Identity Theft: A Growing Concern

Your name might be worth a lot more than you realize. It’s not just about personal value, but to someone sitting in, say, Pyongyang, your name and other personal details could translate into a job, or even worse, support for something sinister.

A Ukrainian man, Oleksandr Didenko, has just been sentenced to five years in federal prison. He ran a website that peddled stolen personal information from Americans to overseas workers, predominantly North Koreans. These individuals then used that information to secure jobs at U.S. companies, all while working under fake identities, completely unaware of the criminal activities occurring behind the scenes.

The Federal Trade Commission (FTC) receives more than a million reports of identity theft each year—roughly one every 30 seconds.

Didenko’s platform, Upworksell, operated like a marketplace. If someone was looking for a persuasive American identity to nab a software engineering position, they could just browse what was available. Over 870 pieces of stolen data circulated through that site before the FBI shut it down in 2024. North Koreans who purchased or rented this information were able to work remotely, making money and sending it back to the very government facing global sanctions.

The mechanics of this operation were, frankly, chilling. To ensure that the workers appeared to be in the U.S., Didenko paid regular Americans to set up laptops in their homes across various states like California, Tennessee, and Virginia. Each home, filled with active laptops, became a façade for foreign workers masquerading as American neighbors. The ominous term for this setup? Laptop farms.

This situation isn’t just about Didenko or his website. It’s indicative of a much larger issue. This isn’t a standalone case; it highlights a broader pattern that poses multiple risks to businesses and government security. First, those workers are skirting U.S. sanctions just by being employed. Second, sensitive data is compromised within corporate systems. Finally, this stolen data can be used to blackmail the very companies that unknowingly hired these individuals.

Identity theft in the U.S. is, unfortunately, quite prevalent. The FTC’s figures indicate that over a million reports flood in annually, translating to an unfortunate but persistent issue. Statistically, more than one in five Americans will face identity theft at some point. The year 2025, specifically, saw identity fraud losses soar to an unprecedented $12 billion. A significant part of that stems from stolen Social Security numbers, many of which were on Didenko’s list, waiting for buyers.

Many victims find themselves tangled in a web of disputes as they attempt to rectify the damage done to their credit reports and financial records. It’s exhausting and demeaning, and much of it is avoidable if not for the unscrupulous acquisition of their identities.

What makes the involvement of North Korea particularly alarming is the scale and organization behind these tactics. This isn’t just about random criminals stealing credit card numbers; it’s a workforce acting under the auspices of a nation-state, committing federal crimes. Interestingly, CrowdStrike, a leading cybersecurity firm, noted a marked rise in North Korean infiltration into Western industries, particularly in tech and software roles. They’ve even been known to pose as recruiters or investors to gain access to sensitive systems. Their methods keep evolving.

The underlying issue remains the personal information of individuals—your identity, your history, the credibility you meticulously build over time. It can vanish in an instant. This isn’t just a North Korean issue, either; countries like Russia and China have been engaging in these tactics for years, developing a level of expertise that’s troubling.

The systems currently in place for identity verification—be it employment checks or other forms—were designed for different threats. They fall short against these sophisticated schemes. Every day, companies hire remote developers without face-to-face interactions, leaving themselves vulnerable. This gap is glaring and well-documented, yet it largely remains unaddressed. For someone like Didenko, this represents a viable business strategy.

Didenko will serve his five-year sentence, but the challenge of identity theft persists like a game of Whack-A-Mole. A new operation with slightly different methods is probably already underway. Your identity, unfortunately, could be part of it. Your name might already be up for sale, and someone out there is deciding what it’s worth.