What is Personally Identifiable Information (PII)?

Brandon King
November 8, 2023
Close-up personally Identifiable information word on keyboard computer.

Some 80 percent of stolen company data contains personally identifiable information (PII) such as Social Security numbers, driver’s license numbers, etc. 

That’s because, in this day and age, we can’t get away from needing to provide sensitive information to banks, creditors, insurance companies, schools, employers, and even social media.

Unfortunately, when these companies we do business with are hacked, our PII can end up in the darknet and in the hands of identity thieves.

So, let’s dig deeper and explore what PII is and the ways you can protect it.

Personally identifiable information (PII) in GDPR  or PDPA vector

What is Personally Identifiable Information (PII)?

Your personally identifiable information is any data or information that directly identifies you – and you only

Simply put, your PII is the data equivalent of your DNA.

This includes your name, email address, telephone, driver’s license, social security number, insurance number, or bank account number. 

These pieces of information can be used to identify and track you, whether they’re used as standalone information or in conjunction with other relevant data like race or gender.

In some cases, two people might share PII. For example, they might have the same name, date of birth, or address, meaning their PII could be identical.

However, while they may have similar PII, it’s unlikely they will share all of the same PII. 

Even if they have the same name, date of birth, or address, they will have different Social Security numbers or other distinguishing characteristics. This makes it practically impossible for two people to share the same personal information. 

Types of Personally Identifiable Information (PII)

  1. Basic identification information
  2. Contact information
  3. Financial information
  4. Health and medical information
  5. Educational and employment information
  6. Biometric data
  7. Internet and device usage data

We live in a data-driven world. 

Yes, it’s awesome, but the emergence of big data also means personally identifiable information can be a broad spectrum.

This increases the scope of personal information that a scammer can track and exploit.

Due to how extensive the average person’s online footprint has become, many categories of information can be considered PII.

Here are some common types of personally identifiable information that a scammer can exploit.

1. Basic identification information

PII like this includes your full name, date of birth, Social Security number, or any equivalent national identifier: Driver’s license, passport number, and other government-issued ID numbers. 

2. Contact information

Information like your telephone or mobile number, residence address, email address, and any other contact details can also be used to identify you. This makes them a form of PII.

3. Financial information

This includes credit card numbers, bank account numbers, 401k, and other financial information.

4. Health and medical information

Hospitals generally keep files for each patient. 

Your medical records may include health insurance information, diagnoses, medication names, and other health-related data.

5. Educational and employment information

Employment fraud has been on the rise since the pandemic. 

An estimated $163 billion in unemployment benefits were paid to scammers and malicious actors. 

Fraudsters can use your employment history, job title, salary, education records, and academic transcripts to file fraudulent claims and receive government benefits such as loans.

6. Biometric data

The chance of sharing identical fingerprints with someone else is 1 in 64 trillion. So, it’s already a fact that no two people can have the same fingerprints. 

Not even identical twins.

This makes your biometric data personally identifiable information. Fingerprints, facial recognition, voice recognition, retina scanning, and any other unique physical characteristics can be used by scammers to commit fraud.

Recently, scientists have found that it’s possible to recreate copies of your fingerprints using pictures showing your fingers. 

This means that a really dedicated hacker may be able to lift your fingerprints from Instagram photos where you are waving or throwing the peace sign.  

There’s also a relatively new cyberattack called biometric spoofing.

This is an identity theft attack where a fraudster tries to compromise a system secured with biometric detection tools. 

Scammers can illegally access sensitive data by faking biometric identifiers like your fingerprints.

7. Internet and device usage data

Internet and device data like your IP address and geotags can also be used to track you and spy on you. 

Hackers can exploit this security vulnerability by installing malware on your device to steal, destroy, or encrypt your data.

On the other hand, many of us are guilty of leaving our pictures with geotags.

Geotagging is a location feature that lets you know where a picture was taken. It’s a pretty cool way of organizing your photos and remembering the name of the restaurant where you had that lovely dinner a few months ago.

Unfortunately, geotagging is also a way for scammers and creeps to learn about the places you have been. This is known as social surveillance.

✎ Related: How Do I Remove My Personal Information From The Internet? ➔

PII in GPDR or PDPA vector

How Scammers Can Take Advantage of Your PII?

Just like you would protect your DNA, it’s equally essential to safeguard your PII from unauthorized access or use.

Most people don’t know how crucial their PII is and that explains why some people are careless with it. 

Identity theft is the biggest risk of losing your PII to the wrong people and it opens the door to scams. 

For instance, nearly 42 million Americans fell victim to identity fraud due to exposed PII in 2021. That resulted in around $52 billion in losses.

With the right personal information, anyone can do anything with your identity.

Here are some of those things: 

1. Opening a new credit account

Cybercriminals can use your PII to open a credit account in your name, resulting in unauthorized charges, unpaid debts, and a damaged credit score.

2. Privacy violation

Beyond crippling financial losses, someone with overwhelming information about you can also stalk you and your family to cause physical harm or invade your privacy.

In some cases, scammers get this information from social media posts.

3. To sell your information

Hackers can sell your personally identifiable information on the dark web. You’ll be surprised to learn that your social security number sells for just below $3 on the dark web!

When hackers gain access to thousands of user PII, they can sell them for profit to scammers, who will then use the information to commit fraud.

4. Phishing

Scammers can use PII like your email address, financial information, and address to craft convincing phishing emails or text messages appearing to be from a legitimate source.

You might get a message purporting to be from your bank, workplace, or even Gmail asking you to click a link to change your password or provide sensitive information.

5. Reputation damage

A person’s PII can be used to damage their reputation through false or damaging content about them.

This can have significant consequences now and in the future.

Around 70 percent of recruiters believe in screening a candidate’s social media presence before hiring them.

Since your PII is the gateway to your online persona, it can be used to damage your reputation if it gets into the wrong hands.

6. Filing fraudulent tax returns

In 2022, the IRS Criminal Investigation identified over $31 billion from tax and financial crimes.

Although 9 out of 10 criminals were convicted, the staggering amount of fraudulent tax returns is alarming.

Unfortunately, scammers can use your personally identifiable information to file false tax returns and claim a refund. This can lead to big problems when it’s time to file your tax return.

7. Impersonation scams

Impersonation scam covers such a wide scope of different fraud.

Scammers can impersonate your family, friends, or colleagues and deceive them into sharing sensitive information or sending money.

In addition, fraudsters may use your identity to create false social media profiles to perpetuate romance scams.

If you’re a CEO or company executive, scammers may also impersonate you or your employees. They may want to infiltrate the company network and steal sensitive data.

8. False job opportunities

Unfortunately, scammers can also prey on your unemployment or desire for a better job.

They can use your PII to make fake job offers, asking you to provide additional information such as a copy of your social security number, passport, or driver’s license to “complete the application process.”

In most cases, this is usually done when the scammer already has some PII about you, but it isn’t enough to commit fraud just yet.

So, they trick you into sending additional information claiming it’s to “verify your identity” or some other suspicious reason.

How to Protect Your PII and Avoid Identity Theft?

According to the US Department of Labor, you share part of the responsibility of protecting your PII. 

While companies with your personal information are required by compliance and regulatory laws to protect your data, you’re still the first line of defense. 

Scammers are always on the lookout for personally identifiable information to steal. Sadly, their job has become easier, especially with access to cutting-edge hacking software and tools.

Below are tips to protect yourself from identity theft:

1. Don’t reveal your personal or financial information

To avoid becoming a victim, be cautious about who you share your personal information with. 

As a rule of thumb, adopt a “zero-trust” policy.

No one needs to know any sensitive information about you.

However, there are cases when you can’t do anything about it, but only provide sensitive information when absolutely necessary.

Always verify the identity of the person or company requesting your PII before providing it.

It’s also your right to ask what your information will be used for and who can access it.

2. Implement a strong password policy

Protect your online accounts with strong passwords that are between 8 to 15 characters long.

Your password should include letters (lowercase and uppercase), numbers, and special symbols. 

Remember to change your password every three months, and if there’s been a data breach, change it immediately.

Don’t reuse the same password for more than one account. 

I hate having to remember passwords, so I use a password manager. There are a few reliable ones, like Zoho Vault, Google Password Manager, NordPass, and LogMeOnce.

Your password policy should also be extended to your family.

Lastly, implement two-factor authentication (2FA) to provide an extra layer of security.

3. Educate children and seniors

Children and elders can be unsuspecting victims, so remember to educate them on the importance of staying safe.

Help them understand how to identify social engineering scams and avoid them. Ensure they don’t reveal sensitive information to strangers online claiming to be lovers or friends.

I recommend implementing a form of parental control.

Ensure everyone steers clear of the Internet “quizzes.” Who cares what Marvel superhero you are or who your guardian angel is anyway? Seriously.  

These quizzes can expose PII, like your birthday, the make and model of your first car, etc.

4. Freeze your credit

Freezing your credit will prevent anyone from opening new credit lines in your name. 

This service is free, doesn’t affect your credit score, and can be temporarily lifted when you need to use your credit card or open a new line of credit.

To freeze your credit, you must contact each of the major credit bureaus – Experian, Equifax, and TransUnion. You can also do this on their websites.

You should also freeze your kids’ credit.

Since they’re probably too young to use it anyway, you can unfreeze their credit when they’re old enough.

5. Never carry sensitive documents around

You don’t need to carry sensitive documents with your personally identifiable information everywhere you go.

Your wallet is not a safe place to keep these documents.

Generally, your driver’s license is enough identification. And, since it’s just one document, it’s easier to keep an eye on it.

Documents like Social Security cards, passports, credit reports, and financial statements should be locked away in a safe.

6. Regulate social media activity

Keeping up with your friends on social media is exciting, but don’t overshare. 

When you post something online, it’s no longer in your control. There’s nothing you can do about it anymore.

Refrain from sharing sensitive personally identifiable information that can be used to track you.

For example, celebrating your birthday on social media already confirms your date of birth. 

It’s also dangerous to share your home or work address, children’s school, vehicle license plate, a status update about your personal life, etc.

Another useful tip is to have a private profile, so only your friends and close circle can see your posts.

Keeping mum on social media also applies to your friends. Ensure they inform you before posting any information about you online.

7. Don’t answer suspicious calls or emails

Be wary of unsolicited phone calls, emails, or messages requesting personal or financial information. And, never enter personal or financial information when you’re using public Wi-Fi or any other unsecured connection.

8. Install reliable antivirus software

Scammers may infect your device with ransomware and encrypt your PII to demand payment. Don’t forget to install strong antivirus software like Norton and McAfee on your device.

9. Avoid using public Wi-Fi

One in four public Wi-Fi networks offers no encryption or password protection.

Do you really want to take that risk?

Avoid using public Wi-Fi – and if you must, ensure your antivirus, firewall, and virtual private network (VPN) are enabled. 

Some examples of VPN services widely used include NordVPN, Surfshark, ExpressVPN, etc.

You should also avoid logging into your financial accounts when using unsecured networks.

10. Continuously monitor your credit report and bank statements

It’s also a good idea to monitor your credit report and financial accounts regularly for any suspicious activity or unauthorized transactions.

If you notice an unknown transaction, flag it immediately or place a fraud alert with your financial institution.

Always request your bank statements monthly, keep them safe, and replace them once a new one arrives.

You can request your credit report from the three credit bureaus by visiting AnnualCreditReport.com.

I generally request at different times during the year so that every 3-4 months, I know what my credit report looks like.

11. Use an identity protection service

Finally, don’t forget to subscribe to a reliable identity theft protection service. Some of the most efficient ones with features that protect your PII are Aura, IdentityGuard, and IdentityForce.


While you cannot control data breaches, your action before and after they happen is vital. 

Fraudsters are working overtime to steal your personally identifiable information. It’s up to you to protect yourself.

Good cyber hygiene that involves using the safety tips described above will help keep you safe. 

Remember, if it looks like a duck, swims like a duck, and quacks like a duck, it probably is a duck.

So, if something seems suspicious or too good to be true, that’s because it is.

Related Articles To Protect Your Information: