Identity, PII Data Definition and Protection, Oh my!

\"\"

The purpose of this article is to explore the topic of personally identifiable information (PII), what is PII, the list of PII, and how to protect PII.

Have you wondered what information does an attacker need to turn you into a victim? Are you curious about the different ways attackers try to steal your PII? Do you wonder how to protect yourself from identity and financial theft?

Let\’s explore these topics. 

PII Data Definition

In NIST Special Publication 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII),  \”PII is any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual\’s identity, such as name, social security number, date and place of birth, mother\’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.\”

List of PII

At a minimum, an attacker needs two of the four pieces of information to steal from you. These four pieces of information are: 

  • Full name
  • Birthdate
  • Social Security Number (SSN)
  • Address

With those pieces of data, an attacker can find everything they want to know about you in the public databases on the Internet. 

Other pieces of PII are as follows:

  • Biometric data
  • Mother\’s Maiden Name
  • Passport number
  • Credentials
  • Email address
  • Telephone number
  • Vehicle registration
  • Vehicle title
  • Medical information
  • Educational information
  • Employment information
  • Financial information
  • Tax information

PII Fraud and Theft Scams

There are many ways that your PII can be used against your will and make you a victim. 

Let\’s look at a few examples:

  • Debit card – Attackers can scan your card from a few feet away and steal the RFID information and use your card for purchases. Thankfully banks have sophisticated fraud protection monitoring and they usually catch those as they happen.

    I was in a Target a few years ago and about to check out. I scanned my debit card and my bank called almost immediately and asked if I am with the transaction. Of course, I was. 

    Every 6 months or so I get a call from my bank telling me my debit card has been compromised and needs to be replaced. I am not sure why this happens to me. 

  • Tax information – An attacker had enough information on me to be able to submit a tax form in my name. When I went to submit my taxes, the request was rejected. It took me a month to get it squared away but I had submitted my taxes in the mail. The IRS provides me with a special code now that I use to submit my taxes. 
  • Employment information – An attacker had my PII and employer information. They used that data and submitted it for unemployment in my name. Thankfully, my employer was called and we denied the request.
  • Data breaches (Credentials) – There is a data breach every 39 seconds according to the University of Maryland. I would recommend that you assume that your data have been compromised and take extreme caution in using your PII.

    I would suggest that you lock your credit with all the credit bureaus and buy an identity theft protection service like LifeLock. You cannot keep up with all the ways attackers can use your data for nefarious purposes. 

  • Tech Support Email – An attacker uses email to send an email that you have a problem and it must be fixed immediately. They give you a phone number to call.

    You have to look at all emails and make sure they are from who they say they are from. Don\’t click on links in emails unless you are 100% sure they are legitimate. 

  • Applying for loans – Attackers with the right information can apply for credit cards, mortgage loans, personal loans, etc. with your PII. 

These are just some examples to bring awareness to the issues that exist. The attackers find new ways to stay ahead of the game. You much think before you act. 

Protect PII

All PII data needs to be encrypted and monitored through Identity Protection Services. 

  • You must treat your PII like it is gold because to someone else it is. You should never store PII on your computer unencrypted. 
  • You should not store any tax forms, loan applications, etc on your computer. That data can be easily used against you and you can easily become a victim. 
  • Also, use multifactor authentication on any device you log into. Passwords are easily cracked today within minutes. 
  • Please use caution when using your PII. You never send it over email, phone, texts, etc. Email and texts are normally not encrypted. You can use your phone if you know the person you are talking to is the right person you should be talking to. 

I switched to a new doctor recently and they wanted me to fill out a pdf form. I did not send this over email. I filled it out, printed it, and dropped it off. This is a big no-no! Never send your PII over unencrypted channels. 

The moral of the story here is your PII is your life and your treasure. Don\’t go sharing it with strangers.  Guard and Protect it with everything you have. Don\’t become a victim!

Conclusion

To recap, we explored what is PII information, what are some of the scams that exist, and how to protect yourself from these attacks. We recommend that you do cybersecurity awareness training once a year to learn the new tactics, techniques, and scams that attackers are using. They change and evolve over time. They are changing so often that you should read about the different breaches that occur so you can learn what is happening. You might now understand everything that happened but the techniques they are using against people and users are useful to know. 

The Internet is a very scary place today full of nefarious characters that want to steal your hard-earned cash and property. 

Please let us know what you think of this article in the comments. 

Dr. M

Dr. M

Leave a Reply

Your email address will not be published. Required fields are marked *