The UK’s National Police Chief’s Council lead for cybercrime, Peter Goodman, spoke at a media briefing on the government’s response to hacks and breaches. He revealed that nearly every person in the country has had their details sold on the dark web.

Goodman urged firms to come clean to customers when they become the victim of a breach. Once GDPR comes into force in May 2018, businesses will no longer be able to sweep the loss of Personally Identifiable Information (PII) under the rug. Part of the legislation will require firms to report a breach within 72 hours of it being discovered.

Addressing the briefing attendees, Goodman said:

‘I can almost guarantee that every single one of you around this table has had a data breach against you and that some of your personal data is held somewhere on the dark web and is being sold, traded - are you happy with that? And you probably don’t know about it. Am I happy if, for example, my data was stolen in the TalkTalk breach and nobody ever told me? I have not had the chance to think if I’m happy with my security, do I need to change my password? Because I don’t know.’

Coming just a few days after Ciaran Martin confirmed that Russia had hacked Britain’s Energy Grid, Oliver Gower, head of the National Cyber Crime Unit now echoes this statement.

‘Russian speaking nations were the biggest enemy and there were increasingly blurred lines between state sponsored attacks and criminal activity. For several years we have reported that Russian speaking nations are the number one cyber-crime threat to the UK. The available intelligence is there is a cross-over between state and criminal cyber actors.’

‘When we talk about Russian speaking countries and Eastern Europe we are seeing an overlap between state and criminal groups, there is clearly some sort of mutual beneficial arrangement.’

If you’re concerned about whether or not your personal data has been leaked, you can check by using websites such as haveibeenpwned. By typing in your email address, the database will provide you with when the breach occurred and details of the breach itself. As you can see below, my details were compromised in December 2016, and August 2017.

Unfortunately, as a consumer, there is nothing you can do to stop breaches from happening. But there are some measures - If you find that your details have been leaked as part of a data breach, below are some steps you should take to minimise the damage.

If your login credentials have been compromised: Change your password on the affected website. If your password is the same across any other websites, change those too. As well as passwords, take some time to change your security questions. The leaked information could include personal data that attackers could use to guess the answers to your security questions.

If your financial information has been compromised: Don’t wait around for a suspect charge to appear on your bank statement. Call your bank as soon as you think your financial details have been leaked, cancel your cards and get replacements. You should always inform your bank if you think you could be a victim of potential fraud, so they can log your concerns and take appropriate action.