Personally Identifiable Information
You may see the acronym PII used when talking about security, privacy, and data breaches. It stands for personally identifiable information, which is personal data that can be used to uniquely identify a specific individual. PII is usually sensitive and private information, such as your Social Security number, bank account number, driver’s license number, physical address, even your full name and your date of birth. The list is not exhaustive. It also includes medical, educational, financial, employment and any other information that can be used to identify you by itself or when combined with other information.
If you’ve been keeping eye on the news surrounding identity theft, data breaches, ransomware attacks, personal or online privacy, you have probably noticed personally identifiable information is often referenced. While this term might seem straightforward, it’s more complicated than you think. And, having your PII compromised by scammers can be harmful to your personal and financial profile.
The National Institute of Standards and Technology (NIST) defines PII as information that can be used to distinguish or trace the identity of an individual, whether directly or combined with other personal or identifying information that is linkable to a specific individual (e.g., date and place of birth, mother’s maiden name, etc.).
PII is significant because, whether lost, stolen or exposed, it is how identity thieves can perpetrate their crimes. Sometimes all it takes is one or two pieces of information to compromise a person’s identity. Still, not all PII is considered equal.
Some pieces of information are unique to you, and you alone. PII in this context is often referred to as “sensitive.” These are the identifiers that identity thieves are most interested in capturing, and it may include your:
Other pieces of data by themselves aren’t considered PII because they could be shared with other individuals. This information has become known as “linkable.” By combining them together, or linking to one of the above examples, they can be equally as appealing to fraudsters…and equally as harmful if exposed. This type of PII may include your:
There are several malicious ways that cybercriminals and identity thieves may use PII. Through direct attacks, they can apply for loans or lines of credit, make purchases with your credit cards, steal your tax refunds, drain financial accounts, or more.
Another way that PII may be used is to commit synthetic identity theft. Synthetic identities are created when a fraudster combines someone’s Personally Identifiable Information with fake details, and/or personal information from other individuals. For example, one individual’s Social Security number might be cobbled together with a fake name and address as well as another real person’s driver’s license to create a new identity. According to the FBI, synthetic identity theft is the fastest-growing financial crime in the U.S.
The third way that criminals may use PII is by selling the stolen data on the Dark Web. Everything from social media credentials and credit card numbers, to medical records and Netflix passwords, can be sold by bad actors for criminal and financial gain. Hackers can make a pretty penny by capturing and offloading data.
Let IdentityForce’s identity protection services do the heavy lifting for you, and instantly alert you to any suspicious activity surrounding your PII and go beyond basic credit monitoring. Start your 30-day trial today.