the surface web, where the selling of personal data through forums and online shops is clearly evident. We welcome further collaboration from all industries and sectors in the fight against identity fraud.”

Sandra Peaston, Director of Insight, Cifas, said:
 “As individuals, we can take steps to protect our identities online, including deleting old profiles and minimising the data we publicly reveal online. For those who want to promote themselves, either professionally or personally, the real dilemma is whether this promotion outweighs the risks of revealing personal sensitive data.

“With identity fraud reaching record levels in recent years, more personal information available online, and increasing numbers of data breaches, the protection of personal data must be viewed as a collective responsibility. Everyone should play their part, from social media platforms taking more responsibility around security settings, to organisations prioritising the security of personal data.”


Notes to editors

For more information or an interview please contact:

Sarah Samee
T: +44 (0)20 3004 3609

What to do if you're a victim:

ACT FAST if you think you have been a victim of identity fraud

  • If you receive any mail that seems suspicious or implies you have an account with the sender when you don’t, do not ignore it.
  • Get a copy of your credit report as it is one of the first places you can spot if someone is misusing your personal information – before you suffer financial loss. Review every entry on your credit report and if you see an account or even a credit search from a company that you do not recognise, notify the credit reference agency.
  • Individuals or businesses who have fallen victim to identity fraud should report to Action Fraud on 0300 123 2040 or online at
  • If you have information about those committing identity crime please tell independent charity Crimestoppers anonymously on 0800 555 111 or at
  • If you have been a victim of fraud, you can contact Victim Support for free, confidential advice and support. Victim Support is the independent charity for victims and witnesses of crime in England and Wales. Find out more at

About Cifas

Cifas (pronounced ci like eye, fas like mass) exists to prevent fraud and financial crime. We are an independent, not-for-profit membership organisation that protects businesses and individuals through effective and secure data and intelligence sharing between the private, public and third sectors. In 2017, Cifas member organisations prevented over £1 billion of fraud losses.

Cifas data is included in the Office of National Statistics England and Wales Crime Statistics of police recorded crime. Every day, we send approximately 800 fraud cases to the City of London Police for potential investigation. Cifas also offers Protective Registration for individuals whose identities are at risk of being used fraudulently, for instance after a burglary. We also run a scheme called Protecting the Vulnerable, offered free of charge to local authorities to protect those under the care of Court Deputies who are unable to access financial products and whose identities may be at risk.

About Forensics Pathways

Forensic Pathways is an internationally recognised organisation operating at the forefront of Digital Forensics. Forensic Pathways works with forensic professionals, government agencies and private organisations in the global cyber security and digital evidence industry, providing a range of services including digital forensic investigation, dark web investigation, cyber security services, and Due Diligence services. They have received a number of awards, including the Corporate Vision, 2018 UK Best in Business Innovation Award for Digital Forensics and the Orange National Business Awards – Best Use of Technology in Business. Forensic Pathways has also been appointed ‘Export Champion’ by the UK Government’s Department for International Trade and is a signatory to the United Nations Global Compact on Corporate Social Responsibility. They have worked with leading law enforcement agencies, academia and corporate clients.


New figures reveal identity fraud falls for the first time since 2014

15 August 2018

Figures show a 5% drop in the first six months of 2018 compared to the previous year Reductions seen in fraudulent attempts to obtain bank accounts and mobile phone contracts However, plastic cards and online retail accounts see increases


New report reveals record levels of identity fraud in 2017

18 April 2018

Fraud report Fraudscape finds a reduction in fraudulent conduct overall, but with the highest level of identity fraud ever recorded, and a 27% increase in young people acting as money mules.

Back to newsroom >
Posted by: Cifas Press Team

Contact us at