The illegal online trade in personal information has soared to record highs with more than 110 million pieces of data bought and sold by criminals so far in 2014, a new analysis from global information services company Experian reveals.

According to the figures from Experian CreditExpert’s web monitoring tool – which monitors the web to help people quickly detect ID theft, loss or disclosure of vital personal and financial information – this is an increase of 40% from last year and 300% on the total amount traded in 2012.

96.5% of the illegally traded data consists of login credentials – username and password combinations – with the remainder mainly card payment details, such as card numbers, expiry dates and three-digit CVV2 security codes from the back of cards.

The findings come despite signs that Britain is becoming increasingly web-savvy. Separate research commissioned by Experian among 2,000 adults has discovered that:
• The average Briton now has 19 different online accounts (27% lower than 2012)
• 25-34 year olds are the most prolific with 28 accounts each (30% lower than 2012)
• Just one in 20 sign up to six or more new online accounts each month, compared to one in five in 2012.

People are also closing down the accounts that they don’t use, leaving less opportunity for criminals to exploit their online identity:
• This year, 18% claim to have inactive social media accounts left open, down from 26% in 2012
• 10% have inactive e-mail accounts open (down from 18%)
• 10% have online retail accounts that are no longer used (21% in 2012).

But despite some improvements, there are still signs of poor online password behaviour:
• 1 in 10 Britons use an average of just seven different passwords to keep their information safe
• One in 20 use the same log in details for all of their online accounts
• 1 in 10 Britons never change their passwords.

Peter Turner, Managing Director at Experian Consumer Services, UK & Ireland said: “These figures underline the importance in us all taking responsibility for our online identities and remaining vigilant in keeping ourselves protected. Password information, not payment details, is one of the most valuable individual items of information for a fraudster. When criminals get hold of password information, either through directly capturing users’ data or buying it from another criminal, they will typically try popular sites to see if they can gain access to the user’s accounts – email accounts in particular.

“Once access to your email account is gained, fraudsters can lock you out, access your address book and any personal information you’ve sent or received, log in to other accounts, and use it to reset any passwords you may have – pushing you out of your own online life and stealing your identity.”

Six simple steps to stay safe online and protect you from identity fraud:
1. Make your password pass muster: Have a secure and unique password for each online account you have such as financial services, retail services and email. Use a combination of lower and upper case letters as well as numbers and change your passwords on a regular basis.
2. If in doubt, don’t click: Never open emails, links or attachments received from people you don’t know. If an email seems suspicious, contact the relevant organisation and don’t give out personal details. No reputable business will ever ask for confirmation of details by email.
3. Be smart with your smartphone: Be aware of the information stored on your phone that can be accessed without a proper password, including information in emails. Also remember that public networks and open Wi-Fi hotspots are riskier than private networks.
4. Don’t be too sociable: Be sensible about how much information you share on social networks. If you wouldn’t say it in public, don’t say it in social.
5. Keep an eye on your credit: One of the first ways people notice that they are a victim of online ID fraud is when there is a sudden change to their credit report. Keep an eye on this and your bank statement, particularly for small, unexplained transactions which could be a fraudster testing the water.
6. Know where your details go: Trying to gain control over your online identity following a fraudster’s attack can be an endless task. Once your details have been compromised they can be bought and re-sold countless times with dozens of fraudsters using them. Keep track of where your details appear online with services like Experian’s web monitoring tool.

Experian’s web monitoring service, available through Experian CreditExpert, scours the internet for mentions of personal information 24/7, tracking over six million pieces of illegally traded personal information online every month.

It sends users an instant notification if their details appear somewhere new online. This helps ensure they can take immediate steps together with Experian’s Victims of Fraud team to resolve any potential fraudulent activity before it has a negative impact.

People who think they have become victims of identity fraud should notify Action Fraud, contact their bank and check their credit report.