Complete British identity packages, containing everything from passport scans to personal dossiers, are being sold to criminals on the dark web for as little as £30, a stark new investigation has uncovered.
The £30 Identity: What Criminals Can Buy
Research by anti-money laundering specialists AMLTRIX has laid bare the industrial-scale trade in stolen UK data. The group analysed 25 active dark web marketplaces in early December 2025, finding so-called "identity packages" for sale at shockingly low prices. These packs often include a scanned identity document, a selfie, and a comprehensive file of personal information.
Gabrielius Erikas Bilkštys, co-founder of AMLTRIX, warned that this low cost makes bulk purchases feasible for criminals. "A full identity pack with ID scan and selfie is now cheap enough and accessible for criminals to buy in bulk," he stated, highlighting how frequently personal data is stolen and resold.
The investigation found a range of illicit goods on offer:
- National identity documents, driving licences, and credit card details.
- UK "frequent traveller" passports valued at around £2,000.
- Hacked UK Amazon accounts listed at an average of £15.
- Login details for services like Netflix selling for about £10.
- Counterfeit Bank of England banknotes, typically at 25-35% of face value.
High-Value Targets and Organisational Threats
Some of the most expensive items for sale were KYC-verified UK business bank accounts, with prices ranging from £900 to £2,000. Accounts at major high-street banks, including NatWest and Barclays, commanded the highest fees.
A NatWest spokesperson responded, saying the bank takes protecting customers "extremely seriously" and operates "robust fraud and security systems." Barclays was contacted for comment.
Mr Bilkštys emphasised a critical misunderstanding among organisations: viewing the dark web as a separate, exotic realm. "In reality, it is tightly connected to everyday phishing campaigns, large data breaches, account takeovers, and money laundering cases that compliance teams are already dealing with," he explained.
The Alarming Scale of UK Fraud and Breaches
The data sold can be exploited to apply for credit cards, mortgages, car loans, or to open bank accounts. Once information is online, the same identity can be used repeatedly for theft, with victims often unaware until debt collectors or law enforcement intervene.
The scale of the problem is vast. UK fraud prevention service Cifas recorded over 118,000 cases of identity fraud in just the first six months of 2025. Furthermore, the Department for Science, Innovation and Technology (DSIT) reported that 43% of UK businesses experienced a cybersecurity breach or attack in 2024.
Cybercrime expert David Wall from the University of Leeds outlined the dual-level threat: "The problem exists at two levels. [Firstly], data of the individual who can fall victim to financial loss... The other level accesses data at the organisational level."
He warned that these data packages contribute to larger cyber-attacks, including ransomware, impacting Western nations. AMLTRIX also cautioned that while much of the sold data is legitimate, several instances are outright scams where criminals deceive each other.
This report serves as a urgent reminder of the tangible link between massive data breaches, the shadowy dark web economy, and the fraud affecting millions across the UK.
