Identity Fraud in Focus quarterly report
8 min
With the right combination of PII, or personally identifiable information, identity thieves can apply for credit cards, file taxes, and commit a host of other forms of fraud, devastating your credit score and financial stability. Find out how to minimize how much PII you share in the physical world and online.
While state laws may define this term differently, PII stands for personally identifiable information, referring to sensitive personal details that can be used to identify someone.
Your PII can be used to unlock your accounts or steal your identity, so it's important to keep this type of data out of the wrong hands.
So what is considered PII?
Examples of PII can include your:
Driver’s license number
Social Security number
Email address
Financial and credit card account numbers
Passport number
Fingerprints
Full name
But did you know these things can also fall into what is considered PII:
Handwriting samples
IP address
Login credentials
Patient identification numbers
Photographic images
Precise geo-location
Street address
Tax ID
Telephone number
VIN (Vehicle Identification Number)
Voice signatures
Some of these identifiers such as Social Security number, driver’s license number, and biometrics like fingerprints, are unique to you. Other data like full name, birth date, and street address could be shared by other people, but they're still strong identifiers, so they can be considered PII.
Even some temporary details, such as telephone numbers and credit card numbers, are categorized as PII. They could change over time but they are still tied to your identity.
This is a type of PII that can give access to your most sensitive data like personal records in areas such as medical and healthcare, financial, insurance, taxes, employment, military service, and education.
Information such as Social Security numbers, your precise geo-location, and login credentials are considered sensitive PII because in some cases, they can grant access to (or at least make it easier to access) other sensitive accounts.
Large-scale data breaches are a major contributor to compromised PII. As are a variety of other methods, including mail theft and phishing.
Here are three real-world examples of large-scale data breaches and their effect:
Twitter in 2022: A hacker exploited a vulnerability in Twitter’s API and obtained the email addresses and phone numbers of 5.4 million users. The hacker then posted this data for sale on a hacking forum.
Microsoft in 2021: A cyberattack on Microsoft Exchange email servers, one of the world's largest email servers, affected more than 250,000 organizations worldwide. Hackers gained unauthorized access to emails from businesses, governments, and universities.
SolarWinds in 2020: SolarWinds, a software used by multiple government agencies and corporations, was attacked by hackers. The hackers inserted malware into software updates that were distributed to SolarWinds' customers, allowing them to gain unauthorized access to sensitive systems and potentially exposing confidential data.
Once obtained, hackers may sell personal information on the dark web to criminal elements such as organized crime and identity thieves.
Sometimes, the stolen PII may be enough to hijack a victim’s account outright. Other times, an identity thief may need to supplement PII gathered with other PII — forming a victim’s identity like a puzzle.
While there are many ways for hackers to obtain PII data, there are also many ways to protect it.
One of the best ways to reduce the odds that your PII will be compromised is to minimize your digital footprint by removing unnecessary PII from your online accounts — and being cautious about sharing it in the first place.
Many people fill out optional form fields without thinking twice about it. But if information isn’t required, why share it? Be especially cautious when sharing your Social Security number and medical, financial, and tax IDs
Ensure that any phones or computers that store that information are password protected
Store identification cards safely and shred physical documents that contain PII before trashing them
Your email address can be a key piece to unlocking access to other accounts so be cautious when sharing it in exchange for discount codes and other freebies
Keep in mind, just because someone has your personal information doesn't mean you've been the victim of identity theft. However, it may make you an easier target for future attempts.
An identity theft protection service like ours can also help you secure and monitor your details. If you’re already a member of Allstate Identity Protection, make sure you activate the features included in your plan that can help you protect your personally identifiable information.
And, should you ever become a victim of identity fraud, we'll be with you every step of the way.
If you're considering one of our services, want more information, or need assistance, please reach out. We’re here to help.