Protecting your data from identity theft

identity theft

Protecting your data from identity theft

identity theftWhen a company’s database is compromised, personal information can be stolen and sold on the dark web, where cybercriminals trade these ‘commodities.’ This stolen information is often used for various criminal activities, including phishing, account takeovers, identity cloning, synthetic identity creation (by combining real and fake personal data), account trading, and more.

Identity theft and its consequences

Identity theft often stands as a primary consequence of data breaches. Corporate databases can leak to unauthorized access by individuals with different motives and capabilities, including internal employees, competitors, and hackers 

Here’s a real case of identity theft: A debt collector, claiming to represent a leasing company, handed an overdue loan invoice to an individual who had never taken out a loan from the company.

Upon closer examination of the personal information provided, it was revealed that certain details, such as the residential address and the name of the company where the victim worked, were incorrect. The victim remembered providing her name, a copy of her ID card, and a photo to establish a new online retail account.

From the above case, it can be concluded that it is likely that the individual’s personal data—her ID card, photo, and name—had been exposed and stolen by an irresponsible party who then used it to fabricate a synthetic identity for the purpose of obtaining a loan.

Such incidents frequently occur and have negative consequences. Although the victim is not required to repay the loan, her name may still be adversely affected, potentially resulting in a poor credit score, unless the leasing company coordinates with the Financial Services Authority (OJK.) to rectify the situation.

The losses are not limited to the individual victims but also affect retail and leasing companies themselves. The impact of such schemes encompasses financial losses, damage to reputation, and legal implications.

Identity theft has become a widespread threat, causing substantial harm to businesses. Studies reveal that in 2022, India ranked first globally in cases of identity theft, with an estimated 27.2 million people falling victim. 

The United States took second place, with around 13.5 million consumers experiencing identity theft in the same year. Japan followed, with three million people becoming identity theft victims annually.

Preventing data leaks

Reducing identity theft must start with effective data security measures, both for individuals and organizations.

On the organizational level, the bigger the name of an organization, the more potential it has to become the target of unauthorized access. Therefore, companies need to take mitigation measures, including:

  • Conducting employee background checks and due diligence on business partners. Background checks help identify potential risk factors associated with individuals who have access to sensitive databases.also ensures that business partners with access to a company’s systems and data can be trusted and are secure.
  • Access Control. Strict access control measures ensure that only authorized personnel have access to sensitive databases.
  • Establish data destruction policies for both physical and digital data. These policies help organizations in effectively managing the data lifecycle, mitigating data breach risks, ensuring regulatory compliance, and safeguarding sensitive information.
  • Strong network security. Securing network infrastructure with firewalls, intrusion detection systems, and intrusion prevention systems can help prevent unauthorized access.

As for individuals, personal data security is the responsibility of every person. Our personal information, such as phone numbers, ID, bank account numbers, PINs, and more, are potential vulnerabilities that can be exploited by scammers with malicious intent. 

This is why we must proactively protect our personal information by avoiding sharing it with untrusted parties, being vigilant against phishing, and reading and understanding the privacy policies of websites and online services we use.


Image by Integrity

Share this post: