In this article:
Personally identifiable information (PII) is information about you that helps to tell you apart from everyone else. These unique identifiers include your Social Security number (SSN), address, date of birth, email addresses and phone number.
You use your personal information to identify yourself to governments as well as banks, creditors and other businesses. For example, when you go to the pharmacy and confirm your date of birth to pick up medications, you're using identifying information.
Unfortunately, when your personal information ends up in the hands of identity thieves, they can use it to impersonate you. They may pose as you in order to steal your money, open accounts in your name and wreak other havoc, which can ultimately cause serious damage to your finances, credit and reputation.
What Is Personally Identifiable Information?
Personally identifiable information is any piece of data that is used to identify a specific person. You use your identifying information all the time to go about your daily life, such as when you provide your address when shopping online or use your date of birth to schedule a doctor's appointment. You also use identifying information when you login to an account or apply for new credit.
But your personal information also has enormous value to fraudsters, who steal your PII in order to commit identity theft. That's why it's urgent that you protect your sensitive information.
Sensitive vs. Non-Sensitive PII
Personally identifying information can be considered sensitive or non-sensitive. Non-sensitive information is information that's considered public knowledge, such as your name, birthday or gender
Sensitive PII is any information that would result in personal damage, such as financial losses, if it were compromised. Here are some examples of sensitive personally identifying information:
- Social Security number
- Bank account routing number and account number
- Credit card and debit card number
- Passwords
- Passport numbers
- Biometric information
- Date of birth
- Mother's maiden name
- Birthplace
- Employer Identification number
- Medical information
But even non-sensitive information can be combined with sensitive information, such as your SSN, to commit identity theft and fraud. So the distinction between these two types of PII ultimately comes down to context.
How Do Identity Thieves Steal Your Information?
There are a number of ways that your personal identifying information can end up in the wrong hands. Sometimes, people accidentally hand their information over to criminals directly, such as when they're tricked by a scam call. Other times, cybercriminals use viruses or other methods of hacking to gain access to your information.
Here's a closer look at notorious methods identity thieves use to gain access to sensitive data.
Phishing
Identity thieves use phishing tactics to trick you into accidentally exposing your sensitive information. Common examples are websites that imitate ones you're familiar with and calls from scammers impersonating government officials or your bank.
One notorious phish is an email impersonating a retailer you trust, posing as a confirmation email for thousands of dollars in purchases you didn't make. The email will include a login link that, when clicked, takes you to a look-alike site that asks you to provide your login or banking credentials. If you enter them, the fraudsters running the site can then use it to log in to your account.
Smishing
Smishing is the same technique as phishing, but it instead uses legitimate-seeming text messages with links or requests for money or sensitive information.
For example, one common smishing scam is a text message claiming to be from a shipping service and stating that you have a new package to track. Clicking the link will lead you to a malicious site that may aim to infect your device with spyware or ask that you hand over sensitive information directly.
Social Engineering
Social engineering is when thieves use knowledge of how people are most likely to react in a given scenario in order to trick you into walking into their trap. Fraudsters use this strategy in any number of ways. They may send an email impersonating a workplace system administrator asking you to enter your password to avoid being locked out of your work accounts. In reality, this is a ploy to gain access to sensitive work information.
Thieves may also pose as other people on social media and engineer a situation that entices you to send money or information. One increasingly common social engineering attack is the romance scam, in which a catfish chats with you and sends photos. The endgame of this form of fraud is often to convince victims to send cash.
Unsecure Internet Activity
If you're using an unsecured Wi-Fi network, a hacker could potentially intercept any data you transmit. For example, if you're using public Wi-Fi to do some quick online banking, or open up social media and enter in your username and password, you're opening up sensitive data for theft.
Document or Mail Theft
Identity thieves can look through mail or sift through the trash in your dumpster to find documents containing sensitive information about you and members of your household. It's always wise to shred documents with any type of identifying information on them.
What Do Identity Thieves Do With Your Information?
Identity thieves use your personally identifying information to commit fraud. They may impersonate you, steal your money and take out credit in your name.
In some cases, all a thief needs is one piece of information, such as your credit card number. In other cases, an identity thief may use a mix of your sensitive and non-sensitive information, such as your name and Social Security number, to impersonate you.
Once identity thieves have access to your PII, they can use it to carry out different types of fraud, such as opening a new credit card in your name, withdrawing funds from your bank account or filing a tax return in your name.
How to Keep Your PII Safe
When it comes to safeguarding your PII, not everything is within your control. In addition to the steps you can personally take, it's also up to the organizations that have access to your data, such as government agencies and financial institutions, to protect your data.
But as an individual, there are steps you can take to lower the risk of your sensitive information falling into the wrong hands.
- Password-protect your devices, such as phones, tablets and laptops. If you suspect a password has been compromised, change it immediately for all accounts that use it.
- Shred documents and mail that contain identifying information before you throw them away.
- Know the signs of phishing attempts and always avoid giving information out to people who call you on the phone. Hang up and contact trusted agencies yourself.
- Set your social media accounts to private and always be cautious about sharing any personal information, such as your employer or the name of the street you grew up on.
- Use a password manager to create strong, distinct passwords for each site and application, and avoid repeating passwords.
- Sign up for free credit monitoring to get real-time alerts to any changes to your credit. Dispute unrecognized information in your credit report right away, as it can be a sign of fraud.
Keep Sensitive Information Private
Everyone generates and uses personally identifying information all the time—the cookies you leave when you browse the internet, the W-2s that show up in your mailbox each tax season, the medical information on file at your doctor's office and the data you transmit when you swipe your credit card are all leaving a trail.
Keeping your PII out of the wrong hands comes down to limiting vulnerability and understanding what information is sensitive. In addition, know what information about you could already be out there. Run a free dark web scan through Experian to see whether any of your PII, such as your phone number or address, is being bought and sold by criminals on the dark web.