Why Care About Your Data: 5 Consequences of Data Theft

The odds of having your personal data stolen are high. In 2021, consumers filed 5.7 million fraud reports resulting in losses totalling $5.9 billion, with identity theft contributing the most to these figures.

To highlight the importance of data protection, we’ve narrowed down the five biggest consequences of data theft and backed them up with real-life stories. Read until the end to learn how people and businesses can avoid data theft.

Case 1: Personal data stolen to make payments and open bank accounts

“Have you been buying a bunch of exotic pets?” This is the first thing Ana (not her real name) heard when she got a call from her bank. Apparently, criminals stole her credit card data and purchased $8,000 worth of iguanas, cockatoos, and butterfly fishes.

Criminals use stolen data to pay for goods and services from restaurant bills to medical treatment. They can also open bank accounts under the victim’s name, max out credit limits, and vanish without paying up.

Case 2: Loans taken out under the victim’s name

Jack was working crazy hours to save up for an apartment. But one day, he accidentally left his wallet on top of his car in a mall parking lot, and by the time he realized it, the wallet was already gone. Of course, there were personal documents in it.

Soon Jack started receiving bills to pay off loans with up to 500% interest—loans which he never took out himself. His life became a nightmarish version of groundhog day, where he had to repeatedly prove to authorities and collection agencies that it wasn’t him who ran off with the money. His credit history was damaged, so he couldn’t get a car loan, mortgage, or even a credit card. He ended up having to rent a cash-only apartment overrun with cockroaches.

*Based on the real-life stories of Buzzfeed and KrebsonSecurity readers.

Find more insights into other types of fraud in Sumsub’s fraud study (2021).

Case 3: Blackmail

Hackers can steal personal data and threaten the victim with revealing it—unless, of course, the victim agrees to pay up. This can include private pictures and videos, embarrassing stories, corporate secrets, health records, or any other sensitive information that the victim wouldn’t want to become public.

From 2018 to 2020, hackers stole confidential records of thousands of psychotherapy patients in Finland and demanded that the victims pay them in bitcoin to prevent public disclosure.

Blackmail can also be a huge threat to businesses. For instance, in 2015, criminals hacked the personal information of TalkTalk Telecom Group’s customers. The hackers demanded that executives pay 465 bitcoins so they wouldn’t sell this data and ruin the company’s reputation.

Case 4: Intercepted tax refunds

“Halloween used to scare me. I was sure that monsters—specifically zombies—were out to get me. But I’m not afraid anymore because I faced down a nameless ghoul who did more actual harm to me than any imaginary monster could ever do.”

That’s how Allison, a victim of tax identity theft, begins her story.

Allison’s name, Social Security Number, and birth date were used to file a fraudulent tax return, netting a $4,000 refund. By the time she found out what happened, she was on the hook for more than $14,000 (including supposedly unpaid taxes, penalties, and interest).

Case 5: Crimes committed under the victim’s name

How about going to jail for a crime someone else committed?

One day, Jonah Scott Miller was riding his bike when he was stopped by police for a minor traffic infraction. The officers checked his name and discovered a warrant for his arrest. Jonah was never in trouble with the law before, but he was still taken to jail. It turned out that his childhood friend, who he hadn’t seen for years, had used Jonah’s identity during one of his arrests. Jonah was released the next day, but it surely was a nerve-racking experience.

This is called criminal identity theft. It can cost victims emotional despair, imprisonment (another victim of identity theft spent 43 days in jail), and reputational damage, as the victim’s name might be forever associated with a crime somebody else committed.

“How do you recover from this? <…> Now, my name is basically tarnished. People are always going to look at my name and remember something like this,”

—says Nicole Ortiz, whose identity was used to conduct rental scams.

Take our test to see how well you can protect your personal data. Give it a try here!

How companies can protect their users from data theft

Data theft can impact businesses from two perspectives. First, their corporate identity might get stolen (just like a person’s identity) and criminals can use it to open bank accounts, take out loans, or open offices in the company’s name. Second, customers of a business may have their personal data stolen through a data breach. This inevitably results in reputational and financial losses for the business.

Businesses can use three solutions to protect themselves and their users:

1. Data protection systems that ensure that corporate and user data is kept safely.
2. User verification that checks the identities of new customers, filtering out identity thieves.
3. User authentication that ensures that actual users enter their platform, rather than bots and fraudsters.

Identity theft can happen to individuals and businesses alike. If we could take a single piece of advice from identity theft victims, it’s that it’s easier to protect your personal data than to get it back.

Below, you can find a checklist for leveling up your data protection. Don’t hesitate to share this checklist with your friends to keep them safe. And, if you’re a business, consider spreading the word to your users.

What if you could find everything you need to know about data protection in one place? Get our data protection checklist.