Digital Identity for the Dead – Who Owns Your Identity After You’re Gone?

This week, we’re tackling a question few security teams think about — but every digital citizen should.

When a person dies, their online identity doesn’t vanish with them. Their logins, cloud data, photos, emails, and digital wallets remain — often accessible, exploitable, or forgotten.

And while the living world moves on, that dormant data becomes a goldmine for cybercriminals.
The issue isn’t just emotional or ethical — it’s a growing cybersecurity concern.

Let’s explore what happens to digital identity after death, how bad actors exploit it, and why “digital estate planning” may soon be a key part of cybersecurity policy.

Over 4 million professionals start their day with Morning Brew—because business news doesn’t have to be boring.

Each daily email breaks down the biggest stories in business, tech, and finance with clarity, wit, and relevance—so you're not just informed, you're actually interested.

Whether you’re leading meetings or just trying to keep up, Morning Brew helps you talk the talk without digging through social media or jargon-packed articles. And odds are, it’s already sitting in your coworker’s inbox—so you’ll have plenty to chat about.

It’s 100% free and takes less than 15 seconds to sign up, so try it today and see how Morning Brew is transforming business media for the better.

Check it out

Most online platforms have policies for handling deceased users’ accounts — but they’re far from consistent.

But here’s the catch: these safeguards only work if they’re set up before death. Many people never do, leaving loved ones — or worse, opportunists — in control.

(See: Google Inactive Account Manager, Apple Digital Legacy Program)

Identity thieves have learned to exploit the gap between death and digital cleanup.

According to the Identity Theft Resource Center, nearly 2.5 million deceased Americans fall victim to identity theft every year.

Because deceased individuals can’t check statements or credit alerts, “ghost identities” can persist undetected for years.

(See: IDnow - Ghosting Fraud: Are you doing business with the dead?)

From a CISO’s perspective, digital death isn’t just personal — it’s operational.

Former employees’ accounts, credentials, and device access can linger across systems if offboarding isn’t thorough.
A dormant identity inside a corporate network is indistinguishable from a compromised one.

That’s why identity governance frameworks like NIST SP 800-63C and ISO/IEC 24760-1 emphasize lifecycle termination — ensuring credentials are retired as securely as they’re issued.

It’s not enough to control who gets access — organizations must also manage what happens when that access ends.

(See: NIST Digital Identity Guidelines – Federation and Lifecycle Management)

Cybersecurity now extends beyond corporate walls — and even beyond life itself.

Estate planners are increasingly adding digital asset clauses to wills, covering cloud drives, social media, cryptocurrency, and subscription data. Some countries have passed laws allowing heirs to inherit digital property, but jurisdictional differences remain vast.

Security professionals should encourage users — and employees — to:

(See: Charleston Firm - The Digital Afterlife: A Guide to Digital Assets and Estate Planning)

CISOs and IT managers increasingly oversee not just access control, but identity continuity.

For enterprises, “digital afterlife management” isn’t sentimental — it’s part of identity hygiene and risk governance.

(See also: Our Blog – Credential Management: Protecting Digital Access in a Zero Trust Era)

The future will force us to make deeper decisions: Should AI be allowed to mimic deceased users? Should data be deleted, memorialized, or archived for history?

Platforms like HereAfter AI and Replika already use AI to simulate voices and personalities — raising profound privacy, consent, and ethical dilemmas.

As identity becomes intertwined with AI models, who owns your likeness after you’re gone may soon become the next frontier in digital rights.

(See: The Guardian - Digital recreations of dead people need urgent regulation, AI ethicists say)

Take 10 minutes to set up your Google Inactive Account Manager or Apple Digital Legacy. It’s one of the simplest steps you can take to protect your digital identity — both now and after you’re gone.

With a background in content management for tech companies and startups, Nick Marsteller brings creativity and focus to his role as the Head of Content at Everykey.

Over his career, Nick has supported organizations ranging from early-stage startups to global technology providers, driving initiatives across digital content and branding. With a background spanning SaaS, cybersecurity, and entrepreneurial ventures.

Outside of work, Nick loves to travel, attend concerts with friends, and spend time with family and his two cats, Ducky and Daisy.

The line between digital life and death is fading.

Every account, device, and data trail lives longer than its creator — which makes digital identity management a moral, legal, and cybersecurity challenge.

For security leaders, it’s time to start thinking beyond access and authentication. True digital resilience includes what happens after — how identities end, and who controls what remains.

Stay mindful. Stay secure.

Until next time,

Check out last week’s edition of Unlocked