Biggest Identity Theft Cases in History: 10 Jaw-Dropping Scandals That Shook the World
The 2017 Equifax data breach holds that title, affecting over 147 million Americans and resulting in a $700 million settlement. But itโs far from the only jaw-dropping case. From fake tax returns to billion-dollar health care fraud, identity theft has evolved into one of the most complex and dangerous crimes of the digital age.
According to the Federal Trade Commission (FTC), identity theft reports have surged in recent years, with nearly 1.1 million cases reported in 2022 alone. Criminals are becoming more sophisticated, targeting everything from bank accounts to social media identities.
In this article, weโll explore 10 of the biggest identity theft cases in history, their impact, and the lessons weโve learned โ or failed to learn.
Table of Contents
Top 10 Identity Theft Cases of All Time
1. Equifax Data Breach (2017)
- Victims: 147 million people
- Details: Hackers exploited a website vulnerability in Equifax’s system to steal sensitive data including names, Social Security numbers, birthdates, and addresses.
- Impact: Massive public outrage and congressional hearings.
- Settlement: $700 million to affected consumers.
- Why it matters: A credit bureau responsible for protecting personal data became the biggest breach victim in U.S. history.
2. Facebook Data Scraping (2021)
- Victims: 533 million Facebook users in 106 countries
- Details: Personal information such as phone numbers and email addresses were exposed due to vulnerabilities in Facebook’s contact importer tool.
- Impact: Increased phishing and scamming attempts.
- Metaโs Response: Said the data came from an old breach fixed in 2019 โ but offered no compensation.
- Why it matters: Highlights how social media data, even when publicly available, can be weaponized.
3. Angellica Roberts & the IRS Fraud Ring (2014)
- Victims: Thousands (primarily deceased or incarcerated individuals)
- Details: Roberts ran a ring stealing identities to file false tax returns.
- Sentence: 126 months (10.5 years) โ the longest identity theft sentence in U.S. history.
- Why it matters: Showed how IRS vulnerabilities could be exploited at scale using stolen data.
Identity Theft Penalty Enhancement Act (ITPEA), What You Need to Know
4. Albert Gonzalez & the TJX Hack (2005โ2007)
- Victims: Over 170 million credit card numbers stolen
- Details: Gonzalez orchestrated a massive hack of companies including TJX, Heartland Payment Systems, and Hannaford Bros.
- Sentence: 20 years in prison.
- Why it matters: Considered the first modern mega-breach targeting point-of-sale systems.
5. Willie Wilkersonโs $100M Health Care Fraud (2012)
- Details: Wilkerson stole identities to fraudulently bill Medicare for services never rendered.
- Amount: Over $100 million stolen.
- Why it matters: Exposed loopholes in Medicare billing and lack of verification.
6. Lori Drew & the MySpace Hoax (2006)
- Victim: 13-year-old Megan Meier
- Details: Drew created a fake MySpace profile to bully Megan, which led to Meganโs suicide.
- Legal Action: Convicted of computer fraud (later overturned).
- Why it matters: A tragic reminder that identity misuse can cause real-life emotional trauma and loss.
7. Cameron Harrison (aka โKilobitโ) and the Dark Web Empire (2018)
- Details: Ran a dark web operation selling stolen personal data and hacking tools.
- Earnings: Millions in Bitcoin.
- Sentence: 108 months in prison.
- Why it matters: Showed how the dark web facilitates identity theft globally and anonymously.
8. TJ Maxx Breach (2007)
- Victims: 45.6 million credit and debit card numbers
- Details: Hackers exploited weak encryption protocols and unsecured Wi-Fi.
- Cost: Estimated at over $256 million.
- Why it matters: Forced retailers to rethink how they store and transmit customer data.
9. Synthetic Identity Fraud by โSasha Hodgesโ (2016)
- Details: Created fake personas combining real and fake information to secure loans and credit.
- Impact: $1.2 million defrauded from banks and lenders.
- Why it matters: Highlighted the growing threat of synthetic identity theft, which is harder to detect than traditional methods.
10. Operation Double Trouble (2021)
- Details: A coordinated effort between international agencies uncovered a ring of individuals using fake identities to commit welfare and tax fraud in the UK and U.S.
- Losses: Tens of millions in public funds.
- Why it matters: Proved that identity theft is often part of broader organized crime networks.
Summary Table: Biggest Identity Theft Cases
| Case Name | Year | Records Exposed / Money Stolen | Sentence / Fine | Notable Impact |
| Equifax Breach | 2017 | 147 million people | $700 million settlement | Overhaul of data protection policies |
| Facebook Data Scraping | 2021 | 533 million profiles | No fine | Rise in phishing & scam attacks |
| Angellica Roberts Fraud Ring | 2014 | Thousands of stolen IDs | 126 months (10.5 years) | Longest U.S. sentence for ID theft |
| TJX & Gonzalez | 2005โ07 | 170 million card numbers | 20 years in prison | First mega retail breach |
| Wilkerson Medicare Fraud | 2012 | $100+ million | 17 years | Major Medicare fraud case |
| Lori Drew / MySpace Hoax | 2006 | 1 victim | Conviction overturned | Cyberbullying legal debate |
| Cameron Harrison | 2018 | Dark web sales | 108 months | Highlighted digital black markets |
| TJ Maxx Breach | 2007 | 45.6 million cards | $256 million cost | Improved retail data security |
| Sasha Hodges | 2016 | $1.2 million via loans | 96 months | Exposed synthetic ID fraud |
| Operation Double Trouble | 2021 | Millions in benefits fraud | Ongoing cases | International crackdown on ID rings |
Legal Framework and Prosecution
U.S. Identity Theft Law Highlights:
- Identity Theft and Assumption Deterrence Act (1998): Makes it a federal crime to knowingly transfer or use anotherโs identity.
- Identity Theft Penalty Enhancement Act (2004): Adds two extra years for aggravated identity theft.
- Computer Fraud and Abuse Act (CFAA): Targets hacking and digital intrusion.
- Health Care Fraud Statute (18 U.S. Code ยงโฏ1347): Used in cases like Wilkersonโs.
FAQs
What was the worst identity theft case?
The Equifax breach (2017) exposed 147 million peopleโs private data and cost $700 million in penalties.
Who received the longest sentence for identity theft?
Angellica Roberts was sentenced to 126 months for orchestrating an IRS tax refund fraud scheme.
Can someone go to jail for stealing an identity?
Yes. Federal sentences can reach 20+ years, especially when fraud involves government programs or multiple victims.
What is synthetic identity theft?
This occurs when a criminal combines real and fake information (e.g., SSNs with fake names) to create new, fraudulent identities.
How to Protect Yourself from Identity Theft
- Freeze your credit reports with Equifax, Experian, and TransUnion.
- Use strong, unique passwords and enable multi-factor authentication.
- Monitor bank and credit card statements regularly.
- Get an IRS IP PIN to prevent false tax filings.
- Avoid sharing personal info on unsecured websites or public Wi-Fi.
Conclusion
These identity theft cases aren’t just criminal statistics โ theyโve left millions of victims dealing with credit damage, lost savings, emotional trauma, and years of recovery. As identity theft evolves, so must our efforts to protect ourselves โ and pressure institutions to do the same.
Whether itโs a mega-corporation like Equifax or an individual scammer like Angellica Roberts, these cases serve as grim reminders: your identity is valuable, and criminals will go to great lengths to steal it.