Data breach, identity fraud trends reveal deepfake and generative AI threats

Identity trends in 2023 saw generative AI facilitate the creation of fake IDs. Notable breaches affected millions around the world, while some approaches to digital identity, like passkey authentication, rose.

Data breaches go hand in hand with synthetic identity theft, in which real PII is mixed with falsified information to create a new identity. It’s no coincidence that half of all consumers had their personal information leaked, while half of all businesses saw a growth in synthetic fraud, according to the 2024 State of Identity Fraud Report from identity proofing and verification provider AuthenticID.

Over 30 percent of businesses reported a growth in breaches in 2023, with synthetic fraud impacting the ecommerce and gaming industries.

AuthenticID’s platform saw an 80 percent rise in detected fraudulent IDs in 2023 from the year prior. Biometric spoof attempts tripled.

Some top tools used by bad actors in 2023 are the dark web, fraud as a service, and generative AI, with the tool wormGPT providing a fast method for generating phishing attacks and malicious code. AuthenticID predicts the first arrest for using AI to impersonate someone will take place in 2024.

Mobile apps saw a 62 percent increase in fraud rates in 2023, while online stores saw a 58 percent increase.

Certain approaches to digital identity grew in 2023. Passwordless passkey authentication grew, and more approaches leverage behavioral biometrics as well. Entities are forming fraud consortiums to share customer data and identify bad actors who often perform similar attacks across different businesses.

Notable breaches of 2023

Forensic and identity verification provider Regula also highlighted notable breaches that fuel identity theft in 2023.

In Massachusetts, Shields Healthcare Group experienced a data breach that compromised the data of 2.3 million people. MOVEit Transfer software, a file transfer tool, saw a leak that impacted over 1,000 entities and more than 60 million people, exposing pension information, social security numbers, and medical records. The popular genetics testing company saw a breach in October that gave unauthorized access to the “DNA Relatives” feature, affecting over 5 million users.

Around the world, government entities also saw substantial volumes of identity fraud. Australia’s myGov platform saw US$ 2 billion in scams in 2023, while Bangladesh experienced a national ID card number data leak.

Surfshark data revealed that the US saw the most breached accounts of any country in 2023. Regionally, Europe saw 39 percent of all leaked accounts in the world, with 116.6 million accounts affected.

The single largest data breach of 2023 targeted LinkedIn user data and affected over 11 million accounts around the world

Article Topics

AuthenticID  |  data privacy  |  financial crime  |  generative AI  |  passwordless authentication  |  Regula  |  synthetic identity fraud  |  trends