Identity theft is getting personal. What to do if you’ve found yourself on a list of breached personal data

With its latest Ultimate subscription tier for consumers, ESET introduces a globally available Identity Protection service that regularly scans black markets on the dark web for stolen personal data and identity.

Sometimes life can be unfair. Let’s say you are a tech-savvy person who often serves as home admin for your family and are well aware of the cyberthreats out there. Your cyber defenses are set up, you have the latest updates, and so far you have successfully avoided every phishing campaign trying to get your money or personal information. Yet, one day, you find out that someone has stolen your identity for unheavenly purposes.

These things happen because instead of targeting individuals, cybercriminals often tend to focus their attention on vulnerable institutions that gather huge amounts of personal data such as universities or hospitals. Even worse, big companies handling sensitive data can be also breached; for example, the 33 million French citizens impacted by the country's largest-ever breach of two payment processors in early 2024. 

This raises questions about what the public can do in a situation where cybercriminals have stolen a user’s personal data from an external source, putting them at risk of identity theft, and whether there is a way a cybersecurity solution can help them individually. 

Identity thieves usually hunt for personal information such as passwords, ID numbers, credit card numbers, or social security numbers to act fraudulently in the victim’s name.

To be even more effective in impersonating someone else, fraudsters gather any publicly available information about their victim. They may go through a victim’s social media pages, business or employer’s records, and government databases.

With this data, fraudsters can apply for loans, make online purchases, apply for a credit card, obtain medical care, or access the victim’s financial data. If the victim’s password was breached during the attack and this password is used repeatedly on multiple sites, hackers can easily hijack several of the victim’s accounts.

For example, every year fraudsters use thousands of stolen identities in attempts to rob the United States Treasury by filing fake tax returns that claim tax refunds. As of February 24, 2024, the Internal Revenue Service identified 32,616 tax returns with approximately $272.7 million claimed in fraudulent refunds and prevented the issuance of $262.7 million (96.3 percent) of those refunds.

Identity theft in the U.S. 

• 2023 saw a record-high number of data compromises in the U.S. in a single year – 72 percentage points higher than the previous record from 2021. At least 353 million individuals were impacted, according to the Identity Theft Resources Center.
• Accumulated losses related to identity theft reached around $12.6 million in 2023, according to FBI statistics.
• There have been 3,713 data breaches at U.S. educational institutions from 2005 to March 2024 with at least 37,606,243 individual records affected.
• In H1, 2024, 387 data breaches of 500 or more healthcare records were reported to the U.S. Department of Health and Human Services Office for Civil Rights. More than 4.5 million breached healthcare records are confirmed.

Once the victim’s identity has been abused, they might be held responsible for the perpetrators’ actions, be subject to investigation by law enforcement, and/or face consequences such as legal charges, changes to their credit status, and reputation damage.

ESET is well aware of this pressing issue and has delivered a solution to minimize the risk of these situations.

With its Ultimate subscription tier for consumers, ESET now introduces its globally available Identity Protection service, which regularly scans thousands of websites, including those on the dark web, black market chat rooms, blogs, and other data sources to detect illegal trading and selling of your personal information. Users in U.S. can benefit from several additional features.

Activation of Identity Protection takes place in ESET HOME. Users enter their data such as name, address, ZIP, country, and up to 10 email addresses and the Identity Protection function will go to work monitoring online black markets, searching for leaked sensitive information previously entered by users. 

ESET technology sends prompt alerts so users can take immediate action, including notifications around compromised credentials and potential account takeovers.

For example, if a user is a victim of a mass data breach, they will be notified if data they have previously entered are found on the internet.

When you find yourself among the victims of a mass data breach, keep calm but also act quickly to mitigate the damage. 

• Contact the police and a relevant antifraud office in your country to inform officials that your personal information might be used for frauds. In some cases, they can declare the stolen cards or documents fully invalid. 
• If banking information is stolen, contact your bank, place a fraud alert on your credit reports, and freeze your credit file.
• Scammed taxpayers should place a fraud alert on their credit records and later claim a refund, but they need to be prepared to take additional steps to prove their identity to the IRS or other tax authorities.
• Search for any accounts opened by scammers and request their shutdown.
• Search for unauthorized purchases made via your accounts. If found, request a refund.
• Change and strengthen passwords to your accounts.
• Check for notifications concerning changes to your accounts made by someone else.

Sometimes, bad things just happen and it’s not your fault. That’s why it is important to follow the Scout’s motto: be prepared.

Swift action is key in such cases and ESET Identity Protection gives you the advantage of knowing about data breaches as soon as possible. Hopefully, the aforementioned tips will help you act quickly and effectively so you can avoid any significant damage.