Security news aggregator

Latest coverage for Identity Theft

Identity theft occurs when stolen personal data is used to impersonate someone, access accounts, commit fraud, or bypass security controls.

16 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Identity theft is the unauthorized use of another person’s personal information or account credentials to impersonate them or obtain money, services, or access. Stolen names, government identifiers, payment details, passwords, and authentication tokens can support account takeover, fraudulent purchases, new-account applications, or synthetic identities assembled from real and fabricated data. Information may be obtained through phishing, infostealer malware, social engineering, SIM swapping, or exposed databases.

For security teams, the key concerns are limiting exposure of personal data and detecting misuse after credentials or identifiers are compromised. Useful controls include data minimization, strong access controls and encryption, phishing-resistant multifactor authentication, rapid password and session revocation, and monitoring for unusual logins, account changes, or applications. When theft is suspected, incident response should determine which identities and data were affected, contain active access, preserve evidence, and provide appropriate notifications or fraud-protection guidance. Privacy and breach-reporting obligations may apply depending on the data and jurisdiction.

Volume over time

Weekly headline count for the current query.

Showing 16 most recent headlines Filtered view
Bank Info Security 1 month, 1 week ago

Identity Scams Evolve Into Multi-Stage Attacks

Victims Increasingly Face Multiple Compromises From a Single IncidentIdentity theft scams are increasingly unfolding as coordinated, AI-assisted attack chains that begin with phishing or impersonation escalate into account takeovers, device compromise and broader fraud, according to the Identity Theft Resource Center.

Tyler Buchanan Pleads Guilty to Conspiracy to Commit Wire Fraud and Identity TheftA senior figure in the Scattered Spider cybercrime group pleaded guilty to one count of conspiracy to commit wire fraud and one count of aggravated identity theft on Friday in US federal district court. The plea marks the conclusion of a digital crime spree by Tyler Robert Buchanan.

Bank Info Security 5 months, 2 weeks ago

Transparency in Decline as Data Breaches Hit New High

ITRC Report: 2025 Breach Notices Lack Critical Details as AI-Based Attacks SurgeThe Identity Theft Resource Center tracked a record 3,322 U.S. data breaches in 2025, more than any previous year. Yet, only 30% of breach notices included actionable details that other defenders need. ITRC's James Lee warns that this lack of transparency puts people and businesses at greater risk.

Bank Info Security 5 months, 2 weeks ago

Data Breaches in America Hit All-Time Record High in 2025

Identity Theft Resource Center Catalogs 3,322 Known US Incidents in 2025The number of U.S. organizations that reported falling victim to a data breach in 2025 reached an all-time high, while the number of notifications they sent to affected consumers fell sharply, reports the Identity Theft Resource Center's latest annual breach roundup.

Bank Info Security 9 months, 3 weeks ago

US Extradition of Alleged RaidForums Admin Is Stuck in Limbo

UK High Court Overturns Home Office Request to Extradite Diogo Santos CoelhoThe U.K. High Court of Justice on Sep. 11 overturned a Home Office request to extradite a Portuguese national and an alleged administrator of RaidForums who is wanted in the United States on charges of device fraud and aggravated identity theft charges.

Most Compromises Trace to Financial Services, Healthcare, Professional ServicesData breaches rage on. In the first half of this year, the Identity Theft Resource Center counted 1,732 total data breaches affecting 166 million people, marking a rise in data breaches but a decline in victims, likely due to a drop in mega-breaches.

Bank Info Security 1 year, 2 months ago

Suspected Scattered Spider Head Extradited From Spain

Tyler Buchanan, a 23-year-old Scottish Man Extradited to the US on WednesdaySpanish authorities extradited on Wednesday the suspected head of the Scattered Spider cybercrime group to the United States, where he is being held without bail in a downtown Los Angeles federal prison. Tyler Buchanan, 23, faces charges for wire fraud, aggravated identity theft and conspiracy.

Identity Theft Resource Center's Lee on Lessons Learned From 2024 Mega-BreachesSix mega cybersecurity incidents led to a record 1.7 billion data breach notices going out to victims in 2024 - a dramatic 312% increase over the previous year. Identity Theft Resource Center President James E. Lee says the increase exposes industry-wide failures in basic cybersecurity practices.

Bank Info Security 1 year, 5 months ago

Mega-Breaches Bump Up 2024 Victim Count

Identity Theft Resource Center Catalogs 3,158 Known US Incidents in 2024The number of U.S. organizations falling victim to a data breach appears to be holding steady, as viewed on an annual basis, according to the latest annual data breach report from the Identity Theft Resource Center, which counted 3,158 reported data breaches in 2024, down just 1% from 2023.

Bank Info Security 1 year, 7 months ago

AI Edtech Startup Founder Indicted in U.S. Fraud Case

Charges Against AllHere Founder Include Securities and Wire FraudU.S. law enforcement arrested and indicted the founder of an artificial intelligence edtech startup AllHere over fraud charges. Federal prosecutors accused 33-year-old Joanna Smith-Griffin of defrauding investors, charging her with securities fraud, wire fraud and aggravated identity theft.

James E. Lee of ITRC Discusses Key Trends Revealed in the 2023 Identity ReportFewer victims reported identity crimes in 2023, but the number of attempts to commit multiple identity crimes grew, according to the trends report released by the Identity Theft Resource Center. That means criminals are diversifying their methods and attempting to perform multiple types of misuse.

Justice Says Sagar Steven Singh and Nicholas Ceraolo Doxed and Threatened VictimsHackers Sagar Steven Singh and Nicholas Ceraolo pleaded guilty Monday in federal court to conspiring to commit computer intrusion and aggravated identity theft after illegally accessing a nonpublic law enforcement database, according to the Justice Department.

Bank Info Security 2 years, 4 months ago

Moving First-Party Fraud Out of the Bank's Blind Spot

Fraud Expert Ian Mitchell on Creating a Holistic Program to Tackle Authorized FraudUnlike identity theft, first-party fraud is harder to spot when a consumer opens an account. To guard against this growing blind spot, banks need to invest in transaction-monitoring tools and take a more holistic approach to fraud, said Ian Mitchell, co-founder of Mission Omega.

Bank Info Security 2 years, 5 months ago

Medical Center Fined $4.75M in Insider ID Theft Incident

HHS OCR Says a Malicious Worker Stole and Sold Patient Information in 2013HHS has fined a New York City medical center $4.75 million to settle potential HIPAA violations discovered during an investigation into a hospital insider who sold patient data to identity thieves in 2013. The hospital said it has beefed up its security and privacy since the incident occurred.

Bank Info Security 2 years, 5 months ago

ITRC Report: Breaches Up 78% in 2023, Breaking 2021 Record

Identity Theft Resource Center's James E. Lee Calls for Uniform Breach ReportingSupply chain attacks and zero-day exploits surged in 2023, helping to set yet another record for data breaches tracked by the Identity Theft Resource Center. James E. Lee, COO of the group, explained why the number of compromises grew so dramatically - from 1,801 incidents in 2022 to 3,205 in 2023.

Bank Info Security 2 years, 8 months ago

FTC Proposes New Cyber Disclosure Rule After Prison Hack

Federal Contractor Must Comply With New Reporting Measures Following Data BreachGlobal Tel*Link, a major telecommunications provider for state and federal prison systems, will be required to notify the FTC and consumers of future security incidents after a sweeping data breach left hundreds of thousands of its users vulnerable to identity theft and other privacy concerns.