Identity theft - What to do if you end up on a list of compromised personal data

Sometimes life can be unfair. Let's assume you have the technological knowledge to manage your family's accounts and are well aware of cyber threats. Your defenses are set up, you've installed the latest updates, and so far you've successfully fended off any phishing attack that tries to siphon off your money or personal information. Yet, one day, you discover that someone has stolen your identity information for malicious purposes.

That's because, instead of targeting individuals, cybercriminals often tend to focus their attention on vulnerable institutions that collect vast amounts of personal data, such as universities or hospitals. Even worse, large companies that handle sensitive data can also be breached; for example, 33 million French citizens were affected by the largest breach of two payment processing companies in the country in early 2024.

This raises questions about what citizens might do if cybercriminals have stolen their personal data from an external source, and find themselves exposed to the risk of identity theft. Is there any way a cybersecurity solution can help?

What is identity theft?

Identity thieves usually go after personal information such as passwords, ID numbers, credit card numbers or social security numbers to fraudulently act in the victim's name.

To be even more effective, fraudsters collect any publicly available information about their victim. They may search the victim's social media pages, business or employer records, and government databases.

With this data, fraudsters can apply for a loan, make online purchases, apply for a credit card, apply for medical treatment or access the victim's financial data. If the victim's password was compromised during the attack and that password is used repeatedly on multiple websites, hackers can easily hijack several of the victim's accounts.

For example, every year fraudsters use thousands of stolen identities to extort money from the United States Treasury Department by filing fake tax returns claiming tax refunds. As of February 24, 2024, the U.S. Internal Revenue Service identified 32,616 tax returns corresponding to approximately $272.7 million in tax refund fraud and prevented the issuance of $262.7 million (96.3%) in refunds for these cases.

Identity theft in the USA

2023 set a record for data breaches in the US in a single year - 72 percentage points higher than the previous record set in 2021. At least 353 million people were affected, according to the Identity Theft Resources Center.

Accumulated losses related to identity theft reached about $12.6 million in 2023, according to FBI statistics.

From 2005 to March 2024, there were 3,713 data breaches at U.S. educational institutions, with at least 37,606,243 individual records affected.

In the first half of 2024, 387 data breaches of 500 or more healthcare records were reported to the US Department of Health and Human Services. More than 4.5 million breached healthcare records are confirmed.

Once identity information has been misused, the victim can be held responsible for the perpetrators' actions, be investigated by law enforcement authorities and/or face consequences such as criminal charges, changes to their credit status and damage to their reputation.

What you can do about identity theft and fraud

When you find yourself among the victims of a massive data breach, keep your cool, but act quickly to mitigate the damage.

• Contact the police and the relevant agency in your country to let them know that your personal information may be used for fraud. In some cases, they can cancel stolen cards or documents.
• If banking information is stolen, contact your bank.
• Defrauded taxpayers should place a fraud alert on their credit files and later claim a refund, but should be prepared to take additional steps to prove their identity to the IRS or other tax authorities.
• Look for any accounts opened by fraudsters and request that they be closed.
• Look for unauthorized purchases made through your accounts. If found, ask for a refund.
• Change and strengthen the passwords on your accounts.
• Check for notifications about changes to your accounts made by someone else.

Be Ready

Sometimes, bad things just happen and it's not your fault. That's why it's important to be prepared. A quick reaction is key in these situations. We hope these tips will help you act quickly and effectively to avoid significant losses.