Identity theft

Identity theft is the theft or unauthorized use of sensitive, personal information in order to access a person’s financial resources or to commit crimes.

For example, using stolen credit card numbers to make purchases or using personal information (date of birth, social security number, etc) to obtain credit by applying for fraudulent credit cards.

The increasing prevalence of technology in everyday life combined with the increasing sophistication of criminals and identity thieves has caused identity theft to rise in recent years. While it may not be possible to completely avoid having personal information end up in the wrong hands, the risk of identity theft can be reduced.

Here’s what to do if you’re dealing with identity theft.
Here’s what to do if you got a data breach notice.


Understanding how identity theft occurs can help consumers protect themselves from scams and other fraudulent scenarios. Three common causes of identity theft are described below.

1. Lost or stolen documents

Studies show that a stolen wallet or purse is one of the most common explanations for how identity theft occurs. A typical person’s wallet contains a lot of sensitive identifying information which identity thieves can use to make purchases, open new lines of credit, obtain housing, and apply for loans. Improper disposal of documents or mail that contains sensitive information (such as tax documents, checks, or bank statements) may also provide an opportunity for criminals to assume your identity.

Risk mitigation strategies:

  • Shred documents that include personal information
  • Don’t have important documents sent to dormitories and off-campus apartments where mail might not be secure — consider having sensitive documents sent to your family’s home or a post office box
  • Avoid providing social security numbers or other intimate data unnecessarily
  • Password protect all financial accounts
  • Guard sensitive information such as passwords/pin numbers
  • Protect yourself against “shoulder surfing,” in which a criminal looks over a victim’s shoulder to see his or her ATM pin

2. Insecure online data

Sending or sharing information over unsecured internet connections or on social media gives criminals and hackers the opportunity to access and steal your personal information. Using easy-to-guess passwords or the same password across multiple platforms also leaves you vulnerable, and fraudsters can mine social media posts for information that could help them get past account security questions.

Occasionally, personal information is illegally obtained through phishing scams. Phishing scams occur when a criminal poses as a legitimate entity, such as an IT administrator or bank, and requests a victim’s information via email or a fake website.

Risk mitigation strategies:

  • Use end-to-end encryption
  • Avoid making payments over public wifi
  • Use strong, difficult-to-guess passwords
  • Do not repeat passwords across multiple sites/accounts
  • Use automatic updates for software/apps to take advantage of the latest security patches
  • Do not click on email attachments from unknown sources
  • Install antiviral software to help you detect and get rid of malware
  • Verify a website is legitimate before entering your log-in information
  • Be savvy about what you share on social media

3. Company-wide data breaches

A data breach occurs when secure information gets released—whether through a malicious act or by accident—into an unsecured environment. Company-wide data breaches make the news because they impact large numbers of people within a short period of time and there is very little a consumer can do to avoid becoming a victim.

For example, in the 2013 Target data breach, criminals gained access to the data from magnetic strips on customers’ credit and debit cards. This data included the customer’s name, credit or debit card number, the card’s expiration date, and CVV (the three-digit security code). 40 million customer accounts were affected.

In 2017, Equifax — one of the three largest consumer credit reporting agencies in the United States — announced that its systems had been breached and the sensitive personal data of 148 million Americans had been compromised. The data breached included names, home addresses, phone numbers, dates of birth, social security numbers and driver’s license numbers. The credit card numbers of approximately 209,000 consumers were also breached.

Mitigation strategies:

  • Sign up for transaction alerts
  • Request a free credit report each year and check it thoroughly for mistakes and/or unauthorized accounts
  • Regularly monitor accounts to ensure no erroneous charges or transfers have been made

Additional resources