Identity Theft Examples (2023): The 6 Worst Attacks Ever

By Tibor Moes / Updated: May 2023

Identity Theft Examples (2023): The 6 Worst Attacks Ever

Identity Theft Examples

Imagine you’re the owner of a beautiful house full of precious items, and one day, someone pretends to be you, gains access, and takes all your belongings. This is the digital equivalent of identity theft – a cyber burglar impersonating you online.

In this article, we will walk you through some of the most shocking identity theft examples ever, showcasing just how creative these cyber thieves can be. It’s time to understand this digital menace better, because, as they say, knowledge is the best defense.


Identity theft is the use of another person’s identity for personal gain. Hackers can use malware, phishing emails, and data breaches to steal your financial and identification details, in order to apply for services and loans in your name.

  1. ChoicePoint Incident (2004): The data brokering company was tricked into giving away the personal information of 163,000 consumers to fraudsters posing as legitimate businesses.
  2. Albert Gonzalez Case (2005-2007): This infamous hacker stole more than 170 million credit and debit card numbers from companies like TJ Maxx, Heartland Payment Systems, and 7-Eleven.
  3. IRS Fraud (2012-2015): Cyber thieves stole the identities of taxpayers to file fraudulent tax returns, with the losses amounting to billions of dollars.
  4. Anthem Inc. Breach (2015): Hackers stole nearly 80 million records from the health insurance giant, including social security numbers, birthdays, and employment details.
  5. Equifax Breach (2017): One of the most massive data breaches in history, hackers accessed the personal information of 147 million people from the credit reporting agency.
  6. Marriott International Breach (2018): Attackers stole passport numbers, credit card information, and other personal details of approximately 500 million guests.

Don’t become a victim of identity theft. Protect your devices with the best antivirus software and your privacy with the best VPN service.

Identity Theft Examples In-Depth

1. ChoicePoint Incident (2004)

In the winter of 2004, a seemingly standard business transaction turned out to be a significant incident of identity theft. ChoicePoint, a reputable data broker, found itself at the heart of a deceitful scheme that lasted for over a year. Fraudsters, posing as legitimate businesses, conned the company into handing over the personal information of a staggering 163,000 consumers.

The mastermind behind this cunning plot was a Nigerian national, operating from within the United States. This individual exploited the trust and the mechanisms of commerce, turning them into tools of deceit. His targets were not just businesses, but individuals whose information was stored by ChoicePoint.

While this incident was predominantly US-based, its impact was felt by people across the country. The nature of the data compromised was predominantly personal, resulting in financial damage estimated in the millions. Not only were countless lives disrupted, but the integrity of a trusted institution was shaken.

In the aftermath, ChoicePoint was quick to respond, implementing stronger verification processes for new customers. The incident also ignited a nationwide conversation about data privacy and security, prompting many businesses to reassess their procedures. The legal consequences were significant too. ChoicePoint was fined $10 million by the Federal Trade Commission and had to set aside $5 million for affected customers.

2. The Albert Gonzalez Case (2005-2007)

Fast forward a year to 2005, and we find ourselves amidst another shocking identity theft saga that lasted till 2007. This time, the villain of our story is Albert Gonzalez, a cunning hacker with an insatiable desire for credit and debit card numbers. His hunting ground was vast, spanning across several businesses including TJ Maxx, Heartland Payment Systems, and 7-Eleven.

What makes this tale even more chilling is that Gonzalez’s operation was not confined to one country. His heinous acts of theft had a global footprint. His loot – an astronomical 170 million credit and debit card numbers – was a treasure trove of financial data.

Gonzalez’s actions led to an estimated loss of hundreds of millions of dollars, affecting both businesses and consumers alike. His methods were so innovative and audacious that they caught the cybersecurity world by surprise.

When Gonzalez was finally apprehended, it marked the end of one of the most extensive cases of identity theft the world had ever seen. The fallout led to significant improvements in retail cybersecurity and a heightened awareness of the potential for digital identity theft. Gonzalez himself was handed two concurrent sentences of 20 years each – the longest sentence ever given for hacking at the time, underscoring the severity of his crimes.

3. IRS Fraud (2012-2015)

Beginning in 2012, a criminal plot emerged that was so bold and insidious, it targeted one of the most powerful institutions in the United States – the Internal Revenue Service. Over a span of three years, cyber thieves unleashed a wave of identity theft that left taxpayers and the government reeling.

The criminals, many of whom were traced back to organized crime syndicates in Russia, had a simple yet effective strategy. By stealing the identities of unsuspecting taxpayers, they filed fraudulent tax returns, siphoning off refunds to the tune of billions of dollars. The victims were mostly everyday individuals, but the scale of the fraud was national, affecting people across the US.

The stolen data was primarily financial, with devastating effects on personal lives and significant loss to the national exchequer. The sheer scale of the fraud made it one of the most severe cases of identity theft in history.

The aftermath of this audacious attack led to rigorous improvements in the IRS’s security systems, and a national campaign to make taxpayers more aware of potential identity theft risks. The legal consequences were also severe, with many of the perpetrators facing lengthy jail terms, sending a stern message to would-be fraudsters.

4. Anthem Inc. Breach (2015)

In 2015, a cyber-attack of unprecedented scale targeted Anthem Inc., one of the largest health insurance companies in the United States. The incident, which lasted several months, affected nearly 80 million people, making it one of the largest data breaches in history.

Behind this attack were sophisticated hackers believed to have links with a foreign government, showing the potential for identity theft to serve as a tool for state-sponsored espionage. This cyber-assault was not just national but had international implications as well, given the nature of the compromised data.

The hackers stole a mix of personal and sensitive health-related data, including social security numbers, birthdays, and employment details. This combination made the potential for harm incredibly high, both on an individual level and in terms of potential misuse of the data.

Financially, the breach cost Anthem hundreds of millions of dollars in remediation costs, legal fees, and settlement payments. The attack also dealt a severe blow to the company’s reputation, highlighting the potential business consequences of such breaches.

In response, Anthem beefed up its security infrastructure and made sweeping changes to its data management policies. As for legal consequences, Anthem settled numerous lawsuits and paid a record $16 million to the Department of Health and Human Services for potential privacy violations, marking this as a costly lesson for all businesses in the importance of safeguarding sensitive customer data.

5. Equifax Breach (2017)

In 2017, one of the most prominent credit reporting agencies, Equifax, was hit by a cyberattack that would become a textbook example of a corporate identity theft crisis. This breach, which lasted for several months, exposed the personal information of a whopping 147 million people.

The criminals behind this act were later linked to a state-sponsored group from China. The data compromised was a mix of personal and financial information, including social security numbers, birth dates, and in some cases, driver’s license numbers. These details gave the perpetrators enough ammunition to cause immense harm and potentially engage in financial fraud.

The breach had a global impact, with victims not just in the United States but also in the UK and Canada. The estimated financial damage of this breach was colossal, running into hundreds of millions of dollars, and the blow to Equifax’s reputation was equally significant.

Following the attack, Equifax had to overhaul its security systems and provide free credit-monitoring services to all US consumers. The breach also led to significant changes in data security regulations and practices in the credit reporting industry. The company faced a fine of $700 million as part of a settlement with the Federal Trade Commission, Consumer Financial Protection Bureau, and all 50 US states.

6. The Marriott International Breach (2018)

The year 2018 saw another landmark identity theft incident. This time, the victim was the global hotel chain, Marriott International. Over a period of four years, hackers managed to access the personal details of approximately 500 million guests.

The perpetrators, believed to be part of a state-sponsored group from China, showed that no industry is safe from cyber threats. The targeted data was comprehensive, including passport numbers, credit card information, and other personal details, making it a potential treasure trove for identity thieves.

This incident was international in its scope, impacting travelers from across the globe. While the financial damage was significant, the incident also underscored the importance of data security in the hospitality industry, a sector not traditionally associated with high-profile cyber threats.

In the aftermath, Marriott implemented significant changes in its data security architecture and worked closely with law enforcement agencies to investigate the incident. The company also offered impacted customers free enrollment in a personal information monitoring service. As for the legal consequences, Marriott faced a potential fine of up to £99 million ($123 million) under the EU’s General Data Protection Regulation (GDPR).


In conclusion, these notorious incidents of identity theft underline the fact that our personal and financial information can be vulnerable in ways we never anticipated. As technology continues to evolve, so too does the sophistication of these cyber thieves. However, there are measures we can take to better safeguard our information.

First and foremost, regularly update your devices. Updates often contain security patches that fix vulnerabilities which hackers may exploit. Secondly, invest in robust antivirus software, like Norton, Bitdefender, McAfee, Panda, or Kaspersky. It’s an essential layer of protection that can detect and neutralize threats before they infiltrate your system.

In addition, be wary of unsolicited communication asking for personal information, and use strong, unique passwords for each of your online accounts. Regularly monitor your financial transactions for any irregularities, and consider using identity theft protection services, particularly if your information has been compromised in a data breach.

To stay informed and prepared, here are a few trusted cybersecurity resources and official reports where you can learn more:

  1. Federal Trade Commission’s Identity Theft Guide:
  2. Stay Safe Online, powered by National Cyber Security Alliance:
  3. Annual Internet Crime Report by FBI’s Internet Crime Complaint Center:
  4. Cybersecurity & Infrastructure Security Agency (CISA) Tips:

Remember, knowledge is the first line of defense. By staying informed and being vigilant, we can all play a part in combating identity theft.

Author: Tibor Moes

Author: Tibor Moes

Founder & Chief Editor at SoftwareLab

Tibor is a Dutch engineer and entrepreneur. He has tested security software since 2014.

Over the years, he has tested most of the best antivirus software for Windows, Mac, Android, and iOS, as well as many VPN providers.

He uses Norton to protect his devices, CyberGhost for his privacy, and Dashlane for his passwords.

This website is hosted on a Digital Ocean server via Cloudways and is built with DIVI on WordPress.

You can find him on LinkedIn or contact him here.

Security Software

Best Antivirus for Windows 11
Best Antivirus for Mac
Best Antivirus for Android
Best Antivirus for iOS
Best VPN for Windows 11

Cyber Threats

Advanced Persistent Threat (APT)
Adware Examples
Black Hat Hacker
Botnet Examples
Brute Force Attack
Business Email Compromise (BEC)
Computer Virus
Computer Virus Examples
Computer Worm
Computer Worm Examples
Credential Stuffing
Cross-Site Request Forgery (CSRF)
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) Examples
Cross-Site Scripting (XSS) Types
Crypto Scam
Cyber Espionage
Cyber Risk
Cyber Squatting
Cyber Threat
Cyber Threat Examples
Cyber Threat Types
Cyberbullying Examples
Cyberbullying Types
Cybercrime Examples
Cybercrime Types
Cyberstalking Examples
Data Breach
Data Breach Examples
Data Breach Types
Data Leak
DDoS Attack
DDoS Attack Examples
Deepfake Examples
Doxxing Examples
Email Spoofing
Exploit Examples
Exploit Types
Fileless Malware
Grey Hat Hacker
Hacking Examples
Hacking Phone
Hacking iPhone
Hacking Types
Identity Theft
Identity Theft Examples
Identity Theft Types
Insider Threat
IP Spoofing
Keylogger Types
Malicious Code
Malicious Code Examples
Malware Examples
Malware Types
Man In The Middle Attack
Man in the Middle Attack Examples
Online Scam
Password Cracking
Password Spraying
Phishing Email
Phishing Email Examples
Phishing Examples
Phishing Types
Ransomware Examples
Ransomware Types
Rootkit Examples
Security Breach
Session Hijacking
Smurf Attack
Social Engineering
Social Engineering Examples
Social Engineering Types
Spam Examples
Spam Types
Spear Phishing
Spear Phishing Examples
Spoofing Examples
Spyware Examples
SQL Injection
SQL Injection Examples
SQL Injection Types
Trojan Horse
Trojan Horse Examples
Watering Hole Attack
Whale Phishing
Zero Day Exploit
Zero Day Exploit Examples