As COVID-19 vaccines became available across the world for a lot of countries this year, there were a large number of would-be influencers posting their proof of vaccination cards on social media. While this has been a great way to encourage take-up amongst close friends and family, there are some significant privacy risks to consider.


Your vaccine card has sensitive personal information on it, including your full name, birthdate and often the location and date of your vaccination. In some countries, it may also include medical information, such as healthcare numbers. Pictures of this card shared publicly online can very easily put you at risk of identity theft.


As the Federal Trade Commission (FTC) points out, “Identity theft works like a puzzle, made up of pieces of personal information. You don’t want to give cybercriminals the pieces they need to finish the picture.”


With the UK, US and Australia and some countries in Europe and the Middle East already having such high vaccination rates, it seems likely the damage has already been done. However, it’s important to consider boosters are now being promoted in a lot of countries, so the risk hasn’t entirely gone away.


What is identity theft?

Identity theft occurs when an individual obtains personal information belonging to someone else in order to assume that individual’s identity. There are a number of ways to capture this information, with the rise of social media only making it easier for criminals to carry out.


The three most common types of identity theft are:

  • Criminal identity theft: To avoid a summons, detection of a warrant in their real name, or to evade an actual arrest or conviction
  • Medical identity theft: To procure free medical care, or in the case of COVID-19 vaccinations, to avoid mandates and/or passports.
  • Financial identity theft: To attain goods, services or information. This is the most common form, and can occur simply by knowing your full name and date of birth and signing up for goods and services contracts over the phone.


It’s not just COVID-19 vaccination cards

Social media is a smorgasbord for identity theft. Day-to-day users and influencers alike often publicly share personal information, sometimes unintentionally, sometimes as a result of not understanding the platform’s privacy settings. It’s not just pictures of COVID-19 vaccination cards, but also the profile information many people fill out, such as hometown, current location, date of birth, school, workplace and more.


That’s why it’s strongly advised that you keep your social media profiles locked down. There’s different ways to do this depending on the platform you use. For example, Facebook allows you to set various levels of privacy for each individual piece of profile information or post. You can even set the month and day of your birth as public, but the year as private – which allows your friends to be notified to reach out to you, but helps to prevent identity theft.


Instagram, on the other hand, is less customisable when it comes to privacy, and while the predominant use of this platform is stories that aren’t permanently visible, it’s important to understand who is able to view them and take screenshots for permanent records.


Why is this important?

While everyone who shares personal information on a public platform is putting themselves at risk, it’s true that cybercriminals are rarely after the “everyday joe”. It’s often by pure coincidence that identity theft in these situations happen. However, if you have a larger-than-average online profile, or if your workplace or role is a target for cybercriminals (such as employees who work at banks, or high-level executives for a range of businesses), you may be at higher risk of identity theft if you share this kind of information on your profile.


The best thing to do is review your profiles and who you’re sharing your information with. Ask yourself if you really need to post your next vaccination card, or if another picture or post will convey the same message without exposing your sensitive information.


And if you’re in a vulnerable workplace, we strongly recommend making sure your executive’s profiles are secure to avoid any potential brand damage.