Identity Theft
What is Identity Theft?
Identity TheftThe misuse of another person's personal information to impersonate them, open accounts, obtain credit, claim benefits, or commit other fraud.
Identity theft is the unauthorised use of personal data such as names, government IDs, dates of birth, addresses, or financial details to impersonate a victim. Source data typically comes from breaches, info-stealers, phishing, mail theft, or public records aggregation. With enough data, criminals open credit lines, apply for tax refunds, file false insurance or unemployment claims, or commit synthetic-identity fraud by combining real and fabricated attributes. Victims often face years of remediation. Mitigations include strong MFA, credit freezes and monitoring, careful data minimisation, secure document disposal, and prompt reporting to banks, credit bureaus, and authorities when suspicious activity appears.
● Examples
- 01
Using a stolen Social Security number to open new credit cards.
- 02
Synthetic identity fraud: combining a real SSN with a fabricated name to obtain loans.
● Frequently asked questions
What is Identity Theft?
The misuse of another person's personal information to impersonate them, open accounts, obtain credit, claim benefits, or commit other fraud. It belongs to the Attacks & Threats category of cybersecurity.
What does Identity Theft mean?
The misuse of another person's personal information to impersonate them, open accounts, obtain credit, claim benefits, or commit other fraud.
How does Identity Theft work?
Identity theft is the unauthorised use of personal data such as names, government IDs, dates of birth, addresses, or financial details to impersonate a victim. Source data typically comes from breaches, info-stealers, phishing, mail theft, or public records aggregation. With enough data, criminals open credit lines, apply for tax refunds, file false insurance or unemployment claims, or commit synthetic-identity fraud by combining real and fabricated attributes. Victims often face years of remediation. Mitigations include strong MFA, credit freezes and monitoring, careful data minimisation, secure document disposal, and prompt reporting to banks, credit bureaus, and authorities when suspicious activity appears.
How do you defend against Identity Theft?
Defences for Identity Theft typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Identity Theft?
Common alternative names include: Identity fraud, ID theft.
● Related terms
- privacy№ 818
Personally Identifiable Information (PII)
Any data that can identify a specific individual on its own or when combined with other information, such as names, identifiers, or biometric records.
- attacks№ 275
Data Breach
A confirmed security incident in which an unauthorised party accesses, exfiltrates, or discloses sensitive, protected, or confidential information.
- attacks№ 821
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
- attacks№ 010
Account Takeover (ATO)
An attack in which a criminal gains unauthorised control of a legitimate user account and uses it to steal funds, data, or commit further fraud.
- attacks№ 1047
SIM Swapping
A fraud technique in which an attacker tricks or bribes a mobile carrier into transferring a victim's phone number to a SIM the attacker controls.
- malware№ 531
Info Stealer
Malware that harvests credentials, cookies, tokens, crypto wallets, and other sensitive data from an infected device and exfiltrates it to the attacker.