Data Breaches and Identity Theft: Understanding the Connection



Data breaches and identity theft are serious threats in the digital age that can have major financial and emotional consequences for victims. A data breach is an incident where sensitive information is accessed without authorization, often due to a cyber attack. This can include personal data like names, Social Security numbers, dates of birth, addresses, credit card numbers, medical records, and more. Identity theft is when someone gains access to another individual’s personal information and uses it fraudulently for economic gain.  


The connection between data breaches and identity theft is clear – the disclosure of private data in a breach provides criminals an opportunity to commit identity theft. According to the Identity Theft Resource Center, almost 50% of data breach victims later have their information used for fraudulent purposes. When a data breach occurs, whether it’s on a large or small scale, it gives cybercriminals access to the building blocks needed to impersonate victims and exploit their identities. This has made data breaches one of the leading sources of identity theft today.


Recent Major Data Breaches


One of the largest and most impactful data breaches in recent history was the 2017 breach at Equifax, one of the three major American credit reporting agencies. The attackers exploited a security vulnerability in Equifax’s website to gain access to the personal information of over 147 million people, including names, Social Security numbers, birth dates, addresses, and some driver’s licence numbers. 


This enormous breach highlighted how even large, established companies can suffer data breaches that put millions of people’s sensitive information at risk. The Equifax breach enabled criminals to commit various forms of identity theft using people’s stolen information. It also underscored the vast amounts of personal data that credit reporting agencies collect and store, often without consumers’ full understanding or consent.


The Equifax breach sparked public outrage, government investigations, and legal action. But it was far from the only major corporate data breach in recent years. Other large companies suffering breaches include Yahoo, Marriott, Facebook, Uber, Capital One, and many more. These incidents reveal an epidemic of cyber attacks targeting valuable consumer data.


How Data Breaches Enable Identity Theft


When a company suffers a data breach, sensitive personal information about customers or employees falls into the wrong hands. This often includes full names, birthdates, Social Security numbers, financial account details, and more. Hackers who obtain this data will frequently sell it on the dark web or use it themselves to commit identity theft and fraud.


With enough key details about an individual, criminals can open new accounts or take over existing accounts. For example, they may apply for credit cards, take out loans, or even file a fake tax return for a refund. Banks and lenders rely on personal info like SSNs and addresses to verify identities. So when thieves have this data, it can be relatively easy for them to impersonate victims.


Cybercriminals also leverage stolen information to gain access to the victim’s existing accounts through password resets and security questions. Oftentimes the answers to these (mother’s maiden name, high school mascot, etc.) are included in hacked data. Once logged in, thieves can steal funds, redirect payments, or make unauthorised transactions.


In essence, data breaches hand criminals the keys to steal identities. The more sensitive personal data that gets exposed in a breach, the higher the risk that those impacted may become victims of serious identity theft and fraud. Companies that fail to protect customer data are inadvertently enabling these crimes.


Most Common Forms of ID Theft


Identity theft can take many forms, but some of the most common types include:


Tax Fraud 


One of the most damaging forms of identity theft is tax fraud. This occurs when a criminal files a fraudulent tax return using a victim’s name and social security number. They can claim tax refunds that should go to the victim. Fighting tax fraud and getting the IRS to correct the issue can be a long and arduous process for victims.


Credit Card Fraud


Criminals may open new credit cards in a victim’s name or make unauthorised charges on existing cards. Victims may not even realise what’s happened until they review their credit report or get a bill for purchases they didn’t make. Credit card companies will generally investigate fraud claims, but it takes significant time and effort for victims to resolve. 


Medical Identity Theft


Thieves may use someone’s personal information to obtain medical services, prescription drugs, or health insurance claims under their name. This can result in inaccuracies in the victim’s medical records that are difficult to correct. It can also leave the victim responsible for huge medical bills.


Social Security Benefits Fraud


Identity thieves may use a victim’s SSN to claim government benefits such as Social Security, unemployment payments or disability benefits that should go to the victim. Restoring the benefits and correcting the fraud usually requires considerable effort.


Driver’s License Identity Theft


Criminals obtain a driver’s licence using a victim’s name but their own photo. They can then use this ID for many nefarious purposes without the victim’s knowledge. It often takes years to unravel the mess caused by this theft.


Identity theft can wreak havoc on victims’ finances, reputation, credit and peace of mind. Understanding the common forms it takes is an important step in protecting yourself.


Financial Impact of ID Theft


Identity theft has a significant financial impact on consumers and the financial system overall. An estimated 16.7 million Americans experienced identity theft in the past year, resulting in over $56 billion in losses. The average financial loss per victim was $3,400. 


The financial costs of identity theft are broad and can be difficult to recover from. Victims often have fraudulent purchases or loans opened in their name, or even have their existing accounts compromised. This damages credit scores and leaves victims struggling to clear their name with banks, debt collectors and credit agencies. Victims frequently have to spend hours communicating with financial providers to shut down fraudulent accounts while restoring access to their legitimate accounts. This process can often take months or even years depending on the level of fraud.


If identity thieves take out loans in the victim’s name, it can saddle victims with repayment obligations and negative accounts on their credit reports. Victims may be denied future loans, credit cards or mortgage approvals as a result of compromised credit and scores. Some victims end up declaring bankruptcy after being left to deal with massive fraudulent debts acquired by thieves.


Beyond individual consumers, identity theft places a significant financial burden on the credit industry overall. When identity thieves take out loans or purchase goods using stolen information, it results in billions of dollars in losses annually for creditors, lenders, retailers and insurers. These losses contribute to higher interest rates, fees and premiums for all consumers.  


Ultimately, identity theft has severe financial repercussions that can plague victims as well as the credit industry for years. Developing more secure systems to prevent data breaches and identity theft remains an imperative issue.


Emotional Impact on Victims


Identity theft can have a significant emotional impact on victims. In addition to the financial losses and hassle of resolving fraudulent accounts and charges, identity theft also causes high levels of stress, anxiety, and trauma for those affected. 


Victims of identity theft often experience:


– A loss of personal security and violation of privacy. Having their personal information misused makes victims feel exposed and exploited.


– Fear over current and future repercussions. Victims worry about additional fraudulent accounts or charges occurring, as well as impacts to their credit, reputation, and finances over months and years.


– Frustration and anger over the situation. Resolving identity theft and fraudulent accounts is time-consuming and difficult. Victims feel angry that someone violated their privacy and security.


– Anxiety over the inability to fully control or contain the situation. Even after discovery, victims worry that more of their information is compromised or that new fraudulent activity will occur. 


– Stress from navigating bureaucracies to report thefts and fraudulent accounts. The effort required to report and resolve identity theft is itself a significant source of stress.


The emotional impact of having your identity and private information stolen should not be underestimated. Victims often feel violated and experience prolonged anxiety and trauma related to the theft. Support resources can help victims cope with these emotional effects.


How to Minimise Risk of ID Theft


There are several steps individuals can take to reduce their risk of becoming victims of identity theft:


Monitor accounts regularly: 

Keep a close eye on all your financial accounts by reviewing statements and online accounts frequently. Look for any suspicious or unauthorised activity and report it immediately. Sign up for transaction alerts from banks and credit card companies.


Use strong and unique passwords: 

Have different secure passwords for every account, especially financial and email accounts. Avoid using personal information in passwords. Use password managers to generate and store strong passwords. Enable two-factor authentication when available.


Limit sharing of personal information: 

Be cautious about sharing personal and financial details online or with companies. Provide only necessary information and ask how it will be safeguarded. Check privacy policies of websites and apps.


Secure your devices: 

Keep security software updated on computers, laptops and mobile devices. Don’t click on suspicious links or attachments which can install malware. Use a VPN when accessing public Wi-Fi. 


Monitor your credit: 

Regularly check your credit reports from Equifax, Experian and TransUnion. Consider placing a credit freeze or fraud alert if you suspect identity theft.


Shred documents: 

Shred receipts, statements and other sensitive paperwork before throwing them out.


Educate yourself: 

Stay informed about the latest threats and prevention strategies for identity theft. Be wary of phishing emails, texts and phone calls attempting to steal your personal information.


What to Do If You’re a Victim


If you discover you have become a victim of identity theft as a result of a data breach, take the following steps:


– File a police report. This helps establish a record of the crime and can aid you in dealing with credit reporting agencies and financial institutions. Provide as many details as possible.


– Contact the three major credit bureaus – Experian, Equifax, and TransUnion. Place a fraud alert on your credit reports and request copies of your credit reports to review for any fraudulent accounts or charges. Consider freezing your credit to prevent new accounts from being opened.


– Report identity theft to the Federal Trade Commission (FTC). The FTC provides guidance on steps to take and keeps track of identity theft cases. File a complaint with the FTC’s Identity Theft Data Clearinghouse. 


– Contact all financial institutions and companies where you know or suspect fraudulent accounts have been opened or fraudulent charges have occurred. Close any unauthorised accounts and work to get fraudulent charges reversed. Request copies of documentation.


– Consider filing an Identity Theft Report with the FTC. This provides important legal rights when seeking to correct your credit report or fix other identity theft issues.


– Continue to monitor your credit reports and financial account statements closely for any additional suspicious activity. It may take persistence over an extended time to fully resolve identity theft.


Policy and Legal Protections


Consumers have certain legal protections and recourse when it comes to identity theft resulting from data breaches. Here are some of the key laws and regulations:


– The Fair Credit Reporting Act (FCRA) gives consumers the right to dispute any errors on their credit reports, require credit bureaus to investigate disputed entries, and require erroneous entries be removed. This is important for correcting any fraudulent activity that appears on your credit report.


– The Fair and Accurate Credit Transactions Act (FACTA) helps prevent identity theft by allowing consumers to place fraud alerts and security freezes on their credit files. This makes it harder for identity thieves to open new accounts in your name. 


– The Federal Trade Commission (FTC) enforces laws related to identity theft, credit reporting, and privacy. Consumers can report identity theft to the FTC to help with recovery. The FTC also provides educational resources to consumers.


– Many states have laws regarding security breach notifications, requiring companies to notify consumers if their personal data is compromised. This allows consumers to take protective steps in the event their data is exposed.


– Some states also have specific laws related to identity theft, setting out consumer rights, company obligations, and penalties for violations. These laws vary by state but aim to protect residents.


Consumers should be aware of their rights and protections under these laws. Reporting identity theft promptly and keeping thorough records are important in leveraging these protections. Complaining to relevant government agencies can also help hold companies accountable for data breaches that enable identity theft. While legal recourse cannot undo identity theft, consumers have options to help detect, repair, and prevent further damage.




Data breaches and identity theft go hand-in-hand. Major data breaches at large companies put personal information in the hands of cybercriminals, who can then use that information to steal identities and commit fraud. As we’ve explored, the most common forms of fraud are credit card fraud, tax refund fraud, and opening new accounts in the victim’s name. The financial impact can be severe, costing victims time and money to resolve the issues caused by the theft. There is also an emotional toll caused by the stress and frustration of having your identity compromised. 


While data breaches are out of an individual’s control, there are steps you can take to minimise your risk, like using strong passwords, reviewing your account statements, and freezing your credit. Be proactive in monitoring your credit reports and accounts for any suspicious activity. If you do become an identity theft victim, act quickly to report it and protect yourself from further damage. Work with your banks and creditors to close fraudulent accounts and restore your good standing. Laws like the Fair Credit Reporting Act provide protections and paths to restitution.


In summary, major data breaches increase the risk of identity theft, but consumers have options to guard against and respond to ID theft. Remaining vigilant is key. With proactive monitoring and quick action when fraud does occur, the impact can be contained.

Leave a Comment