Tesco and Deliveroo customers’ stolen details have been found for sale on the dark web for less than 50p an account.
According to a new study conducted by consumer watchdog Which? and security specialists Red Maple Technologies, huge databases of customer data are available to purchase for just a few pounds.
One seller claimed to have hundreds of thousands of Tesco Clubcard holders accounts for sale, including their accounts, usernames, passwords and loyalty card balances.
While the seller’s claims could not be verified, they were offering the details in tranches of 2000, which would value each person’s details at just 42p.
The research also uncovered Deliveroo customer accounts advertised for sale for just £4.30.
This information could be used to access the customers accounts, or clone their identities and passwords on online platforms.
“The ICO must be prepared to issue heavy fines against companies that leave customers’ personal data exposed to cybercriminals and breach data protection law, so that they are incentivised to prevent breaches,” Which? computing editor Kate Bevan said.
“Which? is also calling for consumers to have an easier route to redress when they suffer from data breaches. The government must allow for an opt-out collective redress regime which would mean that affected victims would be automatically included in the action and be represented by a body bringing the claim on behalf of those affected.”
Tesco responded to the report stating: “Over the past year we’ve introduced additional measures to better protect customer accounts, after we became aware of some fraudulent activity around the redemption of a small proportion of our customers’ Clubcard vouchers in March last year.
“Our priority is protecting our customers and we have strict security measures in place, and at no point was any customer’s financial data accessed.”
A Deliveroo spokesperson added: “We have strict and robust anti-fraud measures in place to combat fraudsters and to track patterns of criminal activity and to block fraudsters.
“We also partner with anti-fraud companies to address misuse of card information and we regularly remind customers to use new, strong, unique passwords to protect their Deliveroo accounts.”