This past year saw a record number of reported data breach events and the Identity Theft Resource Center projects that financially motivated hacker and nation-state threat actors could drive identity crimes to even higher levels in 2024. The above slideshow highlights the companies involved in the 10 biggest reported data breach events during the past year, according to the ITRC's 2023 Data Breach Report. While the prospect of back-to-back years of record-setting data breaches, and their accompanying instances of ID theft is startling, there are solutions that can reduce the chances of 2024 being another record-setting year. Among potential solutions are more uniform notification requirements and digital credentials, according to James E. Lee, chief operating officer for the ITRC. While millions of individuals receive data breach notices, Lee says that more than half of the communications lack details about what happened during the event. This results in the impacted people and businesses being left in the dark as to what steps they should take next. The ITRC believes that federal regulations and state laws should adopt uniform provisions around issues such as the definition of personally identifiable information (PII), the timeline for notifying authorities as well as affected individuals and penalties for failing to follow notification provisions. According to the ITRC, data alone can no longer serve as the sole source of verifying a person's identity since PII is freely traded across the internet. To this end, digital credentials and facial verification will play a vital role, Lee says. When it comes to facial authentication there is some consumer education is needed as facial verification can be confused with facial recognition, which can privacy concerns. Lee explains that facial recognition is a tool used by law enforcement, for example, that aims to identify an unknown person by comparing the person's face against a database full of images. Facial verification, on the other hand, is not about trying to figure out who the person is, but rather trying to "prove that the person in front of me is who they claim to be," Lee says. "Once people understand that, their attitude tends to change." In many cases, people are already using these types of verifications, Lee says, giving smartphones that unlock with face or fingerprints as an example. "Your identity is more secure when you can prove that you are who you say you are using one of these technologies," he says. "All of the information needed to impersonate you is available, so we have to have a different way of verifying an identity that doesn't rely solely on data." Related: |

• FTC offering cash prizes for ideas to crack down on voice cloning
• NY Dept. of Financial Services proposes AI guidance for insurers
• 'Pig butchering' and other cybercrimes preying on human psychology rising fast