Celia from Australia had a firsthand experience of the circles of hell that identity theft victims have to go through. Even years later, she was fighting banks to stop criminals from using her name, and her story has some important lessons for everyone.
“When you find out you’ve been a victim of something like this, it’s really disconcerting. It makes you feel insecure. It makes you feel disoriented. It makes you lose trust in the system.”
Celia’s troubles began while moving houses in Sydney in November 2021. Just before noon, as her Uber pulled up on the roadside in Chippendale, Celia started loading her bags and suitcases into the car one by one.
Someone must have been watching her while she was carrying her belongings, seizing the opportunity to sneak over unnoticed. The thief timed their move when both she and the driver were distracted loading luggage into the car.
As Celia went to get in the car herself, she realize that her handbag was missing. Her driver’s license, credit card, and Medicare card were inside.
The incident was frustrating, but what really shocked her was what unfolded next.
Celia’s story was brought to our attention by Verida, a security company specializing in privacy-preserving tools. Cybernews reached out to Celia and independently verified the information provided.
The danger was not obvious
Shocked at what had happened, Celia was grateful that her phone wasn’t in the stolen bag.
“Obviously, the thing that’s in danger is the credit card,” Celia recalls.
She immediately called her bank and canceled the card — and thought nothing more of it.
But while the thief was thwarted from using her balance for impulsive purchases, little did she know that this was the beginning of something much more nefarious.
Months passed. Out of the blue, one day, Celia was contacted by a dance studio nestled in Sydney’s inner West.
Bank card envelopes in her name had started mysteriously arriving at their address. That’s when she realized that the IDs in her stolen handbag had been used to open multiple bank accounts in her name and without her knowledge.
“Step one was to steal someone’s ID. Step two, apply online with a bank, upload the ID, and open the bank account. Step three, have the bank account sent out to them. They can’t send it to their real address, obviously,” Celia said to Cybernews. “So, they pick fake addresses.”
It happened to be a warehouse near the dance studio. Celia feels lucky she got alerted by the studio owner, as criminals were already racking up huge overdrafts.
“One of them had even managed to apply for a credit card in my name at one of the big four banks, which was obviously pretty alarming,” Celia said. “The bank didn’t tell me. I told the bank. I was like, hey, have you noticed that someone’s opened four accounts in my name.”
The primary goal of identity thieves was to exploit fake accounts to funnel illicit proceeds from gift card scams and other fraudulent activities.
“They need somewhere to store the money, and they obviously need it to be in accounts with real people’s names,” Celia recalled. “They then obviously spend that money, but they also overdraw the accounts. One of them is overdrawn by $4,000.”
A long and tedious battle
The process of recouping lost funds and rebuilding life after identity theft is grueling. For Celia, the biggest frustration was the amount of paperwork and information the banks required from her to close fraudulent accounts.
To set the bureaucratic wheels in motion, Celia had to physically visit bank branches with her passport and multiple documents revealing her real address. It was not better with digital banks, as she had to embark on an arduous process of wrangling back and forth with their customer service teams for hours.
“Why was it so easy for a stranger to open a bank account in my name, and why was it so difficult for me to shut them down?” she asked. “I had to go in person to the banks and show epic amounts of ID, way more than was needed to open the accounts.”
“And I’m a busy business owner. I just don’t have time to spend time on this,” she added.
Even house-sitting websites request user photo verification. She wondered why banks don’t do the same.
“It’s absurd that it can even happen. But this is Australia. I don’t know if it’s the same in the US or other countries. But in Australia, apparently, who knew that to open a bank account, you only need to apply online and upload pictures of your driver’s license and the Medicare card? You don’t even have to upload your own picture,” Celia told Cybernews.
The sickening experience was extended by many hours of liaising with credit reporting companies like Equifax, Experian, and Illion, freezing her credit with all three bureaus so that fraudulent loans could not be taken out in her name. Otherwise, fraudsters could annihilate her credit score.
“It’s amazing. Just a couple of little details and people can run rampant with your data,” she said. “The banks don’t care, and the police don’t care because it happens so often.”
Protecting yourself
It has taken Celia two years to pick up the pieces and stop criminals from misusing her data.
She attempted and was unable to change the number on her driver’s license, as she encountered bureaucratic challenges with the police report process. Her luck changed when the third largest telecom, Optus, was breached in another cyberattack and exposed her data.
“That actually benefited me because I didn’t have to go through all the paperwork to change my license. They just did it on the spot. It was like such a blessing, which is such a weird thing to say,” Celia remembers.
She has an urgent message for consumers who want to avoid meeting a similar fate: take time to prioritize your data security – especially with the recent advancements in AI.
“Our data is only going to get trickier to protect if we don’t become more vigilant,” she said. “You’re so busy day to day. You’ve got work, you’ve got family, you’ve got life – it’s not something that’s easy or intuitive to prioritize.”
Celia is not alone. Identity theft is a global problem that’s getting worse by the year. A recent Debt.com survey suggests 49% of all Americans have fallen victim to this crime, with some left hundreds or thousands of dollars in debt as a result.
There’s a new case of identity theft every 22 seconds in the US – with the Federal Trade Commission receiving over 1.4 million reports every single year.
“It makes me feel quite sick knowing that there are people being ripped off and defrauded out of their money every single day,” Celia said. “I would love if we could all have a system where we could take control of our identity and our information.”
Looking back, Celia wishes she had looked into privacy-preserving tools like Verida, which allow personal data to be encrypted through the use of decentralized identities.
Verida eliminates the need for centralized authorities to manage and store sensitive data, and Celia believes that this could prevent similar failures in the future. Here, credentials can be securely stored in an environment with anti-phishing infrastructure – including Web2 logins and crypto addresses. Whenever data is requested from an external business, instant notifications are sent so those requests can be approved or denied.
“I would just say, gift it to yourself for your next birthday. Make your present a block of time to actually sit down and work out what you can do to protect your personal data as carefully as possible. It’s not a fun thing to do, but it’s not fun to have your data stolen.”
