A Savvy Consumer’s Guide to Privacy and Identity Theft

Privacy and Identity Theft: What Every Consumer Should Know

You’ve probably heard about the importance of protecting your privacy. But what does that even mean, especially in a world where many people post every detail of their lives online, and tech giants make billions gathering and selling that information?

At its heart, privacy is about choice: having the power to choose who can contact or observe you, and the power to control how your personal information is collected, used, and shared. If you post personal images or comments online, that’s your choice. But you should also be able to choose who you’re sharing that information with—whether it’s other individuals, advertisers, or organizations. Privacy is also a way to protect you and your family from identity theft and fraud that can threaten your financial, emotional, and even physical well-being.

Is privacy even possible in the digital age?

Yes, privacy is possible—it just takes some knowledge and effort to achieve it. In this guide, we’ll explore why privacy matters now more than ever, and how you can tell when your privacy is at risk. We’ll explain how you can protect your privacy at home, online, and on the go, and we’ll show how to prepare for those occasions when your privacy is breached. With know-how and preparation, not only will you be able to protect what you’d rather keep private, you’ll be able to confidently share whatever it is that you choose to share.

Your privacy is being sold to the highest bidder

Before the digital age, it wasn’t all that difficult for consumers to skip over ads in newspapers or magazines or on TV or radio if they chose to. Now, as we browse the internet, stream content, or play online games, we’re barraged with hyper-targeted ads that seem to know a surprising amount about us. To deliver these carefully tailored ads, companies are tracking our behavior and gathering our personal information. Meanwhile, so-called data broker sites are collecting our personal data and offering it for sale to advertisers and other third parties, risking our privacy and leaving us vulnerable to identity theft.

Your private information is gold for fraudsters and scammers

In all kinds of ways, criminals and other bad actors can leverage your personal information to manipulate you, steal money from you, or commit identity theft. For example, concerns have been raised about the privacy and security of personal data shared in fitness apps, mental health apps, and voice assistant apps, just to name a few. Meanwhile, scammers continue to take advantage of the personal information that people voluntarily share in a variety of everyday situations, including when they’re filing tax returns, using payment apps, scanning QR codes, looking for a job, or meeting people on dating sites.

Identity theft and fraud: an overview

Data privacy isn’t just about personal preference, it’s a matter of personal safety. That’s because the less private your data is, the greater your risk of becoming victimized by identity theft. When your personal information is exposed—through a data breach, spyware or malware planted on a device, a phishing attack, a lost phone or laptop, accidental over-sharing online, even a stranger looking at your device over your shoulder—the risks range from credit card fraud to life-altering identity theft.

• Financial identity theft: This is the most common form of identity theft, and it can cause a lot more trouble than just having to replace a credit card. In this type of theft, your bank account numbers, credit card numbers, or personally identifying information are used to wipe out your accounts, or apply for new loans or credit cards in your name. You could be held financially responsible for purchases, loans, rentals or other transactions made by the thief. Unpaid bills could damage your credit rating, making it impossible for you to get a home, auto, or college loan, or to rent housing.
• Medical identity theft: This occurs when criminals sell your personal medical information or make fraudulent claims against your health policy. If your medical identity is stolen, you could be charged for medical services received by someone impersonating you. If those bills exceed the limits of your medical coverage, you could be denied medical services. And if someone else’s information ends up in your medical file, you could be at risk for life-threatening misdiagnosis or mistreatment.
• Insurance identity theft: Beyond medical insurance fraud, thieves can use your personal information to make fraudulent auto, homeowners, disability, or life insurance claims, and file for benefits or reimbursement from insurance companies. This could affect your deductible or even insurance eligibility in the future.
• Employment fraud: In this scheme, fraudsters use your personal information to gain employment, pass a background check they might not otherwise pass, or get insider access to a company’s assets for criminal purposes.
• Social Security number theft: For Americans, our Social Security number is one of the most valuable pieces of personal information because it is so widely used to prove our identity. With your Social Security number, criminals can fraudulently claim government benefits, commit tax fraud, or engage in many other types of identity theft.
• Driver’s license fraud: Like a Social Security number, a driver’s license can be exploited by identity thieves in a variety of ways. It’s used to prove identity for everything from cashing a check or changing your mailing address to (in REAL ID form) boarding a plane. Thieves committing financial and other identity fraud often change mailing addresses in order to hide their activity from their victims.
• Criminal identity theft: If a criminal uses your stolen identity as cover for illicit activities, you could actually end up in court or jail. When criminals masquerade as you and run afoul of the law, the charges go on your record. Clearing your name can be difficult when all the evidence points to your identity. You could also be turned down for a job if a background check or online search turned up bad debts or crimes committed in your name.
• Child identity theft: What kind of person would steal the identity of a child? You’d be surprised. A child’s personal identity is a blank canvas for criminal activity—theft of their personal information is unexpected and therefore often goes unnoticed. The crime might not be uncovered until the young person is applying for a job or college loan.
• Synthetic identity theft: In this type of fraud, which can affect adults or children, identity thieves steal different pieces of personal information from several individuals and combine them to create one seemingly complete person on paper.

Sadly, it’s virtually guaranteed that every one of us has had our personal information exposed at some point in the past few years. In the two decades since the Privacy Rights Clearinghouse began following data breach activity, it has tracked nearly 77,000 different data breach events affecting billions of identity records. No matter how careful you are, you can’t prevent corporate data breaches. Even if you don’t own a computer or smartphone, your information lives in computers connected to the internet. Hackers are getting more and more sophisticated, meaning you can’t rely on the security of the companies you do business with or the applications or devices that you use, whether it’s your laptop or phone or any other connected device at home. And when companies sell your information, there’s no telling who’s buying. In short, assume that your privacy is always at risk.

Watch for warning signs of identity theft

Given that your privacy is at risk from simply surfing the web, using social media, or shopping online, how can you quickly find out if someone is misusing your personal information? There are a number of ways to spot the signs so you can take action and defend your identity as soon as possible. Here are the basics:

• Read financial statements and medical explanations of benefits (EOBs) carefully, watching for transactions or treatments that don’t look right.
• Review your credit score and credit report regularly, watching for sudden changes or loan or credit applications that you didn’t make.
• Monitor for other signs that your personal information has fallen into the wrong hands. For example, you can use haveibeenpwned to find out if your online accounts and passwords have been exposed in a data breach. Or you can buy an identity protection plan that monitors public records and the dark web (where criminals buy stolen personal information), alerting you when there are signs your identity is being misused.
• Watch for news of data breaches that might affect you. Large companies sometimes set up web pages where you can find out whether your information was part of a breach. If you get a breach notification letter that offers free identity protection services, take advantage of the offer.

By catching identity theft or fraud early, you can greatly limit the potential damage and make it easier to restore your identity.

While you can’t prevent data breaches, there’s a lot you can do to protect your privacy and identity from being exploited, whether by criminals or by companies gathering personal information you don’t want them to have. To keep your information safe, first think about your physical and digital security. Here are some basics:

• Physical document security: While a huge portion of your life is digital, you likely still have some sensitive printed materials. A discarded financial statement or a stolen personal document can pose a major risk. Don’t leave personal documents out in the open when in public or away from your desk at work. Keep printed financial statements in a locked file cabinet and keep vital documents such as passports and Social Security cards in a safe. Use a shredder when you discard financial statements or other personal papers.
• Device security: Make it difficult for anyone else to get information from your phone, laptop, or other devices if they are lost or stolen. Secure your smartphone with multi-factor authentication, encrypted Wi-Fi, remote lock, and other measures. (View a full list of smartphone security measures here, and note that many of these steps can be used for laptops as well, including multi-factor authentication, encrypted Wi-Fi, device locator, and remote wipe capability.)
• Network security: Home networks can be hacked. Install a virtual private network (VPN), such as SafeWiFi from IDX, on your internet router. This encrypts the connection on devices like your phone, laptop, and other connected devices, preventing bad actors from discovering your identity, online activity, or location. And avoid accessing accounts or buying online over public Wi-Fi networks unless you’ve installed a VPN.
• Account security: Use strong passwords plus multi-factor authentication to protect your sensitive financial and other accounts. (Consider using a password manager to help you keep track of those long passwords.) Multi-factor authentication could include a password plus a security code sent to you via email, text, or authenticator app.
• Personal security: Don’t underestimate the risks of eavesdroppers and shoulder-surfers. Be aware of the people around you when you’re working online in public, giving a credit card number over the phone, or entering your PIN at an ATM. And be alert for illegal “skimming” devices that criminals install on card readers to steal account numbers and PINs.

Be vigilant about protecting your privacy

The less information that companies gather on you, the less they’re able to sell to advertisers (or scammers pretending to be advertisers) and the less that exists in their corporate databases when a breach happens. Sometimes you don’t have a choice. For example, you have to supply your Social Security number to open an interest-bearing financial account, because the interest income must be reported to the IRS. However, you do have choices about how organizations can use the data they gather about you, and how information is gathered about you online. Here are some measures you can take:

• Don’t provide your Social Security number unless you have to. While it is required by employers and financial institutions, it shouldn’t be required as an ID by schools or medical providers—if they ask for it, it’s OK to say no.
• Review any corporate privacy policy before signing up for a new app, financial account, social media platform, or mobile provider. If a company sends you a notice about an update to its policy, read it. While privacy policies often allow a company to share your information by default, you can restrict sharing by changing account settings, or through a written notice or online request.
• Use privacy controls on browsers and social media platforms to restrict who can see your information, whether your behavior can be tracked, and what can be shared. If you have kids who use social media, use parental controls to protect them, too.
• Know your rights regarding privacy laws and issues. For example, the use of facial recognition technology by government and private organizations is becoming increasingly common. If you believe stronger privacy protections are needed, call or write your federal and state legislators and express your concerns.

Avoid becoming victimized by phishing attacks

Bad actors will always look for ways to trick you into handing over sensitive information. Be wary of phishing attacks (or “social engineering campaigns,” as security experts call them). These are attempts to lure you into supplying passwords, account numbers, Social Security numbers, or other personal information that can be used to steal your money or commit identity fraud. Phishing can come in the form of emails, texts, online popup ads, direct messages on social media, phone calls, or phony websites designed to like the real organizations they’re impersonating.

Many anti-virus software providers include features to help fight phishing by warning you of suspicious downloads, websites, and email attachments. (They also, of course, help protect your device from viruses, spyware, and other malware.)

But the best protection is to maintain a healthy level of skepticism. If an offer seems too good to be true, it probably is. If a caller claims to be from the IRS and threatens you with arrest if you don’t pay a supposed tax bill immediately, know that the IRS doesn’t use strong-arm tactics. If you get a message telling you a family member has an emergency and needs money wired to a foreign country, don’t engage; instead contact that family member or someone else who can verify. Always push back if you get an unsolicited message asking for personal information.

Protect yourself with privacy and identity coverage

According to a report from Javelin Strategy & Research and AARP, American adults lost $47 billion to identity fraud and scams in 2024, an increase of $4 billion over 2023. Eighteen million people were affected. Combine that with the more than 3,000 data breaches tracked by the Identity Theft Resource Center in 2024, and the message is clear: Don’t leave your privacy to chance.

Since you can’t always keep personal information away from bad actors, you need a backup plan to help limit and reverse the damage they can do. The strongest defense is a privacy and identity protection plan that includes identity monitoring and guaranteed recovery. You’ll get an early warning if there are signs that identity theft is happening or imminent, and you’ll gain the help of experts who know how to work with law enforcement, government, and businesses to shut down fraudulent accounts and transactions, clean up records, and clear your name.

When searching for an identity protection plan provider, ask yourself these questions:

• What types of monitoring does the provider offer: credit, Social Security, web, social media?
• If they offer web monitoring, how many sources do they scan?
• Does the price seem to match the quality of the identity recovery service?
• If the provider seems to focus mainly on identity theft insurance, can you be assured that they will support you in actually resolving the damage and recovering your identity?
• What kind of experience do they have? How long have they been in this business and how many breach victims do they cover?
• Do they offer a 100% recovery guarantee?
• Do they have a track record of satisfied customers?

Features and services to look for

Privacy protection technology To protect your identity, you first need to protect your privacy. A good plan should offer proactive technology that monitors your privacy on multiple fronts, with features like:

• Technology for safe web browsing, including applications to block tracking, private searches, and a VPN to help you connect safely over public Wi-Fi networks.
• Password monitoring to notify you if your passwords have been compromised and when you need to change them.
• Assistance in deleting your information from the files of online data brokers.
• A privacy dashboard that continuously monitors your online presence and provides assistance and feedback to help you improve your privacy.

Proactive alerts and monitoring

The more damage identity thieves do before they’re detected, the more there is to undo, so early detection is a huge advantage. An identity protection plan should include monitoring tools like:

• Credit monitoring with at least one of the three major credit bureaus—ideally, all three—to alert you of changes in your credit profile that might indicate criminal activity.
• Change-of-address monitoring to warn you if someone’s having your mail redirected.
• Social Security fraud monitoring to warn you when your Social Security number has been exposed.
• Dark web monitoring that alerts you if your passwords, account numbers, Social Security number, or other pieces of personal information are posted on the dark web for criminals to buy and sell.
• Fraud notifications to alert you immediately when something’s wrong and, ideally, what action you need to take.
• Social media monitoring to scan your profiles and connections and alert you to malicious content or links, account impersonation or takeover, scams, fraud, and inappropriate content.

Guaranteed identity recovery

When shopping for an identity protection plan, the most important thing to consider is the quality of the recovery services. You want fast, expert assistance in recovering your money, credit rating, and/or reputation. This matters for several reasons:

• The sooner a thief is stopped, the less damage there will be to fix.
• Once your personal information is in criminal hands, problems can crop up again and again, eating up your time and resources.
• If your medical identity is stolen and you report identity theft, it can trigger HIPAA privacy laws, cutting off your access to your own medical records.

Look for an identity protection provider with an expert team of recovery advocates, who will know exactly who to contact and how to work with law enforcement, government, medical providers, and businesses to shut down fraudulent accounts and transactions, clean up records, and clear your name. They should keep watch on your behalf for future problems. And they should ensure that you don’t have any significant losses or need to file an insurance claim and wait for payment. Some providers will even help with common yet stressful situations like a lost wallet, saving you considerable time and hassle.

Identity theft insurance

Most identity protection plans offer insurance to cover out-of-pocket expenses for recovering your identity. The coverage is typically up to $1 million. Out-of-pocket recovery expenses are often in the hundreds of dollars, but it’s good to know that the coverage is there if you need it. However, be wary of plans that only offer insurance, without an expert-led identity recovery service. As mentioned previously, a team of recovery experts will know exactly which steps to take to undo the damage of identity theft, and will carry out a detailed plan of action so you don’t have to.

Peace of mind: By choosing the best personal privacy and identity protection

Finally, an identity protection provider should understand the hidden cost of identity theft: emotional distress. According to the Identity Theft Resource Center, identity theft victims often report feelings of anxiety, depression, lack of trust and safety, and powerlessness. The stress of identity theft can affect a person’s sleep, health, and relationships. Victims who work with a competent, committed team of recovery experts, on the other hand, often express relief and renewed peace of mind.

Bottom line: You want a recovery team that will work on your behalf to fix current problems and prevent new ones—so you can get back to focusing on your job, your health, and your daily life.