Identity theft

Example of an identity theft crime: 1. The fraudster files tax return paperwork in the victim's name, claiming a refund. 2. The IRS issues a refund to the fraudster. 3. The victim submits their legitimate tax return. 4. The IRS rejects the return as a duplicate.

Identity theft, identity piracy or identity infringement occurs when someone uses another's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term identity theft was coined in 1964.[1] Since that time, the definition of identity theft has been legally defined throughout both the U.K. and the U.S. as the theft of personally identifiable information. Identity theft deliberately uses someone else's identity as a method to gain financial advantages or obtain credit and other benefits.[2][3] The person whose identity has been stolen may suffer adverse consequences,[4] especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's financial resources.[5]

Determining the link between data breaches and identity theft is challenging, primarily because identity theft victims often do not know how their personal information was obtained. According to a report done for the FTC, identity theft is not always detectable by the individual victims.[6] Identity fraud is often but not necessarily the consequence of identity theft. Someone can steal or misappropriate personal information without then committing identity theft using the information about every person, such as when a major data breach occurs. A U.S. Government Accountability Office study determined that "most breaches have not resulted in detected incidents of identity theft".[7] The report also warned that "the full extent is unknown". A later unpublished study by Carnegie Mellon University noted that "Most often, the causes of identity theft is not known", but reported that someone else concluded that "the probability of becoming a victim to identity theft as a result of a data breach is ... around only 2%".[8] For example, in one of the largest data breaches which affected over four million records, it resulted in only about 1,800 instances of identity theft, according to the company whose systems were breached.[citation needed]

An October 2010 article entitled "Cyber Crime Made Easy" explained the level to which hackers are using malicious software.[9] As Gunter Ollmann, Chief Technology Officer of security at Microsoft, said, "Interested in credit card theft? There's an app for that."[10] This statement summed up the ease with which these hackers are accessing all kinds of information online. The new program for infecting users' computers was called Zeus, and the program is so hacker-friendly that even an inexperienced hacker can operate it. Although the hacking program is easy to use, that fact does not diminish the devastating effects that Zeus (or other software like Zeus) can do on a computer and the user. For example, programs like Zeus can steal credit card information, important documents, and even documents necessary for homeland security. If a hacker were to gain this information, it would mean nationwide identity theft or even a possible terrorist attack. The ITAC said that about 15 million Americans had their identity stolen in 2012.[11]

  1. ^ "Oxford English Dictionary online". Oxford University Press. September 2007. Retrieved 27 September 2010.
  2. ^ Synthetic ID Theft Cyber Space Times Archived 9 October 2015 at the Wayback Machine
  3. ^ Hoofnagle, Chris Jay (13 March 2007). "Identity Theft: Making the Known Unknowns Known". SSRN 969441.
  4. ^ Drew Armstrong (13 September 2017). "My Three Years in Identity Theft Hell". Bloomberg.com. Bloomberg. Archived from the original on 19 September 2017. Retrieved 20 September 2017.
  5. ^ See, e.g., "Wisconsin Statutes, Sec. 943.201. Unauthorized use of an individual's personal identifying information or documents". Wisconsin State Legislature. Retrieved 19 July 2017.
  6. ^ Federal Trade Commission – 2006 Identity Theft Survey Report, p. 4
  7. ^ "Data Breaches Are Frequent, but Evidence of Resulting Identity Theft Is Limited; However, the Full Extent Is Unknown" (PDF). Highlights of GAO-07-737, a report to congressional requesters. gao.gov. Retrieved 22 September 2010.
  8. ^ Sasha Romanosky. "Do Data Breach Disclosure Laws Reduce Identity Theft?" (PDF). Heinz First Research Paper. heinz.cmu.edu. Archived from the original (PDF) on 2012-01-20. Retrieved 2009-05-27.
  9. ^ Giles, Jim (2010). "Cyber crime made easy". New Scientist. 205 (2752). Elsevier BV: 20–21. doi:10.1016/s0262-4079(10)60647-1. ISSN 0262-4079.
  10. ^ Giles, Jim. "'Credit card theft? There's an app for that'". New Scientist. Retrieved 2021-03-19.
  11. ^ Victims of Identity Theft, 2012 BJS