If you’ve been keeping eye on the news surrounding identity theft, data breaches, personal or online privacy, you have probably noticed a common theme throughout – Personally Identifiable Information, or PII. While this term might seem straightforward, it’s more complicated than you think. And, having your PII compromised by scammers can be devastating to your personal and financial profile.
The National Institute of Standards and Technology (NIST) defines PII as:
“information which can be used to distinguish or trace the identity of an individual (e.g., name, social security number, biometric records, etc.) alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual (e.g., date and place of birth, mother’s maiden name, etc.).”
The list is not exhaustive. It also includes medical, educational, financial, employment, and any other information that can be used to identify you.
PII is significant because, whether lost, stolen, or exposed, it is how identity thieves perpetrate their crimes. Sometimes all it takes is one or two pieces of information to compromise a person’s identity. Still, not all PII is considered equal.
Some pieces of information are unique to you, and you alone. PII in this context is often referred to as “sensitive.” These are the identifiers that identity thieves are most interested in capturing, and include your:
- Personal identification numbers: social security number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, financial account number or credit card number
- Personal address information: street address or email address
- Personal telephone numbers
- Personal characteristics: photographic images (particularly of face or other identifying characteristics), fingerprints, or handwriting
- Biometric data: retina scans, voice signatures, or facial geometry
- Information identifying personally owned property: VIN number or title number
- Asset information: Internet Protocol (IP) or Media Access Control (MAC) addresses that consistently link to a particular person
Other pieces of data on their own won’t constitute as PII because they could be shared with other individuals. This information has become known as “linkable.” By combining them together, or linking to one of the above examples, they can be equally as appealing to fraudsters… and equally as harmful if exposed. These could be your:
- Date of birth
- Place of birth
- Business telephone number
- Business mailing or email address
- Geographical indicators
- Employment information
- Medical information
- Education information
- Financial information
What Criminals Do with PII?
There are several malicious ways that cybercriminals and identity thieves use our PII. In direct attacks, they can apply for loans or lines of credit, make purchases with our credit cards, steal our tax refunds, drain financial accounts, or more.
Another way that our PII is used is to commit synthetic identity theft. Synthetic identities are created when a fraudster combines someone’s personally identifiable information with fake details. For example, a real Social Security number might be cobbled together with a fake name and address to create a new identity. If the thief uses this identity to commit a crime, you will be implicated because your Social Security Number was used.
The third way that criminals use our PII is to turn around and sell it on the Dark Web for profits. Everything from social media credentials to credit card numbers, medical records, and Netflix passwords are sold off on this underbelly of the internet. And, hackers can make a pretty penny by capturing and offloading our data. In April of this year, a notorious ring of cybercriminals announced the sale of more than 5 million credit cards, stolen from Saks Fifth Avenue and Lord & Taylor.
Let IdentityForce Protect Your PII
It’s our sole job to protect your sensitive information. Unlike companies like Equifax, we will never sell your data to third parties or use it for any other purpose. For us, it’s personal, and we entrust our own PII to the IdentityForce system every day.
Let IdentityForce’s identity protection services to the heavy lifting for you, and instantly alert you to any suspicious activity surrounding your PII. Start your free, 14-day trial today.