The number of reported data theft incidents reached a record high in 2021. According to the Identity Theft Resource Center’s 2021 Data Breach Report, last year’s 1,862 reported breaches was 68% up on the 2020s 1,108 incidents. Center president and CEO Eva Velasquez said she was alarmed by the number, which included cyberattacks on companies that store millions of Americans’ personal information and on some of the biggest oil pipelines in the U.S. She added that there’s no reason to assume that this year will see a decline in the number of personal or other data theft incidents.
Given that the percentage of breaches that involved Social Security numbers and other sensitive information increased to 83% from the previous year’s 80%, it’s important to understand the most common types of personal data theft, how to recognize them, and how to protect against them.
How Personal Data Theft Happens
According to Kaspersky, there are four common ways personal data theft happens. They include lost or stolen devices, accidental insiders, malicious insiders, and malicious outside criminals. Devices that are lost or stolen, unlocked or unencrypted, can provide various personal and other information fraudsters can use. Fraudsters can get their hands on devices such as USB drives that have been thrown away. Dumpster diving is technically not illegal in 50 U.S. states, and some fraudsters are more than happy to sift through trash to find sensitive personal information.
An accidental insider is an authorized person who unintentionally views another person’s personal or other data. For example, someone might read their co-worker’s emails or other files while using their computer. A malicious insider accesses or shares a person’s data intentionally to cause harm. Malicious outside criminals are hackers who use various cyberattacks to steal data from individuals or networks.
Common Types Of Data Theft
Synthetic identity theft is the creation of fake identities using stolen personal information from real people. According to Experian, fraudsters blend data such as addresses, birthdates, and Social Security numbers to create a fake profile which they use to commit financial crimes such as applying for credit cards or loans.
Common signs of synthetic identity theft include unexplained charges on credit reports, mail or phone calls about new credit accounts, and mails to the victim’s address but with another name on them. Using identity monitoring services can help detect synthetic identity theft. If a case is suspected, contact the relevant financial or other institution to alert them.
McAfee advises that financial identity theft uses another individual’s data for financial purposes. This type of theft may include using someone else’s credit card information to make purchases, using Social Security numbers and other data to open credit cards, and stealing funds from bank accounts online.
Financial identity theft is usually detected by checking bank accounts and credit card statements and checking credit reports for score changes. If this happens, you should report suspicious activity to the relevant institution.
Medical identity theft uses another person’s data, such as their name and insurance information, to access medical services, obtain medical supplies and devices, or get drug prescriptions. Reviewing medical claims and insurance records can help detect medical identity theft. Report suspicious activity to health care providers, insurance companies, or the U.S. Department of Health and Human Services.
RegTech Solutions Can Help
LEXcellence reports that RegTech (regulatory technology) can help businesses and other institutions protect their customers from personal data theft. The technology uses machine learning and natural language processing to process thousands of regulations to ensure those institutions comply with data protection regulations.