Regula Urges Awareness as Identity Theft Soars to a Record 3205 Data Compromises
Amidst an alarming surge in identity-related crimes, Regula, a global developer of forensic devices and identity verification solutions, calls for heightened vigilance during Identity Theft Awareness Week.
In a landscape saturated with staggering statistics, the need for innovative solutions to safeguard against the usage of stolen identities becomes more pronounced. The gravity of identity-related crimes is illustrated by the Identity Theft Resource Center's annual report, disclosing a record 3205 data compromises in 2023, marking a seismic 78% increase from the prior year. These breaches facilitated hackers in gaining unauthorized access to the personal information of millions of consumers.
Businesses Under Attack
The tangible consequences of data breaches can be grasped by spotlighting prominent cases of the year 2023.
Shields Healthcare Group, a Massachusetts-based medical services provider, saw the theft of sensitive patient information and confidential data in a breach that affected approximately 2.3 million people.
MOVEit Transfer software, a file transfer tool developed by Progress Software, experienced a significant cybersecurity incident impacting over 1,000 victim organizations and more than 60 million individuals. The breach exposed large volumes of often-sensitive data, including pension information, social security numbers, medical records, and billing data.
23andMe, a genetics testing company, faced a significant breach in October 2023, revealing vulnerabilities in the protection of sensitive genetic and personal information. The breach involved unauthorized access to the "DNA Relatives" feature, exposing personal information of millions. Initially affecting one million users of Ashkenazi Jewish descent and 100,000 users of Chinese descent, the breach later expanded to include records of four million more general accounts.
Government Systems at Risk, Too
Governments globally face the specter of identity theft threats. Australia's myGov platform, a digital identity hub, has fallen victim to scams totaling US$2 billion this year alone. India's national biometric authentication system weathered 55 hours of downtime, while Bangladesh grappled with vulnerabilities in its online birth registration system due to a leak of national ID card numbers. Anonymous Sudan's cyberattack on Kenya's eCitizen portal resulted in disruptions and alleged passport data theft, emphasizing the global nature of the threat.
Next Level of Identity Verification
Biometric checks are proliferating in the fight against identity theft, driven by the increasing new threats. As Regula’s survey highlights, a third of businesses were hit by deepfake fraud in 2022.
Today, biometrics are reshaping the way we approach security. Here are some noteworthy examples of 2023. Apple's Vision Pro introduces iris biometrics for device unlocking. Stadiums across America embrace facial recognition and AI for enhanced fan experiences, ranging from weapons detection to automated concessions. Nightclubs in the UK trial biometric-loaded body cameras, enhancing security with Reveal's digital evidence management system. Airports globally, including Singapore's Changi Airport, adopt biometrics for improved processes. American Express pioneers secure online transactions by adding face and fingerprint biometrics to its SafeKey standard.
In a unique twist, Australia plans to launch a digital identity system for goats and sheep, with mandatory registration from 2025, potentially preceding a human counterpart. Canadian scientists utilize facial recognition for tracking seals, a fascinating application echoing efforts with sea dragons in Australia. Biofire's biometric handgun introduces facial recognition, which works well in the dark, authenticating users with either face or fingerprints.
But of course, most important and widespread is that governments worldwide are advancing digital identity systems, with an estimated 4.9 billion digital identities in use by 2029.
A Piece of Advice for 2024
In the wake of these breaches, malicious actors seized the opportunity to illicitly access the personal information of millions of consumers, underscoring the critical need for robust cybersecurity measures. What can help? First of all, document liveness verification ensures the presence of a real document and the authenticity of an ID by scrutinizing dynamic security features, especially in remote scenarios. Cross-referencing all the data in the document, together with authenticity and biometric checks, makes it possible to identify inconsistencies that may signal fraud. Also, e-documents such as e-passports or eIDs are more secure and difficult to fake than traditional identity documents. That’s because the RFID chip holds digitally signed data that can be read and verified with NFC-enabled smartphones and specialized IDV software. Moreover, utilizing "zero trust to mobile" approach, which involves re-verifying the RFID chip on a server in a secured perimeter, ensures the e-document is trustworthy, and the chip is not cloned or its data manipulated.