Identity Theft vs Identity Fraud
Identity theft is the unauthorised acquisition of someone's personal data; identity fraud is the criminal use of that stolen data. The two often occur together but are legally distinct.
Also known as: ID theft, identity crime
Last reviewed: 10 June 2026
Identity theft refers to the act of taking another person's personal information without consent — for example, by stealing their wallet, hacking a database, or buying a data dump on the dark web. Identity fraud is what happens next: using that stolen data to impersonate the victim for financial gain, such as opening fraudulent accounts, filing false tax returns, or obtaining medical care.
The distinction matters for victims because reporting requirements, legal remedies, and credit-bureau processes differ between the two. A victim of identity theft who has not yet experienced fraud should still act immediately — freezing credit and placing fraud alerts — because the stolen data may be held for later use or sold on.
Identity fraud can take years to fully resolve. Victims may face debt-collection calls, damaged credit scores, wrongful criminal records (when a fraudster uses their identity during arrest), and difficulty obtaining loans or employment. Early detection through credit monitoring dramatically reduces the total harm.