Nov 03, 2023
3 min read

Why Care About Your Data: 5 Consequences of Data Theft

We cover real-world data theft stories and provide useful tips on how to stay safe

The odds of having your personal data stolen are high. In 2022, a huge chunk of the UK’s 1.2 billion GBP (1.5 billion USD) in fraud losses were due to identity theft alone. 

To highlight the importance of data protection, we’ve narrowed down the five biggest consequences of data theft and backed them up with real-life stories. Read on to learn how people and businesses can avoid data theft.

Case 1: Personal data stolen to make payments and open bank accounts

“Have you been buying a bunch of exotic pets?” This is the first thing Ana (not her real name) heard when she got a call from her bank. Apparently, criminals stole her credit card data and purchased $8,000 worth of iguanas, cockatoos, and butterfly fishes.

Criminals use stolen data to pay for a wide range of goods and services, from restaurant bills to medical treatment. They can also open bank accounts under the victim’s name, max out credit limits, and vanish without paying up.

Case 2: Taking out loans

Jack was working crazy hours to save up for an apartment. But one day, he accidentally left his wallet on top of his car in a mall parking lot—and by the time he realized it, the wallet was already gone. Of course, his IDs were in it. 

Jack started receiving bills to pay off loans with up to 500% interest—loans which he never took out himself. His life became a nightmarish version of “Groundhog Day,” where he had to repeatedly prove to authorities and collection agencies that it wasn’t him who took out the loans. His credit history was damaged, so he couldn’t get a car loan, mortgage, or even a credit card. He ended up having to rent a cash-only apartment overrun with cockroaches.

*Based on the real-life stories of Buzzfeed and KrebsonSecurity readers.

Find more insights into other types of fraud in Sumsub’s fraud study (2021)

Case 3: Blackmail

Hackers can steal personal data and threaten the victim with revealing it—unless, of course, the victim agrees to pay up. This can include private pictures and videos, embarrassing stories, corporate secrets, health records, or any other sensitive information that the victim wouldn’t want to become public.

From 2018 to 2020, hackers stole the confidential records of thousands of psychotherapy patients in Finland and demanded that the victims pay them in bitcoin to prevent public disclosure.

Blackmail can also be a huge threat to businesses. For instance, in 2015, criminals hacked the personal information of TalkTalk Telecom Group’s customers. The hackers demanded that executives pay 465 bitcoin so they wouldn’t sell this data and ruin the company’s reputation.

Case 4: Intercepted tax refunds

“Halloween used to scare me. I was sure that monsters—specifically zombies—were out to get me. But I’m not afraid anymore because I faced down a nameless ghoul who did more actual harm to me than any imaginary monster could ever do.”

That’s how Allison, a victim of tax identity theft, begins her story.

Allison’s name, Social Security Number, and birth date were used to file a fraudulent tax return, netting a $4,000 refund. By the time she found out what had happened, she was on the hook for more than $14,000 (including supposedly unpaid taxes, penalties, and interest).

Case 5: Crimes committed under a stolen name

How about going to jail for a crime someone else committed?

Jonah Scott Miller was riding his bike when he was stopped by police for a minor traffic infraction. The officers checked his name and discovered a warrant for his arrest. Jonah was never in trouble with the law before, but he was still taken to jail. It turned out that his childhood friend, who he hadn’t seen for years, had used Jonah’s identity during one of his arrests. Jonah was released the next day, but it surely was a nerve-racking experience.

This is called criminal identity theft. It can cost victims emotional despair, imprisonment (another victim of this sort of identity theft spent 43 days in jail), and reputational damage, as the victim’s name might be forever associated with a crime somebody else committed.

“How do you recover from this? <…> Now, my name is basically tarnished. People are always going to look at my name and remember something like this,”

—says Nicole Ortiz, whose identity was used to conduct rental scams.

Take our test to see how well you can protect your personal data. Give it a try here!

How companies can protect their users from data theft

Data theft can impact businesses from two perspectives. First, their corporate identity might get stolen (just like a person’s identity), with criminals using it to open bank accounts, take out loans, or even open offices. Second, the business’s customers can get their personal data stolen through a data breach. This inevitably results in reputational and financial losses.

Businesses can use two solutions to protect both themselves and their users:

  1. User verification that checks the identities of new customers, filtering out identity thieves.
  2. User authentication that ensures that actual users enter their platform, rather than bots and fraudsters.

Identity theft can happen to individuals and businesses alike. If we could take a single piece of advice from identity theft victims, it’s that it’s easier to protect your personal data in the first place than to get it back.

CybersecurityFraud PreventionIdentity Theft