A total of 192,583 people with Sheffield postcodes, which also includes Rotherham and Barnsley, and 57,893 in the Doncaster area are believed to be at risk.
The worst-affected area has been named as S5, where 12,310 people’s identities are exposed.
Detective Chief Inspector Vanessa Smith, who leads the Yorkshire and Humber Regional Cyber Crime Unit, said that criminals typically target ‘the low-hanging fruit’ – people who have low levels of cyber security.
She said people can be too relaxed about their personal details online, leaving them open to identity theft by doing things like using public WiFi when accessing their bank account details.
“On the dark web, there is information for sale all the time to the cyber criminal.
“They can sell that and use your data in a multitude of ways. They would rather steal your data than £5,000 in cash because it is worth more.”
Data firm C6 says most people are unaware their personal details are being traded on the so-called ‘dark web’, areas of the internet which are encrypted and hidden from ordinary search engines.
Dark web marketplaces are now offering money-back guarantees for bulk purchases of credit card numbers, passwords and account details.
The information for sale could be as little as your email address and a headshot photograph but could even go up to a full ‘package’ of information including passport numbers, your NHS number and photographs of your family.
If criminals eventually gather enough information about an individual, they have the potential to open credit cards in a person’s name, buy goods and transfer money.
On one dark web marketplace visited by Johnston Press Investigations, criminals were being offered the chance to bulk buy PayPal accounts for a dollar per account.
The store, which also purported to sell eBay accounts, offered an 80 per cent guarantee of success.
The data firm has employed expert staff to track the number of identities being sold on the dark web, with people’s emails addresses and names traded through encrypted chat rooms.
Emma Mills, chief operating officer of C6, which runs the www.hasmyidentitybeenstolen.com website, said the spiralling amount of people at risk of being defrauded needs to act as a wake up call.
She said: “As consumers we have never really paid the price for fraud, we’re used to the banks picking up the credit and debit card losses, so we don’t see the downside to ourselves of being careless with our personal information.
“We don’t clearly understand the impact of having our identities compromised and how long and painful it is to re-build that genuinely, it causes problems with applying for credit or any other form of account.”
Modern day gangs have a sophisticated hierarchy, Ms Mills said, operating in similar ways to a credit bureau, working from postcode area to postcode area, gathering details from a range of sources.
“They will have a group of people searching the electoral roll, for example,” she added.
“They will start on a postcode and start working through it.
“If someone knows your email, where you live and your date of birth it becomes quite a rich record.
“Once that information is gathered they can then sell it to a gang to ‘phish’ for your banking details.
“They will sit between you and the genuine site watching your keystrokes on the computer, they will know when you are logged on to your internet banking account.
“When you enter the fourth, fifth and sixth digit of your password they will know that. Then they will be patient.
“They will watch you log in on multiple occasions until they have built up a full picture of you.”
According to C6, more than 10.8 million identities of people from Britain are being traded on the dark web.
Ms Mills said the amount of personal data for sale spikes whenever a major company’s data is breached.
“Things like the Ashley Madison breach – a massive spike, the TalkTalk breach, a massive spike,” she said.
“It comes in a big bulk and gets divided out for criminal gangs to do things with.”
The TalkTalk data breach in 2015 saw more than 150,000 people having their information accessed, with the attacker being able to see their bank account details and sort codes in 15,000 of the cases.
The company received a £400,000 fine for failures to protect consumer data.
Adultery website Ashley Madison has recently paid $11m in compensation to US customers after around 37 million people around the world had their personal details exposed.
Ms Mills said C6 Intelligence sees spikes of data entering the dark web long before companies have told their customers, though she praised Talk Talk as one of the few exceptions.
C6, owned by Acuris, has been researching this type of data since 2002 and works by updating a database of known records being traded in the far reaches of the dark web.
Its website, Has my identity been stolen allows users to see whether their address or data has been compromised.
List of five worst-affected postcodes in Sheffield, Rotherham and Barnsley
S5 (Firth Park, Shirecliffe, Shiregreen, Southey Green, Parson Cross, Longley, Fir Vale, Wadsley Bridge) – 12,310
S66 (Bramley Hellaby, Maltby, Thurcroft, Wickersley, Braithwell, Rotherham) – 10,745
S63 - (Bolton-on-Dearne, Goldthorpe, Thurnscoe, Wath-on-Dearne, West Melton, Barnsley) – 10,103
S60 (Brinsworth, Catcliffe, Central Rotherham, Masbrough, Moorgate, Treeton, Whiston) – 8,050
S6 - (Bradfield, Hillsborough, Malin Bridge, Stannington, Upperthorpe, Walkley, Fox Hill) – 7,099
List of five worst-affected postcodes in Doncaster
1. DN5 (Arksey, Barnburgh, Bentley, Cusworth, Harlington, Scawsby, Scawthorpe, Sprotborough, Toll Bar,) – 8,251
2. DN6 (Adwick-le-Street, Askern, Campsall, Moss, Norton, Sutton, Walden Stubbs, Woodlands) – 8,252
3. DN4 (Balby, Belle Vue, Bessacarr, Cantley, Hexthorpe, Hyde Park, Warmsworth) – 6,266
4. DN7 (Dunsville, Hatfield, Lindholme, Stainforth) – 6,024
5. DN11 (Harworth, New Rossington, Rossington, Tickhill, Wadworth) –5,394