> Not a single one of those times was there a) anything truly actionable for me to do about it[0] or b) a single negative impact to my actual life. In anyway. At all.

My wife has had someone rent an apartment in Oakland and open bank accounts with her name and social. Other than getting the bank accounts cancelled, and locking credit, there's nothing to do. The apartment management said they weren't able to evict based on stolen identity; and Oakland PD did nothing. Reporting identity theft to the FTC like they want you to do is a joke.

Unfortunately, the Oakland address has been showing up in KYC questionaires so it's probably in some minor credit bureau file as true.

Thankfully AMEX called her to notify when the fraudster tried to open a new AMEX with the wrong address.

There's no accountability for the people that collect this data and allow it to be copied. There's no accountability for those who use it for fraud. There's no accountability when credit bureaux distribute inaccurate data. It's a big mess.

Thankfully, most of the haveibeenpwned breaches I'm involved in are like name and email which big deal. But when at&t allowed their records to be copied, someone tried to open a bank of america account with my info. At&t didn't really need my ssn, but they required it as a condition of service, so they had data people wanted.