Dark Web Data Recovery
Locate, authenticate, and recover data published or traded on dark web platforms. Evidence preservation for legal and regulatory proceedings.
Written by Simon Lynge, Director DFIR — ChCSP, CREST IR | Last updated: March 2026
After the Disclosure: What You Need to Know
When a threat actor publishes your data on a leak site or sells it in a criminal marketplace, the immediate question is: what exactly is out there? The answer determines your regulatory notification obligations, your legal exposure, and your communications strategy.
Binary Response accesses and analyses data published about your organisation across dark web platforms — providing an authoritative account of what was disclosed, to whom, and when.
What We Do
- Locate published data — systematic search across leak sites, marketplaces, paste sites, and forums for data attributed to your organisation
- Authenticate and categorise — confirm the data is genuine, identify the data types present (PII, financial, health, credentials, IP), and assess completeness against known stolen data
- Preserve evidence — forensically sound capture of all published material with timestamps and provenance documentation for regulatory and legal use
- Assess regulatory exposure — identify whether published data triggers mandatory notification obligations under UK GDPR, DPA 2018, NIS2, or sector-specific regulations
- Takedown assistance — where technically and legally viable, we pursue takedown requests and monitor for re-posting
- Ongoing monitoring — continued watch for further publications or sales after initial recovery
Regulatory Notification Support
UK GDPR Article 33 requires notification to the ICO within 72 hours of becoming aware of a personal data breach. The data recovery report we produce provides the evidence base for your notification — what data was involved, approximate number of data subjects, likely consequences, and measures taken.
We can assist directly with ICO notifications and prepare the documentation required for individual data subject notifications under Article 34.
Frequently Asked Questions
Can you get the data taken down?
Takedown from dark web platforms is possible in some circumstances but not guaranteed. We pursue every available avenue — platform abuse reports, hosting provider complaints, and, where appropriate, law enforcement referrals. We're transparent about what's achievable in your specific situation.
How do I know what data was actually taken?
We cross-reference published data against your internal data inventory (which we help you reconstruct if needed), file metadata, and any forensic evidence from the incident investigation. This gives you the most accurate possible picture of disclosure scope.
What if the data is being sold rather than published?
We monitor criminal marketplaces for listings of your data and can acquire samples for analysis where necessary. We also track whether listings result in confirmed sales, which affects notification risk.
Is this covered by our cyber insurance?
Data recovery and notification support are typically covered under cyber liability policies. We're experienced in working with insurers and can provide documentation in the format they require.
Can you work alongside law enforcement?
Yes. We coordinate with Action Fraud, the NCA, and regional police units where appropriate, and can provide evidence packages in formats suitable for criminal investigation.
Transparent, Volume-Based Pricing
Our data recovery pricing scales with volume — the more data involved, the lower the per-GB cost.
| Tier | Volume | Per-GB Rate |
|---|---|---|
| Standard | Up to 50 GB | £[X] per GB |
| Professional | 51 – 500 GB | £[Y] per GB |
| Enterprise | 501 GB – 5 TB | £[Z] per GB |
| Custom | Over 5 TB | Contact us |
All tiers include: forensic data authentication, chain of custody documentation, regulatory notification support, and a full data exposure report.
Minimum engagement fee applies. No hidden charges.
Transparent pricing. No surprises. The larger the recovery, the lower your per-GB cost.