Safe Browsing Check.
SAFE BROWSING CHECK · IDENTITY You guard one half. Identity theft works the other. Password, scan, locked phone: that's the half you hold. The file, the leaked copies, the trail: no chore reaches them.

Identity Theft Starts in the Half You Can’t See

By Marta Lane · Updated February 17, 2026 · 4 min read

Sunday evening. You change the email password, the way the bank keeps suggesting: longer this time, a number and a star in it. You copy it into the notebook by the keyboard. While the kettle heats, you run the virus scan, and it comes back clean, and something in your shoulders lets go. Done for the week. Covered.

And if a letter still arrives next month about a credit card you never applied for, nothing in that kitchen failed. The password was strong. The scan told the truth. The theft simply happened somewhere else.

Your identity has two halves. The half in your house (the phone, the passwords, the mail) you can feel yourself guarding. The other half lives in other people’s computers: a file a company keeps about you, copies already leaked from someone else’s server, the trail your connection leaves behind. No one has ever felt themselves guarding that half. There is no chore for it.

The chores measure your effort. Your exposure is a different number.

The file you never wrote

Somewhere on a server you will never see, there is a file about you. The Federal Trade Commission went and looked at nine of the companies that keep such files, the data brokers, whose business is collecting personal information and selling it. One of the nine held about 3,000 separate facts (“data segments,” in the trade) for nearly every U.S. consumer. Your age. Your estimated income. The value of your home. The health topics you’ve been reading about. What you buy. Another broker’s files covered 700 million people worldwide.

Try to remember filling out the form that agreed to all this. There wasn’t one. The file was stitched together from public records, store loyalty cards, and the websites you’ve visited, and it grows a little every week, in perfect silence. We’ve written about the file strangers keep on you in detail.

Already leaked, still circulating

The Identity Theft Resource Center counted 3,322 data breaches last year, the most in its twenty years of counting. Those breaches sent out 278,827,933 victim notices — the letters that open by telling you how seriously the company takes your security. When the Center asked 1,040 consumers, 80 percent had received at least one within the past twelve months. Nearly 40 percent had received three to five.

You probably have one in a drawer right now. It is the only mail the invisible half of your identity ever sends you.

Anatomy of a breach notice The only mail the invisible half of your identity sends. NOTICE OF DATA BREACH Dear Customer, We take the security of your data seriously. What happened: … What information was involved: … Illustration — not a real notice. 1 · Not junk mail It opens with how seriously they take your security. Then it hits the drawer. 4 · There will be more 8 in 10 surveyed got one inside a year; nearly 4 in 10 got 3–5. (ITRC) 2 · It names what leaked Inside, it lists exactly what got out. In writing. Free. 3 · Not your building The leak was on their servers. Your new password can't reach it. THE MOVE — open it. Ten minutes. Pull the notices out of the drawer. Each one names what leaked; together they are your real exposure, in writing. Then give the silent half ten minutes each season.
Notice counts and survey figures: ITRC 2025 Annual Data Breach Report.

Because the careful new password in your notebook protects the copy of your accounts that lives in your house. A copy that leaked from some company’s server years ago is still out there, old password attached, sometimes an account number, sometimes a Social Security number. No amount of care at your kitchen table reaches a building you’ve never entered.

The trail behind you

There is a third surface, quieter still. Your home connection works all day — the news over coffee, the recipe at noon, the grandkids’ photos at nine — and the company selling you that connection sees far more of it than most customers expect. The FTC looked at six major providers and said exactly that. Every site you visit can read your rough location off your network address. You did nothing. The trail wrote itself anyway.

Nobody watches it happen

In the government’s most recent national survey of identity theft, covering 2021, about 23.9 million Americans age 16 or older had been through it within a single year. That is 9 percent of everyone that age. Their losses came to $16.4 billion. Only 7 percent ever told the police.

Each of those 23.9 million found out the same way: afterward. There was nothing to watch. Identity theft is discovered, not witnessed. It announces itself later, from the outside, as a charge you don’t recognize, a letter about an unfamiliar account, a collector asking for someone who happens to have your name.

Why careful people still get hit

Attention follows the feeling of progress. A password change takes a minute and pays you right away, in relief. A breach notice pays nothing you can feel; it goes in the drawer. I think most security advice leans on that same comfort: it assigns the chores you can feel finishing, because those are the ones that get done. The effort is real. The map is missing half the territory.

How to see your other half

Guarding the silent half will never feel like anything. Seeing it takes about ten minutes:

Keep the Sunday routine. It’s real, and it’s yours. But once a season, give ten minutes to the half that never shows you anything. That is where a thief does his quiet work — and the quiet is exactly what he’s counting on.

Go deeper, one surface at a time: what data leak protection really is · what your IP gives away · and if you already spot scams well, awareness isn’t protection.

If someone you love runs the Sunday scan and calls it covered, forward them this.

You might also like