Teacher loses thousands and left with just £20 on holiday after identity sold on dark web

Matthew Shaw was on holiday in Cornwall with his wife Davina when a hacker in Romania used his identity to pay for a hotel and drinks - leaving him with just £20

A teacher, whose identity was stolen and sold on the dark web, lost his £3,500 savings while on a holiday with his wife after a Romanian hacker used it to foot a hotel and drinks bill. Matthew Shaw, a 27-year-old science teacher, was enjoying a holiday in Cornwall with his nursery worker wife, Davina, 27.

The couple were relishing their two-week trip, their only getaway of the year. However, while en route to try jet skiing for the first time, Matthew received an unexpected notification from his bank, First Direct, informing him that his account had been debited by £3,500 for a hotel stay – the location and name of which were not provided.

In a state of panic, Matthew contacted First Direct, who deduced that a Romanian individual had opened an account in his name with digital financial services company Monese, using his identity. This account was linked to his First Direct account to pay for the hotel after obtaining his details from the dark web – a transaction that could cost as little as 10 US dollars.

The £3,500 transaction left Matthew with a mere £20 in his bank account, forcing the Gloucestershire-based couple to cut their holiday short by a week, leaving Davina distraught. Matthew praised First Direct for their "brilliant" response, with the money refunded a week later.

Despite tightening his security measures, he still receives six or seven email notifications daily alerting him to unauthorised sign-in attempts, reports Gloucestershire Live.

Recalling the stressful moment he noticed an alarming notification while on a much-awaited holiday, he told PA Real Life: "We had woken up, we had breakfast, and we were on our way to go and do jet skiing – something we've always wanted to do. Then, I parked up and I had a notification at the top of my phone saying, '£3,500 has been paid to a hotel'.

"I thought, 'Oh my God, what is this? ', and I rang First Direct straight away and said 'this is not me'."

He described the terrifying fear that gripped him as he went through security checks with the bank. "They were going through their security questions, but I was just panicking and thinking, 'All my money's gone – that was our savings for a house and it's all gone'."

At that time, Matthew worked as an unqualified supervisor teacher and could only take his holidays during the school's six-week summer break.

Given Davina's limited holiday allowance too, the couple had meticulously planned their two-week camping trip in Cornwall. "We have that one holiday for the whole year and that's it," he lamented.

Their itinerary was well-thought-out, featuring tickets to a seal sanctuary and a crystal maze. It was en route to their anticipated jet skiing adventure when the alarming notification popped up on Matthew's phone.

"(First Direct) said my email had been hacked and a person in Romania had obtained my ID, set up a bank account using my ID, and then basically paid for a hotel with all the drinks and everything using my credentials, which then came out of my bank account," he said. They said the process was that someone had hacked into my email, got my ID and everything, and then that was published to the dark web... and, apparently, you could pay 10 dollars to access someone's information.

Matthew said he is tech-savvy and had different passwords for all his accounts, and he regularly changed his email address, so he did not think he was vulnerable to identity theft. However, with just £20 left in his account, the couple had to cut their trip short and ask for refunds for their upcoming ticketed events in Cornwall so they could afford to buy petrol to get home.

Davina was upset, crying, and on the way home it was a quiet car journey. Matthew said: "I think we were both in shock – our holiday, that we go on once a year, has been ruined by someone who is probably doing this 10, 11 times a day, and you just think, 'Why have they chosen us?

'"I was just thinking, 'What could I have done better? You start to blame yourself."

After a tense week, the £3,500 payment was finally refunded to his First Direct account, bringing him a significant sense of relief. He said he was 'impressed' with the bank's handling of the situation. Subsequently, Matthew was enrolled in a 12-month fraud prevention programme, which introduced "rigorous" checks for large transactions, loans, or when setting up new accounts or credit cards. These processes were sometimes time-consuming, taking several hours and occasionally resulting in blocked transactions, which he found 'frustrating'. However, they ultimately made him feel 'secure'.

"At the time, it was very frustrating to sit and do a million security questions... and trying to apply for things was a nightmare, but reflecting on this, I was grateful," Matthew reflected on the experience. Since then, he has ramped up security on his accounts, switched email providers, changed his email address, and crucially, set up two-factor authentication—a step he hadn't taken before the scam. Yet, hackers continue to target him, attempting to gain access through the old email address he no longer uses. "I have about six or seven notifications a day, saying, 'Is this you? Confirm the number to get into your account'," he shared, highlighting the persistent threat. "I don't use that email now and I deleted all my personal information off it, but I still have notifications coming from that email."

Matthew has yet to tick off many activities he had planned for his holiday, like jet skiing. However, he's keen to tell his tale to prompt others to beef up their device security. "You just don't think it's going to happen to you until it happens," he said. "If I can educate at least one person – like my job as a teacher – then I've done my job." A spokesperson for First Direct said: "Protecting our customers from fraud and scams is a key priority for us and we have a range of features in place to spot unusual activity on an account and protect our customers' money.

"In this case, we're really pleased we were able to intervene when Mr Shaw's details were compromised and refund the money promptly."

The bank also routinely offers extra support to fraud victims, ensuring they feel confident and supported while managing their accounts.

A Monese spokesperson said: "Here at Monese we take fraud extremely seriously, investing in and operating a range of controls to detect and prevent misuse of identities. These include algorithmic document authentication testing by specialist providers, identity confidence scoring, biometric matching of video selfies to the facial images in authenticated identity documents, and asking applicants to complete physical and verbal challenges, amongst other measures.

"As it stands, we can't comment on this particular case as we don't have enough identifying information to investigate. We'd love to contact Mr Shaw directly so that we can look into his case further. This would not only ensure that he receives the appropriate apology from us, but would also help us to protect other customers and thwart future fraud attempts."

Also articulated was an invitation for readers to explore products like Norton 360 Advanced, including its Dark Web Monitoring feature, aimed at protecting individuals through scanning for misused personal data and rectifying compromised identities, with more information accessible at: uk. norton.com/products/norton-360-advanced.