There has been a notable surge in dark web activity involving stolen identity data from Singapore citizens and residents [2], with a 230% increase in underground vendors offering this information for sale [2].


Prices for this stolen data start at $8, and biometric information [1] [2], such as fingerprints and facial data [1], is also being illegally reused for fraudulent purposes [1]. Cybercriminals [1], nation-state actors [1], and foreign entities are all interested in this data for various malicious activities [1]. Singpass accounts [1] [2], used for government and private sector services [2], have been compromised [1] [2], with vulnerabilities in 2FA processes being exploited [2]. Additionally, KYC processes are being manipulated [1], with cybercriminals offering services to create forged documents using stolen identities [1]. To mitigate these risks [2], individuals are advised to report stolen accounts [2], enable 2FA [2], change passwords [2], and monitor account activities closely [2]. Businesses should implement robust digital identity protection programs to prevent account takeovers and identity theft [2]. Data anonymization and minimization are also recommended to reduce the risk of identity theft.


The illicit trade of stolen identity data poses significant risks to individuals and businesses alike. It is crucial for both parties to take proactive measures to safeguard their digital identities and prevent unauthorized access. By reporting stolen accounts [2], enabling 2FA [2], changing passwords [2], and closely monitoring account activities, individuals can reduce their vulnerability to identity theft. Similarly, businesses should prioritize the implementation of robust digital identity protection programs to prevent account takeovers and safeguard sensitive information. Moving forward, data anonymization and minimization will play a key role in reducing the risk of identity theft and ensuring the security of personal and corporate data.