Personally Identifiable Information (PII)
Any data that can identify a specific individual — such as name, address, Social Security number, or biometrics — whose exposure enables identity theft and targeted scams.
Also known as: PII, personal data, personal information
Last reviewed: 10 June 2026
Personally identifiable information encompasses any single piece of data or combination of data points that can identify or locate a specific person. Direct identifiers include full name, Social Security number, passport number, and biometric records. Indirect identifiers include date of birth, postcode, employer, and IP address — individually innocuous but potentially identifying when combined.
PII is the primary target of data breaches, phishing campaigns, and data-broker harvesting because it provides the raw material for identity fraud, social engineering, and account takeover. Criminals who assemble a comprehensive PII profile on a target can impersonate them to financial institutions, take over accounts, or craft highly convincing spear-phishing messages.
Consumers have limited ability to prevent their PII from circulating once it has been exposed in a breach, but they can reduce harm by monitoring their credit, freezing it proactively, and using services that alert them when their information appears in new data sets or on dark-web markets.