In the absence of adequate protection of personal information, criminals may use a variety of methods to find a breakthrough to conduct identity theft. The following are some common methods: 1. **Data leakage**: Attackers may obtain a large amount of personal information of users by attacking the database of a company or organization. This information includes name, address, ID number, credit card information, etc. 2. **Phishing attack**: Fraudsters trick individuals into actively providing sensitive information by pretending to be legitimate institutions, such as asking users to verify account information or change passwords through fake emails, text messages or phone calls. 3. **Social engineering**: Criminals use some of the information they have obtained to pretend to be trustworthy people or organizations to further deceive users into providing information or access rights. 4. **Malware**: Infecting user devices with viruses or Trojans to steal personal information stored on the device or record information entered by users, including passwords and account numbers. 5. **Public Wi-Fi attack**: When users use unsecured public Wi-Fi, attackers may intercept data transmission and steal users' login information and other sensitive data. 6. **Dark web transactions**: It is relatively easy to buy and sell stolen personal information on the dark web, and other criminals can purchase this data for identity theft. 7. **Physical theft**: such as stealing mail, rummaging through trash, or stealing improperly stored devices and files to obtain personal information. To protect personal information, users should be wary of suspicious communications, update passwords regularly, use two-factor authentication, avoid transmitting sensitive information in unsecured network environments, and properly dispose of files and devices containing personal information.