The Biggest Identity Theft Cases of the Past Decade
Learn the details of the most large-scale fraud cases of recent years, and their impact.
Despite technological advancements in global security systems, fraud continues to rise and grow more sophisticated. Certain countries are more vulnerable to fraud. According to the Sumsub 2024 Global Fraud Index, Pakistan has the highest fraud rate, with Brazil, India, Indonesia, and Uzbekistan also ranking among the least protected nations against fraud.
Among all types of fraud, identity theft remains one of the most prevalent. In the first half of 2024 alone, approximately 552,000 identity theft cases have been reported, suggesting the total may surpass that of 2023. In 2023, it resulted in an estimated $23 billion in losses, marking a steady increase from previous years.
Identity theft involves the unauthorized use of personal information—such as names, dates of birth, addresses, bank accounts, and emails—to make purchases, open accounts, withdraw money, or claim tax refunds. This enables fraudsters to exploit their victims’ identities for illicit purposes.
As identity theft becomes an ever-growing threat, several major cases have made headlines in recent years, exposing vulnerabilities and leading to significant financial losses and privacy breaches. Let’s explore some of the biggest identity theft cases of recent times, and learn from them.
Equifax data breach (2017)
What happened: Hackers exploited a vulnerability in Equifax’s system, compromising the personal data of 147 million Americans. Information exposed included Social Security numbers, birth dates, addresses, and even driver’s license numbers.
Impact: The breach affected nearly half of the US population, causing widespread fear of identity theft. Equifax eventually settled for $700 million in fines and compensation.
Suggested read: Fraud Detection and Prevention—Best Practices 2024
Facebook identity theft scandals
Facebook has experienced several major data breaches and identity theft scandals over the years, including the following major ones:
- Cambridge Analytica scandal (2018)
What happened: This scandal involved Cambridge Analytica, a political consulting firm, unauthorized harvesting of personal data from millions of Facebook users.
Impact: The scandal raised significant concerns about data privacy and user consent, leading to widespread public outcry and regulatory scrutiny of Facebook’s data practices
- Data scraping incident (2021)
What happened: In 2021, the personal data of over 533 million Facebook users was scraped and published on a hacker forum. This data included phone numbers, Facebook IDs, full names, birthdates, bios, and email addresses.
Impact: The leaked information could facilitate various identity fraud schemes, including phishing attacks, as cybercriminals could use this data to impersonate victims or manipulate them into revealing more sensitive information.
- Account takeover and romance scams through Facebook
What happened: Numerous reports have surfaced about scammers taking over users’ Facebook accounts and using them to defraud friends and family. For instance, a woman in New Brunswick had her account hijacked, leading to her friends being scammed out of thousands of dollars. Another issue is scammers frequently create fake profiles using stolen photos to engage in romance scams on Facebook. Victims are often manipulated into sending money under false pretenses.
Impact: These incidents illustrate how easily scammers can exploit trust through the use of social networks, often resulting in significant financial losses for victims. Romance scams specifically result in millions of dollars lost annually, with victims feeling embarrassed and reluctant to report the crimes due to shame.
Suggested read: Detecting Romance and Dating Scams: A 2024 Guide for Dating Platforms and Their Users
- Ticket scam incident (2023)
What happened: In 2023, a man named Ben Riddle experienced identity theft when scammers used his pictures to sell fake concert tickets online. Ben had made the mistake of sending a picture of his driver’s license to what he thought was a genuine ticket seller. Later, he realized his identity had been stolen, with multiple Facebook accounts using his name and his photos. Despite reporting the fraudulent accounts several times, they remained active.
Impact: This case highlights the importance of not sharing ID documents online, especially with unchecked individuals, and also underscores the ongoing challenges Facebook faces in combating identity theft, as well as the emotional toll it takes on victims who are wrongfully accused of scamming others.
The above scandals emphasize the importance of vigilance regarding personal information shared online and highlight the ongoing challenges platforms like Facebook face in protecting user data from exploitation.
LinkedIn data breach (2021)
What happened: A data scraping incident exposed the data of 700 million LinkedIn users, nearly 92% of its total user base. Hackers collected information like names, email addresses, phone numbers, and employment details, which were later sold online.
Impact: Although the data didn’t include sensitive financial information, the breach increased risks of phishing and other cyberattacks targeting users’ professional data.
Singtel and Optus data breach (2022)
What happened: Australian telecom giant Optus, owned by Singtel, suffered a data breach that impacted 9.8 million Australians. Hackers stole personal data, including names, dates of birth, addresses, and government identification numbers such as driver’s licenses and passport details.
Impact: The breach led to widespread concerns in Australia, and the government announced regulatory changes to better protect customer data. Optus faced heavy criticism for its security practices.
At the moment Australian regulators and companies are actively engaged in combating fraud, particularly through a series of strategic initiatives and frameworks aimed at reducing scam-related activities, such as Scams Code Framework and National Anti-Scam Centre. Australia occupies the 14th position out of 103 in Sumsub’s Global Fraud Index, and is considered one of the most fraud-protected countries.
