They say once something is on the internet it is there forever. Unfortunately, that could not be more true. So once your identity is on the internet by any means, it is a liability. With that being said, there are a couple of ways that a hacker may get hold of this information.

Email Breach: It is not uncommon for presence of a drivers licence or passport scan to be on your email. This may be from making applications for credit, tenancy or other government forms. Commonly when hackers take over an email account, they will take a snapshot of all of your emails & take them for offline analysis. If you have ever had an email hack you are at strong risk of identity theft.

Company/Services Breach: No doubt you have heard of things like the infamous 'Optus Breach'.  Companies get hacked all of the time & for various reasons, may retain a record of your identification. This does mean in data breaches, your identity could be amongst the thousands that may be stolen & leaked/sold directly on the dark web.

Targeted Attacks:  For more personalised attacks, it could be more direct whether they breach & monitor your phone, hack your network or hack your camera system. These would all be methods for prodding around for personalised data & identification.

Cloud Service Breaches:  This is especially common within the apple account infrastructure, but applicable with other cloud services. It really is not abnormal to take a picture on your phone of a drivers licence. With companies like apple encouraging the usage of their cloud service, you may be opted into automatic cloud sync for photos. You'll find that more than likely a copy would be uploaded & available to anyone who can hack the account.

Most companies these days have become very hard to trust these days as most support teams & operations happen offshore. You'll find this in speaking to a variety of telecommunications providers, credit & loan companies, banks, crypto & more.

Although, the support can be generally quite helpful for the legitimate person. There is also a huge vulnerability with the nature of the staff within these establishment. It is not unusual to have staff do very basic verification checks or break policy when it comes to confirming that requests are coming from the legitimate account owner.

So in cases of identity fraud, with some basic personal information about you, hackers/scammers can call up these companies impersonating you & making requests for credit cards, transfer crypto, get new sim cards issued by your telecommunications provide, establish loans & more.

How To Protect Your Identity

Before doing anything, the first thing that needs to be considered is getting to the bottom of how the identity has been leaked in the first place. This typically requires a full security audit.

Once the audit is completed, we need to make sure all points of vulnerability are patched & secured so you are not at direct threat of the identity just being stolen again.

In every present event or suspicion of identity theft, it is so important to make sure you get new identification issued with new numbers. This usually involves contacting the relevant government department & making a formal request. Often, this can be challenging as government departments such as the department of transport may refuse the request without a valid reason. In these cases, we can provide a certified letter of recommendation to present to the relevant department.

Finally, you can control your own security, but you can't control that of a companies. So you need to make sure your email, credit cards & identification are on dark web monitoring, so you can be informed as soon as possible when a breach occurs. That way you can change this information again before it becomes a threat once again.