® 
Identity Theft
Definition
Identity theft is stealing and misusing someone's personal data to commit criminal activities such as opening bank accounts or taking out loans in the victim's name.
Identity theft is the stealing and misuse of someone's personal data to commit criminal activities such as opening bank accounts, taking out loans, making purchases or committing fraud in the victim's name. According to Javelin Strategy & Research, over 15 million Americans fell victim to identity theft in 2023, with total losses of $23 billion.
How does identity theft work?
Cybercriminals obtain personal data through multiple channels: data breaches exposing millions of records, phishing attacks stealing credentials and personal information, social engineering via phone or social media, malware such as keyloggers and infostealers, dark web marketplaces trading stolen identity data, and physical theft of documents or mail.
Impact on organisations
In business context, credential-based identity fraud is a growing risk. Attackers who take over an employee's identity via stolen credentials can commit BEC fraud, gain unauthorised access to corporate systems and steal data. Customer-facing organisations risk identity fraud with customer data, resulting in reputational damage and GDPR fines.
Protection
Implement MFA on all accounts. Monitor data breaches via Have I Been Pwned and dark web monitoring. Train employees in password hygiene and unique passwords per service. Implement anomaly detection on customer accounts.
How DEFION helps
DEFION provides dark web monitoring as part of Managed Threat Intelligence detecting leaked credentials and personal data. Security Assessments evaluate identity data protection.