Breach report and Equifax disclosure highlight need to maintain control of digital identity

The amount of stolen personal identity information known to be available online continues to grow, as Equifax has admitted in a “statement for the record” to the Securities and Exchange Commission that millions of driver’s license numbers, addresses and phone numbers were included in the massive breach reported in 2017, Ars Technica reports.

There were 8.7 billion identity records available on the surface, deep, and dark web in 2017, according to a new report by identity threat intelligence firm 4iQ. The company’s 2018 Identity Breach Report, titled “Identities in the Wild: The Tsunami of Breached Identities Continues,” shows it authenticated more than 3 billion identity records stemming from 3,525 breaches.

4iQ CEO Monica Pal said in an announcement that the company has seen increases across the board, in terms of the volume of both inadvertently leaked and deliberately hacked databases. Some of the records are recycled from previous breaches or faked, but 4iQ the number of records it authenticated represent a 64 percent increase over 2016.

Equifax had previously admitted that names, dates of birth, and social security numbers for 143 million U.S. consumers had been stolen from it, as well as driver’s license numbers “in some instances.” The new disclosure puts those instances at 17.6 million, while 99 million addresses, 20.3 million phone numbers, 97,500 Tax Identification numbers, and thousands of images of driver’s licenses, passports, and other identity documents were also breached.

Information about who different pieces of information were stolen from, or how much data is available for the most affected individuals was not disclosed, but the wealth of personal and contact information surely exposes many people to potential identity theft or spear phishing.

“As with the latest Equifax breach disclosure, we are all more aware of how much of our personal information is available to fraudsters who want to use it to steal identities. For consumers to maintain control of their identities in an increasingly online world, I recommend that you start becoming more aware of what information you share and with whom. Take the time to reach out to representatives and ask how they are going to use the information they request, why they need it and how it is stored,” Mitek CEO, President and Chairman James B. DeBello told Biometric Update in an email statement.

“Secondly and most importantly, I find that advanced identity verification techniques that combine biometrics, such as selfies for facial recognition, and another method, such as identity document verification, create one of the most secure ways to ensure a multi-layered protection approach. If a consumer wants to open a new account, they can go through a quick digital process where they take a picture of their government-issued ID and then use their smartphone to take a selfie. That technology would then match the ID to the selfie to ensure that there is a match. Taking control of what is shared, how it is stored and how your data is verified can allow you to take back control of your online identity.”

Article Topics

authentication  |  biometrics  |  data protection  |  digital identity  |  identity verification  |  Mitek