Identity Theft Cases Worldwide in 2026

Identity theft cases are spreading day by day everywhere. Scammers are always looking for and creating new methods to steal ID.

The US Federal Trade Commission (FTC) received 1.4 million identity theft complaints in 2023. Global losses from identity fraud exceeded $43 billion in 2022, according to Javelin Strategy & Research. And those are only the identity theft cases that get reported.

This guide focuses on the real identity fraud cases that actually happened, to real people and institutions across the world, from the UAE to Singapore, Saudi Arabia, Japan, the UK, and the US.

The facts are specific, the numbers are real, and the lessons are practical. Stay with us to learn more about these ID theft cases.

What is identity theft?

Identity theft occurs when someone uses your personal details without your consent for fraudulent purposes. It can be your name, social security number, passport information or financial data.

This can happen in the physical world; it increasingly occurs online, and when it does, the potential harm can be vast.

Why real cases matter more than statistics

To prevent identity theft from happening, we need to look at real cases, not just statistics. The latter tells us how many people have been affected but doesn’t provide details on exactly how thieves gained access to personal information.

For example, was it due to an unpatched system? A rushed know-your-customer (KYC) process? An employee who had too much access to sensitive information? Or simply somebody clicking on the wrong link in an email?

Without knowing these things, there’s a risk of repeating mistakes.

Identity theft cases around the world

Phishing scams, dark web credential markets, biometric spoofing, synthetic transaction fraud rings and insider theft have all been used in recent years to target identity theft victims.

Some of these crimes were committed by individuals, while others were carried out by organised crime groups, and in some cases, millions of people were affected. But none of them was unforeseeable.

What they all have in common is that, if adequate safeguards had been in place, the disaster could have been averted or at least minimised.

TIP: You might also want to learn more about synthetic transaction monitoring.

UAE: smishing and social media targeting led to AED 5 billion in cybercrime losses

Data from the UAE Cybercrime Prosecution reveals that losses from cybercrime exceeded AED 5 billion over the past year, with identity theft and financial fraud accounting for a significant share of those figures.

Smishing (or SMS phishing) attacks are one of the top tools used by identity thieves in the UAE:

• messages purporting to come from the country’s immigration authority (ICA)

• the Telecommunications Regulatory Authority (TDRA)

• bank security teams are sent out en masse.

Recipients are warned that their Emirates ID has been suspended or that there is a problem with their bank account. They are then led to believe it can all be resolved easily if they just enter their login details, passport scans and banking information on a fake website.

One recent identity theft case targeted university students specifically. Fraudsters harvested personal data about them from social media sites such as Instagram and Snapchat, including their names, which university they attend and even information about their families!

This gave them enough material with which to impersonate students when applying for bank or government services.

In other cases, they used it to mount phishing attacks that looked like they had come from real people.

Curiosity: Did you know that phishing is an example of fraud in business?

Singapore: Singpass credentials, malware rings, and SGD 10 million in losses

Singpass, the digital identity system for Singaporeans, has become a prime target for identity thieves, according to cybersecurity researchers and Singapore Police Force (SPF) statistics.

They say there has been an increase in the number of Singpass credentials being traded on the dark web this year. That's why it's one of the biggest identity theft cases in Singapore.

The thieves have used these stolen credentials to impersonate people online and carry out a variety of fraudulent acts, such as applying for loans and government services, or making financial transactions.

A malware-based keylogger scam also caused major damage in 2023 by recording login details (including one-time passwords) and using them to empty victims' bank accounts.

Malware was spread via fake banking apps and unofficial app stores and affected numerous people in Singapore. SPF said total losses exceeded SGD 10 million (USD 7. 45 million).

A third scam involved an iPhone resale ring: criminals used phishing attacks and bought stolen card details from the dark web to get their hands on Apple iPhones at stores and authorised dealers.

They then sold the phones for cash instead of returning them or completing transactions on behalf of fraud victims as intended by all parties involved.

Arrests have been made over both 2022 and 2023 so far, but police say these two scams are linked to larger fraud operations across Southeast Asia and beyond, meaning that whoever is responsible may have help from other criminals who work in different countries.

Saudi Arabia: Tawkalna clones, job scam rings, and SAMA warnings

Saudi Arabia’s speedy shift to digital services also created opportunities for fraudsters to make money.

One of their main tactics was cloning official government apps like Tawkalna (which most people use for public services), in order to steal data such as login credentials and national ID numbers.

It was spreading so quickly and generating such significant results that it soon became one of the largest identity theft cases in Saudi Arabia, raising serious concerns among authorities.

The Communications and Information Technology Commission (CITC) warned people from 2021 to 2024 not to download these apps from unofficial sources.

Another common play by criminals in this part of the world over recent years has been posing as employers on job boards and social media sites, particularly those frequented by young Saudis or expats who want work.

They advertise fake roles needing someone to fill them with applications or undergo checks. As part of this “process”, victims have to supply copies of passports/national IDs plus their bank account numbers.

Read also: CTF Compliance Saudi Arabia

Bahrain: CPR card misuse, fake public apps, and child identity fraud

These scams were also happening in Bahrain. In one case, an expat resident became a victim of identity theft after someone used his CPR card or national ID to open telecom accounts and commit financial fraud.

Such identity theft cases as this recently led Bahrain’s TRA to enforce more stringent SIM registration criteria.

Governmental spoofing apps were also a common data harvesting technique employed by fraudsters posing as eGov services, urging their targeted population for info.

Bahraini authorities also flagged growing concern around child identity fraud, where children's CPR numbers are used by family members or acquaintances to open accounts or take out credit, with the fraud often undetected until the child reaches adulthood.

TIP: Read more about Bahrain regulatory compliance

Oman: MENAFATF alerts and rising cybercrime identity exposure

The types of identity theft-related crimes and cases reported in Oman are fewer compared to other GCC countries. However, the regional FATF body, MENAFATF, has noted a rise in identity theft-related cybercrimes in Oman.

The NCFI’s annual report says that there has been a year-on-year increase in STRs related to identity theft since 2021.

The common types of identity theft-related crimes reported in Oman include:

• SIM swap fraud

• smishing scams masquerading as local banks and government agencies,

• the use of Oman Civil IDs to open fraudulent bank accounts.

The Royal Oman Police and Central Bank of Oman have issued advisories on identity theft. The advisories advise people to take precautions when dealing with their Civil ID.

Read also: AML Regulations in Oman

Japan: My Number breaches, 250+ arrests, and a 6x spike in 2024

Japan's My Number system, the national identification system introduced in 2016, became a big problem in 2024 and one of the main examples of identity theft cases in the world.

According to Japanese government figures, there was a sixfold increase in data breach incidents involving “My Number” codes in 2024 compared with 2023. In some cases, attackers even got hold of linked bank account information, names and addresses.

The data showed that 250 or more people had been arrested for various types of online “credential stuffing” fraud in 2023 and early 2024.

Japan's National Police Agency (NPA) recently reported on a couple who had been using fake identities for two years. They bought smartphones and gaming consoles on credit and sold them at second-hand stores, making money from their fraud. This is just one example. There will be many more.

Related content: Financial crime prevention and mitigation

Equifax breach: 147 million records, $575 million settlement

In 2017, US credit bureau Equifax was hacked; the personal information of 147 million people was exposed, making it one of the biggest identity theft cases ever.

The stolen data included Social Security numbers and driver’s licence numbers.

As part of a settlement with the Federal Trade Commission (FTC), Equifax agreed to pay $575 million, but people whose data was compromised aren’t out of the woods yet.

Stolen Social Security numbers and other information have been circulating on dark websites for years, and fraudsters have used them to take out loans, file fake tax returns and even commit “account takeovers”.

Credit monitoring services have seen a big increase in the number of people signing up for their services because customers believe they are at risk of identity theft or financial fraud.

Some researchers think this kind of increase will go on for several more years.

Anna Sorokin: social engineering without a single line of code

Between 2013 and 2017, Anna Sorokin, masquerading as German heiress 'Anna Delvey,' managed to defraud banks, hotels and even individuals out of $275,000 by presenting fake bank statements, creating a social media presence that made her look important using social confidence.

Because she appeared to be who she said she was, many places didn't bother doing their KYC checks properly or at all!

This shows how important it is that companies perform thorough identity verification procedures regardless of how trustworthy their customers may seem.

Read also: How long do AML checks take?

Synthetic identity fraud rings: $6 billion per year and climbing

Synthetic identity fraud uses one real piece of information, usually a Social Security number (SSN), plus two fake things, like a name and an address.

According to a new McKinsey report, it costs US banks nearly $6bn each year and may cost even more in the future!

When someone commits identity theft, there's typically a victim: for example, if fraudsters use their personal information to apply for credit, they might be left liable for debts they didn't incur.

The problem with synthetic IDs, though, is that there's no single victim because the fake identities don't belong to anyone!

This means it's much harder for police officers and bank investigators to detect them: if an account goes into arrears or a loan defaults, they might not even realise that fraud has taken place.

In 2021, the FBI busted a crime ring that had been using fake identities to swindle $200 million in coronavirus relief funds.

They had created more than 7,000 fake identities, each with a small credit history. Then they used a “bust out” scheme to max out the credit on those identities and make off with the loot.

UK SIM swap fraud targeting Monzo users

SIM swap fraud involves convincing a mobile carrier to transfer a victim's phone number to a SIM card controlled by the attacker.

They can then intercept text messages that are used for two-factor authentication (2FA).

When this happens, the hacker can get into the victim’s bank account and steal money. Recently, there have been a number of these attacks on customers of Monzo and other digital banks.

Ofcom, the UK’s communications regulator, has responded by requiring mobile providers to improve the security of their SIM swap procedures.

However, SIM swap fraud is still a problem worldwide, especially in countries where telecom companies do not verify their customers’ identities very well.

Biometric identity theft: facial spoofing & deepfake attacks

As biometric verification becomes more common, so do attacks on it. Fraudsters are now using techniques such as facial spoofing and deepfakes to bypass security systems.

Facial spoofing attacks involve tricking a biometric system into thinking it's seeing a real face when it isn't.

For example, an attacker might hold up a high-resolution printed photo of someone else's face or use a 3D mask or pre-recorded video.

In 2024, Hong Kong police reported that a finance worker had been tricked into transferring $25 million after a video call.

Everyone on the call appeared to be real, but in fact some of them (including the CFO) were deepfakes created using artificial intelligence (AI). Definitely, one of the biggest and most advanced identity theft cases in the world so far.

Fraudsters in Asia have also used deepfakes to pass video KYC (know your customer) checks at financial institutions with weak "liveness detection" safeguards.

Child identity theft ring in Florida

For nearly a decade, a fraud ring in Florida was using the Social Security numbers of children (including newborn babies) to commit various types of identity fraud.

Its members would open credit cards in the children's names; take out loans; and even file fake tax returns using their victims' identities.

Because these crimes often go undetected for years, parents don't usually find out about them until their children apply for student loans or undergo background checks for jobs.

It can be difficult for victims of child identity theft to prove their innocence: they were kids when the crimes were committed! As a result, authorities sometimes have trouble helping them clear their names.

Lessons learned from these cases

Regardless of location or technique, identity attacks share similar weaknesses. It is possible to reduce or eliminate them through simple countermeasures that strengthen your defences.

How to reduce the risk of identity theft

The cases above show that identity theft often succeeds because attackers exploit weak onboarding processes, poor access controls, exposed personal data, and a lack of user awareness.

Prevention should therefore happen at both the business and individual levels.

For businesses

• Use secure KYC and identity verification tools, including document verification, biometric matching, and liveness detection during customer onboarding.

• KYB solutions are also equally important for avoiding fraud.

• Apply multifactor authentication and role-based access control to limit unnecessary access to sensitive data.

• Encrypt customer and employee data, both when stored and in transit.

• Monitor suspicious login activity, unusual account behaviour, and unexpected access patterns in real time.

• Run regular penetration tests and security audits to identify vulnerabilities before attackers exploit them.

• Prepare and test an incident response plan, so teams know how to act quickly after a breach.

• Follow applicable data protection and privacy laws, including GDPR, CCPA, HIPAA, and relevant local regulations.

For individuals

• Use a password manager and create unique passwords for every account.

• Enable two-factor authentication through an authenticator app where possible.

• Regularly review bank statements, credit reports, and account activity.

• Consider freezing your credit if you are not planning to apply for new loans or credit products.

• Avoid clicking links in unsolicited emails, texts, or messages.

• Shred physical documents that contain sensitive personal information.

• Limit the amount of personal information shared publicly on social media.

FAQs of Identity Theft

Who are the most famous victims of identity theft?

Celebrity victims have included Oprah Winfrey, Tiger Woods and Will Smith.

High-profile figures are targeted because they have more money than ordinary people, and their personal information is easy to find.

Scammers can impersonate them and take over their accounts or open new ones.

What is synthetic identity fraud, and how is it committed?

This type of fraud happens when real personal information is mixed with fake details to create a new identity.

How do I know if my identity has been stolen?

If you’re turned down for credit that you didn’t apply for, if debt collectors are calling you about debts you don’t owe, if there are unfamiliar entries on your credit report or if you get letters or emails about accounts or addresses you didn’t set up, it could be a sign that someone has used your identity.

In the UAE, you might also get alerts from your bank about suspicious activity linked to goAML (the government’s anti-money laundering software).

Is SIM swapping still a problem in 2026?

SIM swapping is still being used to commit fraud worldwide. This is particularly in places where mobile operators don’t verify transfers properly.

Conclusion

Identity theft cases aren't going away, and in fact, it has become a global problem affecting individuals as well as global businesses across multiple continents.

The losses reported by victims run into billions of dollars: some ID theft cases even make the headlines because they involve such huge sums! Yet while identity thieves may seem all-powerful, they are actually very vulnerable and can often be stopped before they do any damage at all.

Simple measures like stronger verification procedures and ensuring everyone who deals with customers is well trained (as well as using KYC methods to check people’s identities) can go a long way towards preventing fraud.

Similarly, multifactor authentication: there are lots of tools out there, but they only work if you use them consistently.

Don't risk your business and ensure you adopt all the available measures.

Related articles

• Address proof in Saudi Arabia

• Anti-money laundering law in Kuwait

• How to get Proof of address in the UAE

• Anti-Money Laundering Policy template

• Best AML screening software in the UAE