Overview

With the right combination of PII, or personally identifiable information, identity thieves can apply for credit cards, file taxes, and commit a host of other forms of fraud, devastating your credit score and financial stability. Find out how to minimize how much PII you share in the physical world and online.

While state laws may define this term differently, PII stands for personally identifiable information, referring to sensitive personal details that can be used to identify someone.

Your PII can be used to unlock your accounts or steal your identity, so it's important to keep this type of data out of the wrong hands.

Examples of PII (Personally Identifiable Information)

So what is considered PII?

Examples of PII can include your:

  • Driver’s license number

  • Social Security number

  • Email address

  • Financial and credit card account numbers

  • Passport number

  • Fingerprints

  • Full name

But did you know these things can also fall into what is considered PII:

  • Handwriting samples

  • IP address

  • Login credentials

  • Patient identification numbers

  • Photographic images

  • Precise geo-location

  • Street address

  • Tax ID

  • Telephone number

  • VIN (Vehicle Identification Number)

  • Voice signatures

Some of these identifiers such as Social Security number, driver’s license number, and biometrics like fingerprints, are unique to you. Other data like full name, birth date, and street address could be shared by other people, but they're still strong identifiers, so they can be considered PII.

Even some temporary details, such as telephone numbers and credit card numbers, are categorized as PII. They could change over time but they are still tied to your identity.

Sensitive PII

This is a type of PII that can give access to your most sensitive data like  personal records in areas such as medical and healthcare, financial, insurance, taxes, employment, military service, and education.

Information such as Social Security numbers, your precise geo-location, and login credentials are considered sensitive PII because in some cases, they can grant access to (or at least make it easier to access) other sensitive accounts.

How identity thieves gain access to PII

Large-scale data breaches are a major contributor to compromised PII. As are a variety of other methods, including mail theft and phishing.

Fast Facts

Wondering how a data breach might impact you?

Here are three real-world examples of large-scale data breaches and their effect: 

  • Twitter in 2022: A hacker exploited a vulnerability in Twitter’s API and obtained the email addresses and phone numbers of 5.4 million users. The hacker then posted this data for sale on a hacking forum. 

  • Microsoft in 2021: A cyberattack on Microsoft Exchange email servers, one of the world's largest email servers, affected more than 250,000 organizations worldwide. Hackers gained unauthorized access to emails from businesses, governments, and universities.

  • SolarWinds in 2020: SolarWinds, a software used by multiple government agencies and corporations, was attacked by hackers. The hackers inserted malware into software updates that were distributed to SolarWinds' customers, allowing them to gain unauthorized access to sensitive systems and potentially exposing confidential data.

Once obtained, hackers may sell personal information on the dark web to criminal elements such as organized crime and identity thieves.

Sometimes, the stolen PII may be enough to hijack a victim’s account outright. Other times, an identity thief may need to supplement PII gathered with other PII — forming a victim’s identity like a puzzle.

While there are many ways for hackers to obtain PII data, there are also many ways to protect it.

Protecting your PII

One of the best ways to reduce the odds that your PII will be compromised is to minimize your digital footprint by removing unnecessary PII from your online accounts — and being cautious about sharing it in the first place.

  • Many people fill out optional form fields without thinking twice about it. But if information isn’t required, why share it? Be especially cautious when sharing your Social Security number and medical, financial, and tax IDs

  • Ensure that any phones or computers that store that information are password protected

  • Store identification cards safely and shred physical documents that contain PII before trashing them

  • Your email address can be a key piece to unlocking access to other accounts so be cautious when sharing it in exchange for discount codes and other freebies

Keep in mind, just because someone has your personal information doesn't mean you've been the victim of identity theft. However, it may make you an easier target for future attempts.

An identity theft protection service like ours can also help you secure and monitor your details. If you’re already a member of Allstate Identity Protection, make sure you activate the features included in your plan that can help you protect your personally identifiable information.

And, should you ever become a victim of identity fraud, we'll be with you every step of the way.