My card particulars have been offered on the darkish internet, says HAYLEY MINN – and it may simply occur to you

Stolen: The Daily Mail’s Hayley Minn had her credit card details compromised – and a bank employee told her they had likely ended up on the dark web 

Every morning, like most people, the first thing I do when I wake up is check my phone.

Usually, it’s nothing more than a couple of WhatsApp messages and a handful of irritating emails from companies whose newsletters I’ve forgotten to unsubscribe from.

But one recent morning was very different.

Sitting in my inbox was an email from American Express, sent at 1am, containing a pass code and asking me to approve an £100 transaction at Argos. 

Minutes later, I spotted a text from NatWest, timestamped 3am, warning the bank had detected ‘suspicious activity’ on my account.

According to the message, someone had tried to spend £329 at Argos late that night – followed by another £100 attempt in the early hours of the morning.

Every single one of my bank cards was still in my possession – so how had someone attempted to spend my cash? 

My husband was fast asleep beside me, so it clearly wasn’t him. Yet somehow, a stranger had access to my bank details across two completely separate accounts.

I felt instantly sick – and deeply violated.

And the most frightening part? I was later told there is no real way to stop this from happening.

The same person – or so I assume – had first attempted both purchases using my American Express card. Neither went through, because Amex sent pass codes to my email address which were never used.

But the fact remained: someone, somewhere, had my card details.

Completely baffled, I phoned both NatWest and Amex to cancel my cards and order replacements – a tedious but necessary process. 

But the journalist in me couldn’t let it go. I needed to know how this had happened.

While the Amex representative was tight-lipped, the NatWest employee was blunt.

He told me my card details had most likely been sold on the dark web.

‘People buy personal details online and chance their luck,’ he explained. ‘Sometimes the transaction goes through. Sometimes it doesn’t.’

Stunned, I asked the obvious question: So how do I stop this from happening again?

His answer was chilling.

‘There’s not really a way of preventing it,’ he said. ‘You just have to stay vigilant and check your account regularly.’

I couldn’t believe what I was hearing. The idea that anyone working for any website I’ve ever entered my bank details into could potentially leak – or sell – my personal data felt utterly insane.

But then, just a month later, it happened again. This time, to my husband.

Out of the blue, he received a call warning of suspected fraud on his account. Someone had attempted to spend money at Lush, Uber Eats and Zara.

Given the brands, he interrogated me first.

But once again, it was clearly the work of someone who had obtained his details online.

It turns out we are far from alone. Cyber security experts estimate that billions of people worldwide have had their personal or financial details sold on the dark web at some point.

Earlier this year, VPN provider Proton revealed hackers had leaked more than 300 million private records across 794 data breaches in 2025 alone, according to its Data Breach Observatory report.

Those records included passwords, home addresses, medical information – and bank details.

Meanwhile, research from Apex Computing shows some of the largest ‘mega-exposures’ this year included a breach at Qantas affecting 11.8 million records, and another at Indian ed-tech firm SkilloVilla exposing 33 million.

Closer to home, European telecom companies including Orange Romania and France’s Free collectively lost more than 30 million customer records to hackers.

Apex warns cyber criminals are becoming increasingly organised, exploiting weak security systems, poor authentication and unsecured cloud platforms – while the dark web has turned into a booming marketplace for stolen data.

Often, victims don’t realise their details have been compromised until money is already being spent.

An Apex spokesman said: ‘Dark web monitoring isn’t just for large corporations anymore.

‘Even smaller firms can proactively track whether credentials or client data have appeared online – and act before criminals do.

‘Awareness is half the battle. The other half is discipline.’

My husband and I are fortunate to bank with companies that spotted the fraud before any money was taken.

But our experience shows just how exposed we all are – and how careful we need to be every time we hand over personal data online. 

A NatWest spokesman said: “We’re committed to detecting and preventing fraudulent activity across our customers’ accounts and have robust processes in place to flag and stop unusual or suspicious activity. 

‘We continually review our processes to keep customers safe and would always remind customers to be vigilant.’

An American Express spokesman said: ‘The privacy and security of our customers’ information is a top priority. 

‘We have sophisticated monitoring systems in place that are designed to detect suspicious activity and protect our cardmembers’ accounts from misuse. If we identify activity that may be fraud, we will take protective actions. 

‘We recommend customers regularly review and monitor their account activity and immediately contact us if they detect anything suspicious.’