New Regula analyses reveal how AI and data exposure are reshaping identity crime

Consumers are growing anxious while older people are especially vulnerable. Identity fraud is becoming systemic, surging in scale and sophistication. The problem is affecting a swathe of industries, fueled by artificial intelligence and massive data exposure.

Meanwhile, uneven protection standards stymy defenses. But there are ways to combat the rising threat. New analyses from Regula pinpoints the trends occurring in identity crime while offering methods to ward off potential attacks.

The company says attackers are now operating at industrial scale leveraging automation, impersonation and credential‑based attacks to target individuals, businesses and government agencies. “Across all datasets, one conclusion stands out clearly,” says Henry Patishman, EVP of Identity Verification Solutions at Regula.

“Identity has become the defining security of our time. AI is powering a new wave of fraud, digital trust now determines whether customers stay or leave, and billions of leaked identity attributes are enabling attacks at unprecedented scale.”

For consumers, identity crime became more intrusive and harder to detect. AI‑generated deepfake voice calls mimicking family members, and synthetic identities capable of passing verification checks, contributed to anxiety that fraud attempts are inevitable.

This erosion of trust has changed behavior. Customers are more likely to abandon a company after a security incident with many choosing banks and payment providers based on the strength of their fraud‑prevention measures. Regula observes that in 2025, trust has become a competitive metric.

Business continues to struggle with identity‑driven attacks, largely because outdated or inconsistent password‑based authentication remains embedded. Attackers armed with vast volumes of breached identity records can reconstruct complete digital profiles and launch high‑impact attacks with minimal technical effort.

A single compromised employee password can lead to phishing campaigns, account takeovers or access to sensitive customer data. Regula found that in most major incidents, attackers did not need to exploit infrastructure vulnerabilities; identity controls were the weakest point in the security chain.

Government agencies also reported rising losses, particularly among older adults. Fraudsters used publicly leaked identity information to impersonate officials, tax authorities or postal services, making scams more convincing and causing seniors to suffer the highest financial harm.

With the incidents that occurred this year, it’s clear that identity has become the defining cybersecurity perimeter, believes Patishman. “Criminals no longer break into systems — they break into people, using biometrics, deepfakes, and stolen credentials as their entry point.”

Looking at the major cyber incidents of 2025

Several high‑profile incidents illustrated the breadth of identity abuse in 2025, with Regula analyzing five cases on its blog. The Discord age verification breach exposed tens of thousands of IDs and personal records after attackers compromised a third‑party provider. It revealed the risks faced by platforms that store unencrypted identity data for compliance checks.

At Coinbase, a customer support contractor misused privileged access to steal personal data and identity documents at scale. In India, a biometric forgery ring manipulated the Aadhaar national ID system. The criminals used spoofed fingerprints, cloned credentials and tampered scanners to impersonate citizens to access government benefits, SIM registrations and financial services.

In the U.S., stolen static identifiers were used to create more than 100,000 fraudulent Medicare beneficiary accounts, enabling millions of dollars in false medical claims. In Singapore criminals used deepfake technology to impersonate executives during a live video call, which nearly triggered a multimillion‑dollar transfer.

“Organizations can no longer rely on passwords or fragmented verification tools,” says Patishman. “In 2026, resilience will depend on a well-orchestrated IDV approach that includes: multi-factor identity verification, stronger credential protection, and a shift toward proactive, rather than reactive, fraud prevention.”

The company also advises reducing exposure to third‑party breaches by running sensitive identity workflows on‑premises or in controlled private cloud environments. To improve identity and access management for employees and contractors handling sensitive data. And training staff to recognize identity fraud and social‑engineering tactics, particularly when requests involve credentials, ID sharing or financial transactions.

“As AI-driven fraud grows, the winners will be the organizations that build identity verification systems as resilient, multi-layered defenses, combining biometrics, robust document verification, liveness detection, and strong access controls,” Patishman says.

The 2025 Identity Fraud by Numbers blog post from Regula has the numbers and takeaways here. It reveals that biometrics adoption is on the rise but so are privacy concerns. The Regula Document Reader SDK and Regula Face SDK are the company’s offerings, with the Regula IDV Platform as the end-to-end solution.

The 50-page 2025 Digital Identity Verification Market Report and Buyers Guide from Biometric Update and Goode Intelligence details important trends, technologies and considerations for organizations considering digital identity verification solutions. GI has a recognized track record of forecasting, including correctly predicting the emergence of biometrics on mobile devices in 2011, and the growth in digital identity in 2015. The next wave of identity verification technology and solutions will have to be adaptive and nimble to address the growth in cybercrime and fraud.

Article Topics

cybersecurity  |  data protection  |  digital identity  |  generative AI  |  identity theft  |  identity verification  |  Regula  |  synthetic identity fraud