Close Menu
National Security News
  • Ukraine War
  • Russia
  • Terrorism
  • China
  • Iran
  • Africa
  • Tech
    • Space
    • Nuclear
    • Cyber
  • Investigations

Trending

Funding British defence transformation

July 14, 2026

War returns to the Gulf after the US launches strikes against Iranian military targets

July 13, 2026

Britain bans support for Iran’s Islamic Revolutionary Guard Corps

July 13, 2026

The Grand Duchy decorates a banker: why Luxembourg’s honour for Jamie Dimon is a statement about Western security

July 8, 2026
Facebook X (Twitter) Instagram
National Security News
Subscribe
X (Twitter)
Login
IPSO Trusted Journalism in National Security
  • Ukraine War
  • Russia
  • Terrorism
  • China
  • Iran
  • Africa
  • Tech
    • Space
    • Nuclear
    • Cyber
  • Investigations
National Security News
  • Ukraine War
  • Russia
  • Terrorism
  • China
  • Iran
  • Africa
  • Tech
Home»Cyber
Cyber

Synthetic identities and stolen credentials: Constella Intelligence’s report warns of national security risks

Staff WriterBy Staff WriterJuly 8, 20254 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Share
Facebook Twitter LinkedIn Pinterest Email

Listen to the article

0:00
0:00

Key Takeaways

🌐 Translate Article

Translating...

📖 Read Along

💬 AI Assistant

🤖
Hi! I'm here to help you understand this article. Ask me anything about the content!
(Source – Constella Intelligence)

By Isabella Egerton

Cyberattacks using stolen and fake identities have become one of the biggest threats facing national security, according to Constella Intelligence’s 2025 Identity Breach Report.

Instead of “hacking into” systems, attackers are increasingly just “logging in” using real or fake credentials. In 2024 alone, more than 219,000 breaches exposed over 107 billion records worldwide — double the level of previous years. IBM’s X-Force team noted that stolen logins and exploiting public websites each accounted for about 30 per cent of how hackers first gained access last year.

Constella Intelligence, a leading global digital risk protection company that helps organisations safeguard people and their data from cyberattacks, has observed a wave of attacks playing out visibly in the UK and US. In recent weeks, several high-street retailers, including luxury brands Cartier and Watches of Switzerland, reported being hit. Cartier confirmed that “an unauthorised party gained temporary access to our system,” and both brands said customer names and email addresses were stolen — though no payment card data was taken.

Similar attacks have struck other British retailers in a wave that experts say is fuelled by stolen credentials and automated “credential stuffing,” where hackers use stolen passwords to try logging in across many sites.

In the United States, the healthcare sector has been hit particularly hard, with several massive breaches this year exposing sensitive patient data and crippling hospital systems.

Constella’s report highlights some of the biggest breaches of the past two years. The largest ever was the 2023 breach of REWN — a Russian email and online service — which exposed 1.5 billion records. In 2024, two of the largest breaches involved Tencent.com (668 million records) — the Chinese tech giant that owns apps like WeChat — and National Public Data (647 million records), a major US-based public records service.

How attackers are succeeding
Breaches are no longer just about breaking in through firewalls. Many succeed because of malware infections — malicious software that secretly collects and “harvests” (steals) saved passwords, tokens, and files from infected computers. This stolen information is then sold on underground markets in bulk.

The report also warns about the rise of synthetic identities — fake but convincing identities created by mixing real and fake information. For example, a hacker might take a real Social Security number (often from a child or deceased person), combine it with a fake name and real address, and create a completely new, fraudulent person.

These synthetic identities are dangerous because they can:
• Open bank accounts, pass background checks, and even get security clearances — operating undetected for years.
• Funnel money to terrorism or hostile states.
• Obscure spies or saboteurs posing as insiders.
• Infiltrate supply chains for defence and critical infrastructure.

Constella analysts have seen thriving underground marketplaces selling “fullz” — complete identity kits (name, SSN, date of birth, address, email) — which fuel these schemes.

National security at a tipping point
Andres Andreu, Chief Operating Officer and Chief Information Security Officer at Constella, warns: “Constella’s Identity Breach Report underscores a critical inflection point for national security. The rise of AI-powered, identity-driven attacks, fuelled by tools like WormGPT and vast breaches of personal data, demands immediate action from governments and critical infrastructure operators.

Synthetic identities and credential reuse are eroding traditional perimeter defences and legacy investments. To counter this, nations must shift from the old models and invest in identity threat intelligence, mandate zero-trust architectures, use decentralised agent-based AI strategically, and establish rapid attribution and response capabilities to pre-empt AI-driven cyber campaigns.”

What can organisations do?
Constella and other experts recommend several steps to respond to these risks:
• Monitor for unusual login patterns and block suspicious activity.
• Use anomaly detection to spot logins from strange locations, devices, or times.
• Strengthen onboarding and vetting processes with document checks, biometrics, and device intelligence.
• Detect and block synthetic identities by using shared databases and real-time fraud detection.
• Enforce multi-factor authentication (MFA) and behavioural analytics.
• Join collective defence initiatives to share intelligence and stay ahead of threats.

The findings paint a stark picture: identity has become the weak link in cybersecurity. Stolen logins and synthetic identities let attackers pose as insiders, infiltrate organisations, and persist unnoticed — sometimes for years.

Governments, contractors, and critical sectors need to adapt quickly by strengthening identity controls, sharing intelligence, and investing in smarter technologies to protect against these growing threats.

For the full Constella 2025 Identity Breach Report, visit: https://constella.ai/2025-identity-breach-report/

Follow on Google News Follow on X (Twitter)
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Staff Writer

Keep Reading

The Grand Duchy decorates a banker: why Luxembourg’s honour for Jamie Dimon is a statement about Western security

Anthropic appoints Teresa Carlson to lead global public sector push: a defining moment for AI and national security

Iran rules out direct talks with US as Doha negotiations focus on Hormuz

IronNet rises like a phoenix from the ashes

The Drone targeting the apartment block

Britain must cut welfare to fund defence, says General Sir Richard Barrons

Editor's Picks

War returns to the Gulf after the US launches strikes against Iranian military targets

July 13, 2026

Britain bans support for Iran’s Islamic Revolutionary Guard Corps

July 13, 2026

The Grand Duchy decorates a banker: why Luxembourg’s honour for Jamie Dimon is a statement about Western security

July 8, 2026

Anthropic appoints Teresa Carlson to lead global public sector push: a defining moment for AI and national security

July 8, 2026

Trending

The Grand Duchy decorates a banker: why Luxembourg’s honour for Jamie Dimon is a statement about Western security

National Security July 8, 2026

Anthropic appoints Teresa Carlson to lead global public sector push: a defining moment for AI and national security

AI July 8, 2026

Iran rules out direct talks with US as Doha negotiations focus on Hormuz

Diplomacy July 1, 2026
Facebook X (Twitter) TikTok Instagram LinkedIn
© 2026 National Security News. All Rights Reserved.
  • About us
  • Privacy Policy
  • Terms
  • Contact
Home Topics Podcast NSN Lists

Type above and press Enter to search. Press Esc to cancel.

Sign In or Register

Welcome Back!

Login to your account below.

Lost password?