The university of tulsa Online Blog

The FBI’s 2024 Internet Crime Report reported losses exceeding $16 billion, a 33% rise in losses from the previous year.

What’s interesting about the FBI’s data is that the vast majority of victims were older, with the 60+ demographic leading in the number of complaints filed and financial losses incurred. Whereas the oldest demographic reported losses exceeding $4.8 billion, no other demographic exceeded losses of $2.5 billion.

Whether they’re younger people who are more active online or older adults perceived to be less tech-savvy, anyone who uses the internet can become the target of cybercriminals who want to steal their personal data. With the Pew Research Center reporting in 2025 that 96% of American adults use the internet, everyone needs to learn how to protect personal information online.

What Personal Information Should Be Protected Online?

Personal information encompasses all the details that others can use to identify someone. Certain individuals who gain access to this data, often referred to as personally identifiable information (PII), may do so for beneficial purposes. It can be helpful, for example, when companies use information such as gender or location to tailor products or services to a person’s needs. However, others use the information to commit crimes.

Individuals may voluntarily share their personal information — when they complete online forms, for example — or they may unknowingly provide the information, such as when they take an action that allows someone to break into their computer system.

With private information such as passwords and credit card numbers, others can identify a person or access their networks or accounts. For more general information, such as a person’s city or gender, a cybercriminal can use the information to piece together or sell data that can be used to steal their identity or gain access to their accounts.

Examples of PII include:

• Name

• Age

• Birthplace

• Address

• Telephone number

• Birth date

• Work history

• Income

• Race or ethnicity

• Gender

• DNA data

• Health history

• Social security number

• Credit and debit card numbers

• Passwords

• Photos

• Personal identification numbers (PINs)

Why Should People Protect Personal Information Online?

With the various devices and products that now use the internet, from smartphones and laptops to medical monitoring devices and security cameras, people share volumes of personal information online — knowingly or unknowingly. This means that there’s a significant risk that sensitive data will fall into the hands of cybercriminals. The consequences of these breaches can be catastrophic for those whose personal information is stolen.

10 Uses of Stolen Personal Information

While finances are a significant concern when protecting personal information online, people’s personal information can also be used for other fraudulent actions, including stealing their identity. The following are 10 ways that stolen personal information can be used:

1. Assuming the victim’s identity to apply for a credit card

2. Posing as the victim to apply for loans

3. Gaining access to the victim’s bank and retirement accounts

4. Requesting money from the victim’s online contacts

5. Applying for a job or renting an apartment in the victim’s name

6. Locking the victim out of their own accounts

7. Seeking tax returns by filing tax forms in the victim’s name

8. Applying for identification, such as a driver’s license or passport, as the victim

9. Sharing the victim’s information as their own when arrested

10. Selling information such as credit card numbers and health care data on the dark web, a part of the internet commonly used for illegal activity such as blackmail and extortion

How Criminals Steal Personal Information Online

Whether by tricking people into providing data or by finding ways to access the information without the user’s knowledge, criminals use various methods to collect individuals’ personal details online. Below are some common tools and techniques for gaining unauthorized access to personal information on the internet.

Phishing

In a practice called phishing, scammers steal people’s personal information through emails or other online messages that appear to be legitimate requests for personal account information. The messages might contain links that resemble those to reputable sites. When users click on the links, however, malicious software, known as malware, is installed on their computers that can provide access to the victim’s personal data, such as their credit card numbers or bank account login credentials.

Social Media

Social media profiles often provide a host of personal information, including name, location, job, and work schedule. Social media photos can also contain clues about this type of data. Cybercriminals can collect this information to decipher passwords to online accounts or sell it to others.

Public Wi-Fi

Wi-Fi at public locations such as coffee shops, libraries, and airports often lacks robust security. Using these networks can leave people vulnerable to attackers who exploit weak protections to gain access to others’ networks and their personal information.

Online Shopping

When people provide personal information, including credit or debit card details, during online purchases, they risk the data falling into the wrong hands. Cybercriminals may steal an individual’s information using phishing or malware, or they may gain access through unsecured public Wi-Fi networks.

Cybercriminals may also steal the personal information of hundreds or thousands of people through data breaches at banks or retailers.

How to Protect Personal Information Online

According to The State of Human Risk 2026 report from Mimecast, 95% of cybersecurity issues are the result of human error. What precautions can people take to safeguard themselves against the mistakes that can lead to the theft of their personal information — and the harm that unauthorized access can cause?

Below are some internet safety tips that can help those learning how to protect personal information online.

1. Use Security Controls

The first step in protecting personal information online focuses on what is often the last line of defense: security controls. For everything from work-from-home safety to online shopping protection, the following are among the security measures that individuals can employ to fend off would-be cybercriminals:

• Antivirus software: Helps protect against malware that could allow unauthorized users to access personal information

• Encryption: Scrambles data transmissions for any user who doesn’t have a designated code to access the information

• Virtual private network (VPN): Safeguards data privacy by creating an encrypted link between a device and a server

2. Create Strong Passwords

Passwords for devices and accounts should be hard to guess and avoid characters related to personal information, such as birth dates and addresses. These passwords should contain a mix of lowercase and uppercase letters, numbers, and symbols.

3. Recognize Signs of Phishing

People can protect themselves from data theft by being cautious with emails, texts, and other digital messages that could be phishing scams. Any of the following characteristics may indicate a phishing message:

• Requests sensitive information: Asks for personal data, including information someone could use to access networks or accounts

• Contains inconsistent addresses or links: Provides hyperlinks or email addresses that differ slightly from those of legitimate organizations

• Includes attachments: Encourages the user to download unrequested attachments, which could contain malware

• Uses poor grammar: Includes obvious writing mistakes that professional organizations would edit before sending

• Conveys a sense of urgency: Features messages that indicate immediate action must be taken to avoid some type of threat or to take advantage of a reward

4. Perform Regular Updates

Internet users should keep their operating systems and software up to date, as updates often include security patches and enhancements that protect against the latest threats to data safety.

5. Keep Social Media Private

Those who share information and photos on social media should activate the privacy settings that restrict who can view their posts. This action blocks those who are searching for personal information posted on social media accounts.

6. Remove Old Accounts

Corporate data breaches can compromise personal information, even if the accounts are no longer in use. Anyone with unused accounts at retailers, financial institutions, or other organizations that may hold personal information should delete them.

7. Protect Internet Browsing

Many internet search engines offer options that allow users to browse privately, without others tracking which sites they visit. In some cases, users can erase their browsing history and search activity while they’re online.

8. Explore Data Broker Sites

Data broker sites, such as Intelius and Whitepages, are repositories of personal information. They present data culled from online sources such as:

• Public records

• Website and app use

• Social media accounts

To request that these sites remove their information, individuals can opt out via an online form on the sites. They may also use paid services to request data removal.

9. Protect Other Internet-Connected Devices

Because the devices that connect people to the internet go beyond computers and smartphones, people need to be mindful of the broad range of devices that must be protected against information theft. Routers allow access to data on a host of other devices and tools, so establishing a unique password and keeping security up to date for those devices should be a priority.

10. Enable Multi‑Factor Authentication

Add an extra layer of verification using an authentication app or hardware token. Multi-factor authentication (MFA) significantly reduces the likelihood of unauthorized access, even if a password is exposed.

11. Turn On Login and Activity Alerts

Enable notifications for new sign‑ins, password changes, or unusual behavior. Early detection helps you respond quickly if something looks suspicious.

12. Update Recovery Information

Make sure your backup email, phone number, and security questions are current. Accurate recovery details help you regain access quickly if your account is compromised.

How to Reduce Exposure Risks

The Cybersecurity & Infrastructure Security Agency (CISA) recommends taking the steps below to reduce exposure risks.

1. Identify What’s Publicly Accessible

Start by mapping which systems, services, or devices can be reached from the internet. Use trusted scanning tools to understand your external footprint and identify anything unintentionally exposed.

2. Decide What Truly Needs to Be Online

Review each internet‑facing asset (servers and other devices) and determine whether it must remain accessible. Remove, restrict, or relocate anything that doesn’t require external access, and ensure that the changes won’t disrupt essential operations.

3. Strengthen the Assets That Must Stay Exposed

Apply core hardening practices, such as updating software, replacing unsupported tools, changing default credentials, enabling MFA, monitoring traffic for unusual behavior, and using a secure jump host for administrative access.

4. Regularly Reassess Exposure

As systems evolve, new services may become visible without you realizing it. Routine reviews help you detect new exposures early and maintain a strong security posture over time.

What Should a Person Do If Their Personal Information Is Stolen?

What if, despite an individual’s best efforts to protect personal information online, they suspect someone has accessed their data to steal their identity or money?

Individuals who believe their personal information has been stolen have several options regarding next steps and where to report the suspected crime. The following are some resources that describe where to turn and what to do:

• Motley Fool: This guide gives step-by-step instructions for what people should do if they believe someone has stolen their identity.

• Consumer Financial Protection Bureau: This federal bureau provides answers to questions about online scams, including what people should do if they believe their personal information has been compromised.

• FBI: People who believe they’re victims of online fraud can report the issue to the FBI’s Internet Crime Complaint Center (IC3).

• Federal Trade Commission: This resource lists the signs that indicate online messages are scams, and it links to a site to report fraud. It also provides a site to report fraud involving identity theft.

Take Precautions to Protect Personal Information Online

With the proliferation of internet-connected devices and their widespread use, everyone needs to learn how to protect personal information online. By keeping in mind what information to safeguard and how to ensure its protection, people can be confident about their privacy as they take advantage of the many services and conveniences available online.