*This list is regularly updated with the latest identity theft statistics for 2019 – 2022 (plus a few earlier stats thrown in). To date, we have compiled over 30 identity theft facts, figures, and trends from a wide range of sources and covering a number of different countries.
As the world continues its relentless march toward all things digital, the reams of data we’re uploading to the web are increasingly exposed. Each individual consumer’s personal information now resides on hundreds, if not thousands of servers across the globe. With that fact comes a somewhat obvious result: an increase in identity theft.
Data theft is big business, and following good news in 2019, when there was a slight drop in ID theft cases, this has unfortunately reversed in recent times – partly due to the effect of the pandemic.
According to the FTC, identity fraud incidents increased around 45% in 2020, incurring huge financial losses for American citizens. In 2021, this trend continued with Americans suffering a total of 56 billion dollars in losses, according to Javelin Strategy.
That security company also found that children are increasingly the victims of identity fraud. While children have long been a target for Social Security Number misuse and credit card fraud, it appears the impact is growing. The FTC reported that over 1 million children were ID theft victims in 2020.
Identity theft statistics have taken center stage among the many stats and facts encompassing the entire realm of cybercrime. While ransomware gains more attention, identity theft remains much easier to pull off and monetize. Social security numbers, credit card numbers, and other personal identity factors can be stolen and sold on the dark web, or used by criminals for quick and easy profit.
The following identity theft statistics are categorized to help get a better feel for how and why this threat continues to be a problem for consumers, businesses, and governments worldwide.
Related: Cyber security statistics
1. A record number of data breaches were reported in 2023, contributing to identity fraud
Alongside the 12,098 reported data breaches in the US between 2008 and June 2020, there were over 11 billion records stolen during that time frame. The numbers reveal that contrary to efforts to stem the tide of data theft, thieves are learning new ways to bypass protections, and much of our data is not protected at all.
The personal information stolen in data breaches can be used to conduct identity theft.
2. Number of fraud incidents still rising
Recent reports from ConsumerAffairs have highlighted a significant rise in identity theft incidents over the past twenty years. Specifically, there’s been an alarming 584% increase in identity theft reports since two decades ago. In 2022, Georgia reported the highest incidence of identity theft per capita.
The most prevalent form of this crime was credit card fraud, emphasizing the critical need for vigilance in managing financial transactions and protecting personal data. For more comprehensive insights, the ConsumerAffairs 2024 Identity Theft Statistics report provides detailed information on these trends.
3. Fraud losses up 45% between 2019 and 2020
Identity theft incidents almost doubled between 2019 and 2020. The total amount of money lost due to identity fraud was also on the rise.
According to the FTC, reported losses grew from $1.8 in 2019 to $3.3 billion in 2020 and $5.8 billion in 2021. However, it is worth noting that these figures do not necessarily account for all losses since many victims are hesitant to come forward.
4. Account takeovers up 20 percent in 2020
Account takeovers occur when a criminal gains access to someone’s accounts holding personal information.In 2019, account takeovers were up 72 percent over the previous year. According to Kaspersky this number of account take over incidents grew by another 20% in 2020.
5. 40% of account takeovers happened in just one day
Javelin Research found that fraudsters are fast in their efforts to take over accounts. The company’s 2020 research on identity fraud reports that 40% of takeovers happen within 24 hours of a criminal’s access to a victim’s account.
6. EMV chip credit cards helped to reduce some fraud
EMV chip adoption in the US was slow, but by Q2 of 2021, around 88% of merchants had POS systems in place to accept the chips (up from 67% in 2020), while every major card issuer had already switched to delivering cards with EMV chips.
Prior to EMV chip cards, credit card fraud was the single-largest source of identity fraud losses. However, counterfeit card fraud fell 75% after EMV card rollouts.
7. The pandemic was a leading cause of fraud
The pandemic caused a noticeable effect on the scams that transpired in 2020 and 2021. Unsolicited calls, robocalls, and phishing emails saw dramatic increases during the period in question due to lockdown.
These identity theft scams, including the theft of social security numbers, were used as an attack vector to steal the PII needed to engage in false claims and contributed to a dramatic increase in false claims (more on this later).
Finally, digital payment methods used to shop from home during lengthy lockdown periods also accounted for an increase in fraud, with 18 million victims reportedly affected.
8. Stolen credit card data is often sold on dark web marketplaces for as little as $0.50 per card
Although the cost of losing credit card information can be extensive, those selling that data on the dark web often do so at incredibly low prices. Symantec found single credit cards priced as low as $0.50, and some as high as $20 each. Cards with full details, including CCV numbers, were more commonly twice as expensive, and often run between $1 and $45 per card.
Data from skimmed magnetic is often the most expensive card data on the dark web. The asking price for those can range from $5 to $60 or more.
9. Most people in the US know an identity theft victim
Around 20% of Americans were victims of identity fraud in 2021. Those numbers indicate that if you live in the US, you have likely been a victim of ID theft or known someone who has (whether they’ve admitted to it or not).
10. UK identity theft reaching “epidemic levels”
In 2017, Cifas announced that identity fraud in the UK is reaching “epidemic levels” with fraud incidents occurring at a rate of 500 per day. Unfortunately, things only got worse in 2020, with a one-third increase. There was a further 11 percent increase in the first half of 2021, just as the pandemic took hold. Notably, 42% of reported incidents were committed with the goal of obtaining a credit card.
11. Account takeovers saw a huge increase between 2019 and 2020
Account takeovers have been on the rise for a while but spiked 70% in 2019, bringing losses associated with account takeovers to a staggering $6.8 billion USD, up from $5.1 billion the previous year. In 2020, account take overs continued to rise, with Javelin finding that account take overs let to ID theft that accounted for losses of $56 billion USD.
12. Attackers are embracing new methods of attack
According to the Identity Theft Resource Center’s 2021 report, cyberattacks, phishing attempts, and ransomware are all increasingly common. This accounts for everything from formjacking to inadvertently installing a Trojan, although research indicates that criminals are much more likely to target a vulnerability in public-facing systems than before. To illustrate this, there were around two million attempts to exploit Microsoft Server bugs in Q2 and Q3 of 2021 alone.
13. Account takeovers spiked 307% during the pandemic
Sift has revealed that account takeovers have more than tripled since April 2019, with almost half of all victims suffering this fate between two and five times. Over 80 percent of victims lost money this way, and more than a quarter lost loyalty points or reward points to scammers.
14. People in their 30s most likely to be victims
According to the FTC, there were 2.8 million fraud reports from consumers in 2021, a nearly 27% increase over the 2.2 million fraud reports in 2020. 26.4% of these were from people between the ages of 30 and 39, while just 4.7% were from people over 70 years old. However, it recently launched an online platform for reporting fraud, which may see these numbers increase more than usual, given the ease of which users can file a report.
15. Identity scams were the most commonly reported scam in the US in 2021, followed by imposter scams
The 2021 FTC Consumer Sentinel Data Book reveals that identity fraud accounted for the largest share of fraud reports to the FTC, accounting for 25% of all reported scams last year. Imposter scams were a distant second, with 17.16% of all scam reports.
16. Social media users are a high-risk group for identity theft
Those who use social media are among the most likely to experience fraud. Javelin Strategy found that individuals who have an active social media presence had a 30 percent higher risk of being a fraud victim than those who weren’t active.
People who use Facebook, Instagram, and Snapchat were particularly vulnerable. Users on these sites have a 46 percent higher risk of account takeovers and fraud than those not active on any social media networks.
17. Children are often victims of identity fraud
According to the Identity Theft Resource Center, 1.3 million children’s records are stolen every year. Foster children have an even greater risk as a percentage of all children.
Self-reported data to the FTC indicates that over 22,833 identity theft victims were under the age of 19 in 2021. This reflects a 63% increase over the 14,000 reported in 2019.
18. Over 1 in 10 identity theft victims don’t want police reports
FTC data from 2016 shows a surprising 11% of those who reported identity theft to law enforcement did not want a police report taken. While we have not seen updated stats on this in recent years it seems likely that those who fall victim to identity theft and scams often feel embarrassed and may still be seeking to conceal the fact that they have been victimized in 2021.
19. Only 14% of consumers use VPNs to protect their identity
Despite the verified increase in data protection it provides, 86 percent of consumers fail to use a VPN to protect their WiFi connections.
20. Government benefits fraud leading type of identity theft
The 2021 Consumer Sentinel Network Data Book reveals there were 395,948 report of government benefits fraud that year, which is roughly in line with the 394,324 reports received in 2020.
That makes government benefits fraud the top reported type of ID fraud in 2021. Credit card fraud accounted for over 389,737 reports, putting it a close second.
21. 87% of consumers have left personal information exposed online
Norton found that 87 percent of consumers have left their personal information exposed while accessing emails, bank accounts or financial information, another issue that could be mitigated through the use of a VPN.
The lack of personal WiFi protections appears to coincide with the fact that 60% of consumers feel as though their personal information is safe when using public WiFi.
22. Identify theft now accounts for nearly 3o% of all FTC CSN reports
While the total number of reports made to the Consumer Sentinel Network didn’t rise remarkably between 2017 and 2019, there was a significant increase from 2019 (over 3.2 million) to 2020 (over 4.7 million). In 2019, ID theft had risen to 20.33% of the total number of reports, or over 650,000. However, this rose to 20.39% in 2020 with nearly 1.4 million identity theft reports made. Imposter scams were a distant second, accounting for 10.56% of reports.
23. Most small businesses store private information that could be exposed
According to a CSID survey, in 2016, 52% of small businesses didn’t invest in cyber risk mitigation, believing that they didn’t store any private information. However, 68% at a minimum stored email addresses, which is one potential entry vector for hackers. CSID also found that 31% of surveyed small businesses did not take any active measures to mitigate cyber risks such as data breaches and hacking.
Complicating the matter is money and human resources. In 2019, nearly 77% of businesses claim they didn’t have the personnel to properly secure their records and systems, a 2% increase from 2018. Around 55% indicate they lack the budget to invest in better protection. Finally, in 2020, small businesses accounted for 28% of all data breaches.
The good news is that since 2016, when the CSID report was published, businesses have been investing heavily in cyber risk mitigation. In fact, according to Hiscox in 2021, the average business set aside 21% of their IT budget for cyber security. This is a jump of 63% from 2019.
24. The median fraud loss is $500
The FTC reports that the average fraud loss in 2021 was $500, However, while elderly victims were less common, they tended to lose more money, with a median loss of $1,500 for those over 80 years old.
25. Many fraud victims don’t get reimbursed for their losses
An increasing number of fraud victims are not getting reimbursed. Javelin found 23 percent of fraud victims did not get their money back in 2018, which is 3 times more than in 2016.
26. Poor shopping habits leave Americans exposed to ID theft
Experian found 43% of identity theft victims in the U.S. admitted the incident happened after shopping online during the holidays. Increased shopping from home during the pandemic also led to an increase in online fraud and scam incidents in 2020 and 2021.
Despite this, only 58% said they wouldn’t use public wifi networks for shopping in the future.
27. Account sharing habits could lead to ID theft
Despite the risks involved, a survey found 79% of Americans admit to sharing passwords. Only 13% of survey respondents were worried about identity fraud, despite the risk. Given 65% of surveyed adults admit to reusing passwords across sites, many adults could be more vulnerable to ID theft than they realize.
28. Card-related fraud is rising again in Australia
The Australia Payments Network reports that spending on payment cards is up, and ard fraud is on the rise too. Its FY 2021 report indicates that while counterfeit/skimming fraud fell by 34% and lost and stolen card fraud fell by 24.9%, card-not-present fraud (CNP) rose by 3.8%.
29. Identity theft has lasting emotional impacts
In its 2018 study The Aftermath®: The Non-Economic Impacts of Identity Theft, the Identity Theft Resource Center examined the emotional impacts that follow from identity theft victimhood. The study found 77.3% of victims report increased stress levels and 54.5% experienced more fatigue and decreased energy.
ID theft victimhood can also erode personal relationships. Over 45% of victims felt they could not trust family members after experiencing ID theft. A further 55% noted newly-developed trust issues with friends.
30. New account fraud losses exceed $3.4 billion
New Account Fraud (NAF) losses increased in 2018, to $3.4 billion. NAF fraud accounted for $3 billion in losses in 2017. According to the FTC, new account fraud was down 1% between 2020 and 2021. In its 2021 report, new account fraud accounted for around 302,000 incidents.
31. Federal student loan fraud identity theft largest increase in 2019
Although there were just over 14,600 reports related to it, FTC Consumer Sentinel Report data shows identity theft based on fraudulent applications for federal student loans rose 188% between 2018 and 2019. In 2020, that figure rose by another 88% with 27,495 incidents reported.
On the plus side, student loan fraud fell 34% in 2021, accounting for just 18,202 incidents.
Identity theft statistics reveal the problem is not going away
Identity theft is increasingly a 21st-Century problem. As more data moves off of physical paper and onto Internet-connected servers, the chances of that data getting stolen increases as well. While “malicious outsiders” remain active in stealing data (and by extension, loss of credit card numbers and Social Security Numbers), consumers share a good part of the blame for their lost data. Nevertheless, there are some positives that have emerged in response.
Thankfully, Consumers are getting slightly better at detecting fraud attempts. Javelin Strategy and Research found that online shoppers tended to be quick at identifying fraud attempts. Surprisingly, 78 percent of fraud victims were able to detect fraud within a week’s time.
Still, identity theft prevention appears to be on the rise despite savvier consumers. Data breaches show no signs of decreasing. And unfortunately, consumers still appear to be less than proactive when it comes to securing their private information.
FAQs about identity theft
What is Identity theft?
Identity theft is like the nightmare version of losing your wallet but on a much larger scale. It’s when some sneaky individual snatches your personal info, like your name, Social Security number, or credit card details, and uses it without your permission to commit fraud, make a quick buck, or do other shady activities in your name.
Here’s the lowdown on some common types of identity theft:
- Financial identity theft: Picture a thief using your personal details to raid your bank accounts, apply for loans or credit cards, or make unauthorized purchases. The result? A drained bank account, dinged credit scores, and nagging debt collectors.
- Medical identity theft: Imagine someone posing as you to score medical services, prescription drugs, or pricey medical equipment. The outcome? A messed-up medical record that could seriously mess with your health and future care.
- Criminal identity theft: Think of a crook getting arrested and then casually dropping your personal info to the police. Suddenly, you’re wrongly linked to their crimes, which can land you in a legal mess and ruin your reputation.
- Employment identity theft: Envision a fraudster using your information to snag a job or file bogus tax returns. What’s the damage? Lost job opportunities and a tax headache that you definitely didn’t sign up for.
Identity theft can wreak havoc on your finances, reputation, and emotional well-being. To fight back, it’s super important to keep your personal info under lock and key, keep tabs on your financial accounts, and regularly check your credit reports for any fishy activities
How do I know if I was a victim of identity theft?
Several red flags help determine if you’re a victim of identity theft. Some of the telltale signs are listed below:
- A bank or a retailer denies you credit.
- You receive bank or credit card statements with unknown charges.
- You receive calls from debt collectors.
- There are new accounts on your credit report that you don’t recognize.
- You no longer receive bills or statements by mail (indicating someone has changed your billing address).
What should I do if my identity has been compromised?
If you believe you are a victim of identity theft, you should start by contacting the fraud departments of the companies where your accounts have been compromised to ensure your money is safe and your cards aren’t being used without your permission. You should freeze any cards you believe are being used concurrently and inform your local police station. If you have ID theft insurance, you can file a claim to recoup some of the costs caused by damages.
How can I prevent identity theft?
Although cybercriminals are getting more sophisticated, requiring less information for successful identity fraud, you can make their job more challenging by following these best practices:
- Use a credit monitoring service to get notified of your data being involved in a breach/significant changes to your credit file.
- Shred paper documents containing personal information.
- Keep an eye on your credit card and bank statements for unrecognized charges.
- Use strong and varied passwords for your accounts.
- Use anti-malware software to protect your device from threats that could steal your data.
I'm thinking about freezing my credit report. How does that work?
A credit freeze is when you contact the three major credit reporting agencies (Equifax, Experian, and TransUnion) to request that your credit report be frozen. This means that no one can access your credit report without your permission. You can still use your credit cards and apply for loans, but you may have to unfreeze your credit report first. For more information, check out the Federal Trade Commission’s website at www.consumer.ftc.gov.
How do identity thieves obtain personal information?
Identity thieves are the ultimate tricksters, always finding new ways to get their hands on your personal information. They’re like modern-day magicians, except instead of pulling rabbits out of hats, they’re pulling your credit card numbers out of thin air.
So, how do they do it? First, let’s take a closer look at some of their favorite tactics:
- Phishing emails: These sneaky messages are designed to look like they’re from a legitimate source, such as your bank or a social media site, but they’re actually from an imposter. Clicking on links or downloading attachments in these emails can give the thief access to your personal data.
- Data breaches: When companies or organizations have their systems hacked, it can result in a massive leak of personal information. Hackers can then use this information to commit identity theft.
- Social media: We love sharing our lives on social media, but this can also make us vulnerable to identity theft. Posting personal information, such as your birthdate or home address, can make it easier for a thief to steal your identity.
- Mail theft: Thieves can steal mail from your mailbox or even from inside your home. They’re looking for anything containing personal information, like bank statements, credit card offers, or tax documents.
- Dumpster diving: Believe it or not, some identity thieves still resort to this old-school method. They’ll dig through your trash, looking for anything that might have personal information on it.
- Wallet or purse theft: Of course, the most straightforward way for a thief to get your personal information is to simply steal your wallet or purse. With your credit cards and identification in hand, they can wreak havoc on your finances and reputation.
It’s important to be vigilant and protect your personal information from these sneaky identity thieves. Use strong passwords, be cautious of suspicious emails, and shred any documents that contain personal information before throwing them away.
Can identity theft affect children?
Identity theft is a serious issue that can affect children. Unfortunately, thieves often target them because their identity can be stolen without being noticed for a long time. This can result in the thief using the child’s Social Security number to do things like open bank or credit card accounts, apply for loans, or even rent a home.
It can be difficult for parents or guardians to realize that their child’s identity has been stolen until they receive bills or calls about accounts they didn’t open. They may also discover when trying to open a bank account or credit card for their child, only to find out that one already exists with the child’s Social Security number.
To prevent identity theft, parents and guardians should take steps to keep all documents containing their child’s personal information locked up and secure. It’s also important to be cautious when sharing their child’s Social Security number. Regularly checking the child’s credit reports for any suspicious activity is another crucial step in preventing identity theft. By taking these precautions, parents and guardians can help protect their child’s identity and prevent them from experiencing the negative consequences of identity theft.
Thank you for the excellent statistics.
Why aren’t US companies required by law to encrypt sensitive personal data?
Good question, Sam. US companies are, in fact, legally required to encrypt personal data. This is why they’re required to report data breaches, and are on the hook for fines when data is lost or stolen. Medical data, in particular, has extra data protection standards under HIPPA, but other forms of personal data are required to be protected as well.
Why so much emphasis on the “dangers” of using public WiFi? The overwhelming majority of e-commerce sites, and all banks/financial institutions, use end-to-end HTTPS. This means the traffic over WiFi is encrypted, whether the WiFi itself is public or not.
I think someone are used my I’d