SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Shadowy hacker laptop recycled stolen identities uk bank cards
#
Physical Security
#
Breach Prevention
#
Risk & Compliance

Two-thirds of stolen identities reused in repeat fraud

Wed, 18th Mar 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Up to 66% of stolen identities are reused in further fraud attempts, often across multiple organisations and sectors, according to analysis of UK fraud intelligence data from the National SIRA shared risk intelligence consortium.

Research by Synectics Solutions found that compromised identities can remain in circulation for extended periods. Most victim IDs stayed active for more than 90 days, suggesting repeated exposure for individuals and recurring risk for firms.

The study also measured how often the same stolen identity resurfaces. On average, 21% of compromised identities were linked to multiple fraud attempts. In some fraud typologies, reuse rose to 66%.

Synectics described the persistent circulation of compromised credentials as an "ID Afterlife", arguing that identity theft is an ongoing problem that extends beyond a single transaction or provider.

Synthetics rise

Among reused stolen identities, 19% appeared as part of "Frankenstein synthetics", the analysis found. These engineered personas combine legitimate credentials with fabricated or AI-generated information. Because parts of the identity match real personal data, they can be harder to detect.

Synthetic identity fraud has risen by as much as 152% in some financial products, with credit lines singled out as a category where the trend is particularly pronounced. Synectics did not disclose the period covered by the increase in material published alongside the findings.

The data suggests fraud techniques move quickly across product types. A set of stolen details can be presented in different ways-sometimes with minor changes-and tested across providers over weeks or months.

Victim recognition

The findings add emphasis to how institutions treat people whose personal details are compromised. Fraud controls often focus on stopping attacks, but the report argued that firms also need consistent methods for recognising when a customer is a victim of identity compromise.

The distinction matters when stolen details reappear in later applications or transactions. The same personal information may be linked to suspicious behaviour in multiple places, even though the individual has no involvement in the subsequent activity.

The report linked this challenge to expectations on customer outcomes in UK financial services regulation. FCA Consumer Duty has increased attention on foreseeable harm and how firms identify and respond to vulnerability across the customer lifecycle.

Synectics positioned victim identification as a control point to reduce repeat activity and limit downstream harm, and framed it as a coordination challenge across the financial system.

Shared intelligence

National SIRA is a shared risk intelligence consortium that allows participating organisations to contribute and access indicators of fraud and related risks. Synectics used National SIRA data to assess how identity misuse persists and how often it repeats.

The report argued that identity fraud has become an ecosystem risk rather than a threat individual organisations can manage in isolation. Limited visibility across firms can allow the same compromised identity to appear repeatedly without any one organisation seeing the full pattern.

Synectics said broader intelligence sharing and consistent labelling of compromised identities can help interrupt the circulation of stolen details. The goal is earlier recognition that an identity has been compromised and faster signalling to other organisations that may encounter the same data.

Richard Wood, CEO of Synectics Solutions, said: "Our new findings make clear that identity theft can no longer be treated as a single event to resolve. Our collective mindset must now shift from finding a fraud incident, to interrupting the harm that builds for victims throughout the identity misuse lifecycle."

He added: "By acknowledging and labelling a compromised identity early - and sharing that insight with others - we can help break the cycle of harm. This is one of the most effective ways to prevent an identity from being reused by fraudsters, and to ensure a victim is recognised by the financial ecosystem as someone to protect."

The Signals report also includes analysis on mule identification, organised crime indicators and document fraud, as institutions increase spending on controls while balancing access, customer experience and compliance expectations.

Related stories
Vodafone & Google Cloud launch AI & security tools
BlackBox Hosting partners Everpure for sovereign cloud
Locai Labs deploys AI coding assistant at First Light Fusion
Infosecurity Europe adds AI summit amid cyber defence shift
ISACA launches AI risk certification amid governance gap

Top stories

AI tools widen cyber attack threat, Flashpoint warns
AI flaws & supply-chain risks top new pentesting report
Exclusive: Google Cloud on the road to autonomous SecOps
Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack