A full identity profile contains far more than most people realize””it encompasses your personal identifiers (name, date of birth, Social Security number), contact information, financial accounts, employment history, medical records, biometric data, online credentials, and behavioral patterns that together create a comprehensive digital representation of who you are. When threat actors compile these profiles, they aggregate data from dozens of sources including data breaches, public records, social media, and dark web marketplaces to build dossiers that can contain hundreds of individual data points about a single person.
Consider the 2017 Equifax breach, which exposed 147 million Americans’ records containing names, Social Security numbers, birth dates, addresses, and in some cases driver’s license numbers and credit card information. That single breach provided enough information for criminals to create foundational identity profiles, but modern fullz packages””the criminal term for complete identity profiles””now routinely include far more: bank account details, medical insurance IDs, email credentials, security question answers, and even family member information. This article examines each category of data typically found in these profiles, how criminals compile and use them, and what this means for individuals concerned about their privacy and security.
Table of Contents
- What Core Personal Identifiers Make Up an Identity Profile?
- How Financial Information Expands Identity Profiles
- Medical and Insurance Records in Identity Profiles
- How Digital Credentials and Online Presence Factor In
- Comparing Partial Data Leaks to Complete Identity Profiles
- The Role of Biometric and Behavioral Data
- Dark Web Markets and Identity Profile Trading
- How Identity Profile Completeness Affects Fraud Sophistication
- Conclusion
What Core Personal Identifiers Make Up an Identity Profile?
The foundation of any full identity profile consists of what security professionals call personally identifiable information, or PII. This starts with the obvious: full legal name, date of birth, and social Security number””the trinity of identity verification used by most American institutions. Beyond these basics, a comprehensive profile includes all name variations you’ve used, including maiden names, nicknames, and any legal name changes, which explains why identity thieves can sometimes bypass security questions about “what name you went by in high school.” Physical identifiers form another critical layer. This includes your current and previous addresses (often going back decades), phone numbers both current and historical, driver’s license numbers with issuing state and expiration dates, and passport information if available.
The depth of address history matters because many verification systems ask about previous residences, and a complete profile enables criminals to answer these questions accurately. For example, when opening a new credit card, you might be asked “which of these addresses have you lived at” as a verification step””a fullz package with your complete address history defeats this protection entirely. Government-issued identifiers round out the core profile. Beyond Social Security numbers, this includes state ID numbers, military service numbers if applicable, voter registration information, and professional license numbers. The 2015 Office of Personnel Management breach demonstrated how devastating the exposure of government identifiers can be””it compromised security clearance background investigation files containing not just identifiers but detailed personal histories of 21.5 million people.
How Financial Information Expands Identity Profiles
Financial data represents some of the most valuable components of a full identity profile because it enables direct monetary theft. Bank account numbers, including routing numbers and account types, allow criminals to initiate fraudulent transfers or set up unauthorized direct debits. Credit card numbers with expiration dates and CVV codes enable immediate fraudulent purchases, though this data has a shorter shelf life since cards get replaced. The financial profile extends well beyond account numbers. It includes your credit history and score ranges, existing loan accounts and their balances, mortgage information including lender and approximate balance, investment account details, and patterns of financial behavior.
A complete financial profile might reveal that you have a home equity line of credit with available balance, making you a target for specific fraud schemes. Credit report data is particularly valuable because it shows all your open accounts in one place, essentially providing criminals a roadmap of your financial relationships. However, financial data alone has limitations without supporting identity documents. Many institutions now require multi-factor verification for high-risk transactions, so criminals need the complete identity profile to successfully exploit financial information. This is why fullz packages command premium prices on dark web markets””the combination of financial data with verified personal information enables fraud that neither dataset could accomplish alone. A 2023 Privacy Affairs study found that fullz packages with credit card details and bank account information sold for $200 to $1,500 depending on the victim’s estimated credit limit and account balances.
Medical and Insurance Records in Identity Profiles
Medical identity profiles have become increasingly valuable, sometimes exceeding the worth of financial data on criminal marketplaces. A medical identity profile includes health insurance policy numbers, Medicare or Medicaid IDs, medical record numbers from various providers, prescription histories, and diagnosed conditions. The 2015 Anthem breach exposed 78.8 million records containing this exact combination of medical and personal identifiers, creating comprehensive medical identity profiles that criminals could exploit for years. The criminal applications of medical identity data differ from financial fraud.
Medical identity theft enables fraudsters to obtain prescription medications, file false insurance claims, or receive medical treatment under your identity””which can result in your medical records being contaminated with someone else’s blood type, allergies, or conditions. Unlike credit card fraud, which you might notice within days, medical identity theft often goes undetected for years until you receive an unexpected bill or discover incorrect information in your records during a medical emergency. Medical profiles also include biometric health data increasingly captured by wearables and health apps: heart rate patterns, sleep data, glucose levels, and activity metrics. While this data might seem innocuous, it can reveal conditions you haven’t disclosed to employers or insurers, and in comprehensive identity profiles, it provides additional verification points and potential vectors for social engineering attacks.
How Digital Credentials and Online Presence Factor In
Modern identity profiles extend far beyond physical-world identifiers to encompass your entire digital existence. This includes email addresses and their associated passwords (often obtained from data breaches), usernames across platforms, and crucially, the answers to common security questions. Since many people reuse security questions across services, knowing your mother’s maiden name, the street you grew up on, or your first pet’s name from one breach often unlocks accounts at completely unrelated services. Your social media footprint forms a significant portion of digital identity profiles.
This means not just your account names but your connections, posting patterns, check-in locations, photos (which can reveal additional personal information), and the metadata embedded in your posts. A complete profile might include your Twitter handle, LinkedIn employment history, Facebook friend list, Instagram posting times, and the geolocation data from your photos””all of which can be used for highly targeted spear phishing attacks. For example, if your identity profile reveals that you recently posted about attending a specific conference, a criminal could craft a phishing email appearing to be conference follow-up communication, dramatically increasing the chance you’ll click a malicious link. This behavioral and contextual data makes modern identity profiles far more dangerous than simple lists of account numbers””they enable personalized social engineering at scale.
Comparing Partial Data Leaks to Complete Identity Profiles
The difference between data exposed in a single breach and a complete identity profile illustrates why data aggregation poses such significant risks. A single breach might expose your email and password, which is concerning but limited in damage potential if you use unique passwords. However, when criminals correlate that breach with others, they build progressively more complete profiles. The 2024 “Mother of All Breaches” compilation contained 26 billion records aggregated from thousands of previous breaches, demonstrating the scale of this correlation effort. Partial data has significantly less value on criminal markets. An email and password combination might sell for under a dollar, while a Social Security number alone fetches perhaps $4.
But a complete fullz package with financial accounts, identity documents, and verification information commands prices from $30 to over $1,000 depending on the victim’s perceived value. The price differential reflects the practical reality: partial data requires additional work and risk to monetize, while complete profiles enable immediate fraud. The tradeoff for criminals involves investment versus return. Compiling complete profiles requires purchasing data from multiple sources, correlating records (which isn’t always accurate), and verifying the information is current. Some criminal operations invest heavily in this compilation process, while others focus on high-volume, low-value exploitation of partial data. Understanding this dynamic helps explain why certain breaches cause more harm than others””breaches that expose unique identifiers like Social Security numbers enable this correlation process, multiplying the damage beyond the immediate data exposed.
The Role of Biometric and Behavioral Data
Biometric data represents an increasingly critical component of full identity profiles, and its compromise poses unique risks because unlike passwords, you cannot change your fingerprints or facial structure. Biometric profiles may include fingerprint templates, facial recognition data, voice prints, iris scans, and even gait analysis patterns. The 2019 Suprema BioStar 2 breach exposed over 27.8 million records including fingerprint data and facial recognition information, demonstrating that biometric databases are not immune to compromise. Behavioral biometrics add another layer to identity profiles: how you type (keystroke dynamics), how you move your mouse, how you hold and interact with your phone, and your patterns of application usage.
These behavioral patterns serve as continuous authentication in some security systems””and their compromise enables criminals to potentially mimic your interaction patterns with devices or at minimum understand what security systems they need to defeat. The permanence of biometric data creates long-term risk. While you can change a compromised password in minutes, biometric data exposed in 2020 remains exploitable in 2030 and beyond. This has led security researchers to advocate for biometric data being stored only locally on devices rather than in centralized databases, though this approach conflicts with many organizations’ operational preferences.
Dark Web Markets and Identity Profile Trading
The ecosystem for trading identity profiles has matured into a sophisticated marketplace with specialization, customer service, and even quality guarantees. Vendors on dark web markets categorize profiles by completeness, freshness, and victim characteristics. Profiles of individuals with high credit scores, professional licenses, or access to corporate systems command premiums. Some vendors offer targeted acquisition””if a buyer needs an identity profile matching specific criteria (age range, geographic location, profession), specialists will compile one to order.
These markets also demonstrate the lifecycle of compromised data. Freshly breached data commands the highest prices, with value declining as victims become aware and take protective measures. A complete identity profile from a breach announced yesterday might sell for ten times what the same data commands six months later. This timing pressure drives the rapid exploitation seen after major breaches and explains why immediate response matters.
How Identity Profile Completeness Affects Fraud Sophistication
The comprehensiveness of an identity profile directly determines what types of fraud it enables. A basic profile with name, address, and Social Security number might enable new account fraud””opening credit cards or loans. A profile that adds existing financial account details enables account takeover fraud. One that includes employer information enables W-2 fraud and tax refund theft.
And a complete profile with security questions, behavioral patterns, and document images enables the most sophisticated fraud: complete synthetic identity creation or total identity takeover where criminals essentially become you for all institutional purposes. Looking forward, the expansion of digital identity systems and the proliferation of data collection will only increase the breadth of information included in identity profiles. The rise of decentralized identity solutions and zero-knowledge proofs offers potential countermeasures””enabling identity verification without exposing the underlying data””but adoption remains limited. Meanwhile, artificial intelligence tools are making it easier for criminals to correlate data across breaches and generate convincing synthetic documents from partial profiles. The arms race between identity protection and identity theft continues, with comprehensive awareness of what constitutes a full identity profile being the first step in mounting an effective defense.
Conclusion
A full identity profile is a comprehensive dossier that goes far beyond basic personal information to include financial accounts, medical records, digital credentials, biometric data, and behavioral patterns. These profiles are assembled from data breaches, public records, social engineering, and dark web purchases, with their completeness directly determining their value to criminals and the sophistication of fraud they enable.
Protecting yourself requires understanding what data exists about you and minimizing unnecessary exposure. Regularly monitoring your credit reports and financial accounts helps detect misuse early, while using unique passwords and enabling multi-factor authentication limits the damage from individual breaches. Perhaps most importantly, recognizing that your identity profile likely already exists in some form on criminal markets should inform how you respond to suspicious communications and verify requests for sensitive information.