Consumers on router financial ruin as poor Wi-Fi security puts personal data at risk

10 May 2019


  • Two thirds of consumers have never changed the password on their Wi-Fi router
  • Close to a third (32%) who have changed, were initially still using the password that came with the router
  • Nearly four in ten don’t know how to change the password, while 47 per cent who have changed passwords, opt for an easy to remember password, despite crackability concerns

Millions of people may be at a higher risk of cyber-crime by failing to change their Wi-Fi router passwords, a poll from Nationwide shows.

Britain’s biggest building society commissioned the research to highlight the ways in which criminals target people’s personal details. Some 17 per cent of people polled don’t believe fraudsters can hack into Wi-Fi routers in order to spy and steal information. The Society is urging people to stay one step ahead and update their passwords to ensure they are as tough as possible to guess or crack.

Nearly half (47%) of consumers who know how to change their router password admit to never having done so, with just under a third (32%) of those who have changed passwords admitting they initially used the default password that came with the device. This could be putting people at higher risk of having their data – from personal details, bank cards and online banking details - stolen by cyber criminals who can more easily break a weak or common password.

The survey of over 2,000 people also found nearly four in ten (39%) haven’t changed their router password because they don’t know how to. However, nearly half (47%) of those who have changed their router password stick to familiar words and numbers, which could pose a risk particularly if they use the same password to log on to multiple services.

Some examples of things cyber criminals can do if they do manage to hack your router include:

  • Redirect me to malicious websites, such as phishing pages or malware downloads
  • Destroy my router and prevent it from working
  • Force me to use weak encryption or prevent use of encryption completely
  • Use router to hide traces of their criminal attempts to hack or attack others

At risk out of the home:

Its not just at home people are putting their data and finances at risk. Nearly three quarters (71%) admit to using public Wi-Fi when out and about– while convenient and spares your personal data allowance, it is often masquerading as legitimate public Wi-Fi, unencrypted and much more easily hacked than 4G, for example.

Nearly a quarter (23%) admit they have accessed online banking or used their mobile banking apps while using public Wi-Fi, which means they have put their finances at risk. Those aged 25-34 are at greatest risk with more than a third (38%) confessing to accessing their accounts using public Wi-Fi compared to just under one in ten (9%) of those aged 55 and over.

One of the ways fraudsters are able to scam customers is using genuine information found in their emails. For example, they could see an exchange with a builder and learn you will be expecting an invoice to arrange payment. The fraudster will then send you an email posing as the builder from a near similar email address, but include their account details where they can then access the money. More than half (56%) of those surveyed said they had accessed their emails via public Wi-Fi, putting themselves at greater risk of falling victim to invoice scams.

Matt Rowe, Nationwide’s Director or Cyber Security said: “Routers play a vital yet unglamorous role in the vast majority of homes up and down the country, as they sit behind televisions, in cupboards and generally hidden from sight. But we also appear to be taking them for granted when it comes to security. This means that for many of us, we are putting our data and finances at risk by failing to change and update passwords and run updates.

“We lead increasingly busy lives and we demand access to the internet at all times, meaning we will often look to use public Wi-Fi. However, this is far more easily spoofed or hacked by cyber criminals and, if you access your personal information, including your bank accounts, you could potentially be opening the door to them getting access to your personal data and money. Cyber criminals will always go for the easy target, so protect yourself to avoid becoming a criminal’s next payday.”


Top three tips for keeping your data safe:

  • Change your router password: While the password you get with the router may look random, it isn’t. Go online to the router providers website and change the password to a complex one.
  • Run firmware patches regularly: Just like you update your smart phone or laptop, you need to update your router. Companies detect new threats all the time and regularly running updates will offer you the best protection.
  • Don’t access sensitive information when connected to public Wi-Fi: Public Wi-Fi is unencrypted and therefore comparatively easy for cyber criminals to access. Avoid accessing banking details or emails and where possible use a Virtual Private Network (VPN).

About Nationwide

Nationwide is the world's largest building society as well as one of the largest savings providers and a top-three provider of mortgages in the UK. It is also a major provider of current accounts, credit cards, ISAs and personal loans. Nationwide has around 15 million customers.

Customers can manage their finances in a branch, via the mobile app, on the telephone, internet and post. The Society has around 18,000 employees. Nationwide's head office is in Swindon with administration centres based in Northampton, Bournemouth and Dunfermline. The Society also has a number of call centres across the UK.

Please note: If you are a customer looking for information on our products and services, please visit the main website.