Regula urges awareness as identity theft soars to a record 3,205 data compromises

In a landscape saturated with staggering statistics, the need for innovative solutions to safeguard against the usage of stolen identities becomes more pronounced.

The gravity of identity-related crimes is illustrated by the Identity Theft Resource Centre's annual report, disclosing a record 3,205 data compromises in 2023, marking a seismic 78% increase from the prior year. These breaches facilitated hackers in gaining unauthorised access to the personal information of millions of consumers.

Businesses under attack

The tangible consequences of data breaches can be grasped by spotlighting prominent cases of the year 2023. Shields Healthcare Group, a Massachusetts-based medical services provider, saw the theft of sensitive patient information and confidential data in a breach that affected approximately 2.3 million people.

Tangible effects of data breaches can be held by spotlighting famous cases of the year 2023

MOVEit Transfer software, a file transfer tool developed by Progress Software, experienced a significant cybersecurity incident impacting over 1,000 victim organisations and more than 60 million individuals. The breach exposed large volumes of often-sensitive data, including pension information, social security numbers, medical records, and billing data.

Protection of genetic information

23andMe, a genetics testing company, faced a significant breach in October 2023, revealing vulnerabilities in the protection of sensitive genetic and personal information. The breach involved unauthorised access to the "DNA Relatives" feature, exposing the personal information of millions. 

Initially affecting one million users of Ashkenazi Jewish descent and 100,000 users of Chinese descent, the breach later expanded to include records of four million more general accounts.

Government systems at risk, too

Governments globally face the spectre of identity theft threats. Australia's myGov platform, a digital identity hub, has fallen victim to scams totalling US$2 billion this year alone.

India's national biometric authentication system weathered 55 hours of downtime

India's national biometric authentication system weathered 55 hours of downtime, while Bangladesh grappled with vulnerabilities in its online birth registration system due to a leak of national ID card numbers. Anonymous Sudan's cyberattack on Kenya's eCitizen portal resulted in disruptions and alleged passport data theft, emphasising the global nature of the threat.

Next level of identity verification

Biometric checks are proliferating in the fight against identity theft, driven by the increasing new threats. As Regula’s survey highlights, a third of businesses were hit by deepfake fraud in 2022.

Regula's research “The State of Identity Verification in 2023” reveals a global concern

Biometrics are reshaping the way of approaching security. Here are some noteworthy examples of 2023. Apple's Vision Pro introduces iris biometrics for device unlocking. Stadiums across America embrace facial recognition and AI for enhanced fan experiences, ranging from weapons detection to automated concessions. Nightclubs in the UK trial biometric-loaded body cameras, enhancing security with Reveal's digital evidence management system. Airports globally, including Singapore's Changi Airport, adopt biometrics for improved processes. American Express pioneers secure online transactions by adding face and fingerprint biometrics to its SafeKey standard.

Intriguing examples

Most vital and overall is that governments worldwide are advancing digital identity systems

In a unique twist, Australia plans to launch a digital identity system for goats and sheep, with mandatory registration from 2025, potentially preceding a human counterpart. Canadian scientists utilise facial recognition for tracking seals, a fascinating application echoing efforts with sea dragons in Australia. Biofire's biometric handgun introduces facial recognition, which works well in the dark, authenticating users with either face or fingerprints.

But of course, the most important and widespread is that governments worldwide are advancing digital identity systems, with an estimated 4.9 billion digital identities in use by 2029.

A piece of advice for 2024

"In the wake of these breaches, malicious actors seised the opportunity to illicitly access the personal information of millions of consumers, underscoring the critical need for robust cybersecurity measures. What can help? First of all, document liveness verification ensures the presence of a real document and the authenticity of an ID by scrutinising dynamic security features, especially in remote scenarios. Cross-referencing all the data in the document, together with authenticity and biometric checks, makes it possible to identify inconsistencies that may signal fraud."

"Also, e-documents such as e-passports or eIDs are more secure and difficult to fake than traditional identity documents. That’s because the RFID chip holds digitally signed data that can be read and verified with NFC-enabled smartphones and specialised IDV software. Moreover, utilising the "zero trust to mobile" approach, which involves re-verifying the RFID chip on a server in a secured perimeter, ensures the e-document is trustworthy, and the chip is not cloned or its data manipulated," advises Ihar Kliashchou, Chief Technology Officer at Regula.