Allstate Identity Protection is proudly compliant with the new California Consumer Privacy Act. View our privacy policy here.
Exciting news! InfoArmor is now Allstate Identity Protection. Same great company. Same powerful protection. Learn more.

What’s the difference between hackers, cybercriminals, and identity thieves?


Get more Allstate Identity Protection news

When you hear the word hacker, your next thought probably isn’t helper. In the mainstream media, hackers are often portrayed as cloak-and-dagger, fly-by-night figures — evil geniuses who are out to get your data.

But, did you know that many of the people who search computer systems for bugs and vulnerabilities are actually out to lend a hand, or at least make an honest living? 

In fact, there are many different types of hackers. Some have good intentions, while others may be malicious. Let’s take a closer look at how cybercriminals are categorized, the ways hackers can differ from identity thieves, and how you may be able to best protect yourself from the not-so-good guys.

What’s a hacker?

By definition, hackers are computer programmers who use their technical skills to breach digital systems, networks, and devices. In the process, they may employ a variety of tools and techniques, including rootkits, a type of malware that can control a system remotely; distributed denial-of-service (DDoS) attacks, which disrupt connections and services; and vulnerability scanners, or programs that find potential weak spots or loopholes.

But, that doesn’t mean they’re all bad guys. Many hackers are actually security professionals hired by software companies to find — and then help fix — unknown exploits. Their goal is to identify bugs and vulnerabilities first, before bad actors find them and take advantage.

What are the three types of hackers?

There are three types of hackers, categorized by the color of their metaphorical hats:

  • Hackers who use their skills for good are known as white-hat hackers. They protect companies, governments, and consumers by testing and improving digital security measures, all with the aim of keeping data out of the wrong hands. An ethical hacker may be employed as a security engineer for a major corporation or a computer forensics investigator for the NSA. This type of hacking is legal and necessary work; practitioners can even earn special credentials and certificates designed specifically for ethical hackers.

With data leaks making more and more headlines, it’s important to note that not every breach is the handiwork of a black-hat hacker. Security incidents can be accidental, like when a well-meaning employee unknowingly leaks customers’ information onto the internet, or a security team doesn’t properly encrypt sensitive data. But there are things you can do to stay alert. Before sharing personal information with a website, for example, it’s a good idea to check the privacy policy for an idea of how your data will be protected.

What’s the difference between a hacker and a cybercriminal?

Cybercriminals are people who use computers or the internet to commit crimes. Both black- and gray-hat hackers may break the law, effectively becoming cybercriminals. All 50 states have computer crime laws governing the damage or disruption of computer systems.

Just as there are many ways to break these laws, there are many faces of cybercriminals. Some are petty thieves: lone wolves who steal information for financial gain. On the other end of the spectrum, there are organized crime groups who use the internet to buy and sell illegal goods think weapons and drugs or broker unlawful services. Corporations may break the law by engaging in cyber espionage, while nation-states have been known to hire cybercriminals to spy on other governments, steal information, or otherwise engage in cyber warfare.

What about identity thieves?

There’s a lot that goes into categorizing different types of hackers, but the terms hacker, cybercriminal, and identity thief are often used interchangeably — and inaccurately.

Identity thieves use stolen personal information, such as your name, birth date, and Social Security number, for illicit personal gain. An identity thief might open a new line of credit, take out a loan, or even receive medical services using your name.

Identity theft can happen without a computer, like when someone applies for a job in-person — using your Social Security number. But identity theft is increasingly carried out on the internet. As companies continue to track and store our information, our digital footprints grow — and unfortunately, those data trails can become fodder for fraudsters.

In 2018 alone, 14.4 million people were victims of some type of identity theft. If you happen to be one of them, you know it can be incredibly difficult to untangle the mess and reclaim your records. As a result, consumers are rightly worried: InfoArmor’s Data Privacy and Consumer Expectations report shows that 75 percent of American consumers are more concerned about malicious hackers accessing their data than they are about companies tracking and storing their information.

While we can’t always control what happens to our data, we can be vigilant about protecting our identities, both online and in the physical world.

How can I protect my data?

If you’re a PrivacyArmor Plus member, you can feel good knowing there are a number of protections in place to help you if your information does fall into the wrong hands, whether the breach is caused by a cybercriminal, identity thief, or a plain old accident.

To up your protections, log in to the portal and switch on dark web monitoring. This helps our bots and human-intelligence operatives help you. Once you enter your login credentials, passwords, and IP addresses, we can notify you of their potential exposure on the dark web, where hackers may find your information and then sell it to identity thieves. Once you’ve logged on, you can also link financial and social accounts for us to monitor, and refresh your VantageScore 3.0 credit score or lock your TransUnion credit report. Experts recommend checking your credit scores and reports regularly. Often, this is where evidence of identity theft may appear.

While you’re in the portal, you can also up your offline defenses. With our lost wallet protection feature, you can securely store key details, such as your driver’s license number, to make the recovery process go much smoother if your goods are ever lost or stolen in the physical world.

You can’t stop cybercriminals and identity thieves from operating. But with PrivacyArmor Plus, you’ll have a holistic, multi-faceted approach to your data protection, not to mention a team of Privacy Advocates available to help with round-the-clock remediation and alerts that spurn immediate action should you ever become a target. Doesn’t it feel good to be proactive?

New Call-to-action