30+ Identity Theft Statistics for 2023
Identity theft is nothing new. But the ways in which personal information is being attained and the rising figures are.
The pandemic has inadvertently boosted identity theft cases. And internet users are at risk without proper precaution.
With that in mind, we’ll take a deep dive into the latest identity theft and fraud statistics covering:
- How Common Is Identity Theft?
- Stolen Data Statistics
- Identity Theft Victims
- Identity Theft Risk Factors
- Outcomes Of Identity Theft
- Preventative Measures For Identity Theft
Identity Theft & Fraud Key Statistics (2023)
- Almost one third of Americans have been a victim of identity theft.
- Over 300,000 Americans fall victim to phishing/vishing/smishing attacks yearly.
- Every year there are more than 50,000 individual personal data breaches in the US.
- Identity theft victims in the US are most commonly aged between 30-39 years old.
- Americans are statistically likely to know a victim of identity theft.
- 87% of people leave personal information exposed online.
How Common is Identity Theft?
Around 1 in 3 Americans have experienced identity theft (Proofpoint)
According to recent data, approximately 33% of US citizens have been victims of identity theft at some point in their lives. That’s more than double the global average.
More than 300,000 Americans fall victim to phishing/vishing/smishing each year (FBI)
According to the Federal Bureau of Investigation’s (FBI) 2021 Internet Crime Report, the most common type of cybercrime in the US is phishing/vishing/smishing - all of which involve stealing users’ personal data.
These types of cyber crimes occur almost 4x more than any other.
Around $4 billion is lost to cybercrime each year in the US alone (FBI)
Cybercrime can be incredibly costly for victims.
Here are the top eight most common types of cybercrime in the US:
|Rank||Cybercrime||US Victims (2021)|
|3||Personal Data Breach||51,829|
In total, approximately $4 billion was lost from the crimes listed above.
Combined, over 100,000 identity theft and personal data breaches occur every year (FBI)
More than 50,000 cases of identity theft are reported each year in the US. And over 50,000 personal data breaches occur per year.
Despite these high numbers, many similar crimes are thought to go unreported.
Stolen Data Statistics
Around 4 in 5 fraud examiners predicted identity theft risk to increase between 2020 and 2021 (ACFE)
Identity theft, in particular, has seen a marked increase since the pandemic first started.
A 2020 survey of global fraud examiners found that 57% believed identity theft risk had increased in May 2020.
This figure rose further to 67% in August 2020. And was projected to increase further in the following 12 months (82%).
Here’s the global identity theft threat data broken down:
|Month, Year||Slight Risk Increase||Significant Risk Increase||Total Risk Increase|
*Predicted in August 2020.
Just 8% of Europeans claim to have recently experienced online identity theft (European Commission)
In 2019, European internet users were asked if they had personally experienced online identity theft in the previous three years. Around 9 in 10 (92%) claimed they had never experienced it.
Of the remaining respondents, 3% claimed to experience identity theft once.
And 2% stated “two or three times”. Just 1% have been victims on more than three occasions.
Lastly, 2% of respondents did not know if they had personally experienced identity theft in the last three years.
Almost half of all compromised accounts are taken over within a day (Javelin)
Given the sheer amount of data breaches, authorities are well aware of the risks. Yet fraudsters act quickly, very quickly.
Research indicates that around 40% of account takeovers take less than 24 hours to complete.
Some stolen credit cards are sold on the dark web for under $1 (Symantec)
Once data is obtained it often ends up on the dark web.
Despite the large financial cost associated with losing a credit card, thieves commonly sell stolen details for as little as $0.50 per credit card.
Cards with full details tend to be priced at $1 to $45 each.
Identity Theft Victims
The average age of an identity fraud victim is 30-39 years old (FTC)
In the US, the most common victims of identity theft are aged 30-39 years old. This is closely followed by those aged 40-49 years old.
The least likely age group to fall victim to identity theft by raw numbers are 80+.
Here’s the full breakdown of identity theft complaints lodged with the Federal Trade Commission in the US in 2020 by age:
|Rank*||Age Group||Complaints||Proportion of Complaints|
|7||19 and under||23,651||1.9%|
|8||80 and over||9,915||0.8%|
*Based on the raw number of Federal Trade Commission complaints.
Over 1 million children are victims of identity fraud each year (Identity Theft Resource Center)
Despite a relatively low number of lodged complaints, children are commonly the victim of stolen identity. The Identity Theft Resource Center reports that around 1.3 million children’s records are stolen each year. And foster children are at most risk.
In fact, there was a 63% increase in reported child identity thefts in 2021 compared to 2019.
Using social media significantly increases your risk of identity theft (Javelin)
Social media presence has been found to be a significant risk factor for identity theft.
Individuals who are active on social media are 30% to 46% more likely to be at risk of identity theft and/or account takeovers.
Americans are statistically likely to know a victim of identity theft (Consumer Sentinel Network)
Approximately 20% of US citizens were a victim of identity fraud in 2021.
If this doesn’t sound accurate, it may be due to the fact that more than 1 in 10 (11%) identity theft victims do not want police reports taken.
Between $24 million and $55 million is lost annually to card ID theft in the UK (UK Finance)
There are several types of identity theft and related fraud including card ID theft.
In the UK, millions of pounds are lost every year through card ID theft. In 2008 and 2018, the figures peaked at 20-year highs of over £45 million ($55 million).
Even during quieter years like 2002 and 2011, card ID theft still surpasses at least £20 million ($24.5 million).
Over $200 million is lost every year to ATM fraud in Europe (European ATM Security Team)
In Europe, ATM fraud rose year-over-year between 2013 and 2017. But dropped significantly in 2018 and remained low the following year.
Here’s a closer look at ATM fraud in select European countries over time:
|Year||Reported Losses||Difference Over Previous Year|
|2010||€268 million ($281 million)||-|
|2011||€234 million ($245 million)||↓ $36 million|
|2012||€265 million ($278 million)||↑ $33 million|
|2013||€248 million ($260 million)||↓ $18 million|
|2014||€280 million ($294 million)||↑ $34 million|
|2015||€327 million ($343 million)||↑ $49 million|
|2016||€332 million ($348 million)||↑ $5 million|
|2017||€353 million ($370 million)||↑ $22 million|
|2018||€247 million ($259 million)||↓ $11 million|
|2019||€249 million ($261 million)||↑ $2 million|
Well over half a million USD was lost in a single cryptocurrency heist in 2021 (DeFiYield)
Perhaps unsurprisingly, the rise of cryptocurrency has led to a rise in crypto theft.
Between 2020 and 2021, the value of crypto lost to security threats increased by around 9x.
A single incident in August 2021 saw approximately $610 million stolen in one of the biggest crypto heists of all time.
Over $5.8 billion is lost due to fraud annually (FTC)
Reported losses from fraud are on the rise according to the FTC.
In 2019 approximately $1.8 billion was lost due to fraud. This figure grew to $3.3 billion in 2020. And increased further to $5.8 billion in 2021.
Reluctance to report means that these figures are likely lower than the real amount.
Global data breaches rose year-over-year between 2013 and 2017 (Gemalto)
The above data supports the general upwards trend of worldwide data breaches leading up to 2019.
In H1 2013, there were 357 global data breaches. By H2 2017, this total had more than tripled to 1,085.
Curiously, H1 for 2013-2016 saw more breaches than H2 for those respective years. Only 2017 saw more data breaches in the second half of the year from the available data.
Here’s the full data records for worldwide data breaches between 2013-2018:
|Year||Data Breaches||Change Over Previous year||H1||H2|
|2014||928||↑ 229||↑ 32.76%||476||452|
|2015||1,001||↑ 73||↑ 7.87%||552||449|
|2016||1,050||↑ 49||↑ 4.9%||621||429|
|2017||1,765||↑ 715||↑ 68.1%||680||1,085|
*Incomplete data set.
California has seen over 2x more data breaches than any other state since 2005 (comparitech)
Looking at US states, California has seen the most data branches (1,777) between 2005 and 2020.
New York (863) and Texas (819) follow in terms of data breaches.
No state has had more personal records lost/stolen than California (comparitech)
California has seen over 5.6 billion personal records lost/stolen between 2005 and 2020.
Oregon (1.38 billion) and Maryland (388 million) are second and third for records lost/stolen respectively.
Here’s the full list of US states by number of records lost/stolen between 2005-2020:
|State Rank||State*||No. of Records Lost/Stolen||Data Breaches|
|-||District of Columbia||148,382,228||189|
*Includes other districts.
** Represents nationwide data breaches that cannot be pinned to a specific state.
Identity Theft Risk Factors
Almost 9 in 10 people leave personal information exposed online (NortonLifeLock)
There are various risk factors when it comes to identity theft - most of which are entirely preventable.
In total, 87% of people allow personal information to be exposed online while doing activities such as using email services or accessing bank accounts.
6 out of 10 people believe their personal information is not at risk when using WiFi (NortonLifeLock)
In general, people are waking up to the importance of cybersecurity, but there is still a long way to go.
Just 40% of consumers believe their personal information could be at risk when using public WiFi.
86% of internet users do not use a VPN (Symantec)
Virtual private networks (VPNs) are a solution that is being increasingly adopted.
But just 14% of internet users currently protect their WiFi using a VPN.
Almost half of all identity theft victims claim to have shopped online prior to an attack (Experian)
The route of identity theft, at least in the US, appears to be irresponsible online shopping habits.
Nearly half (43%) of US identity theft victims reported shopping online prior to the cyberattack.
Around 2 in 5 people would happily use public WiFi for internet shopping (Experian)
An increase in online shopping during the pandemic has seen online fraud incidents skyrocket.
Yet, 42% of shoppers claim they would use public WiFi networks to shop in the future.
Around 4 in 5 Americans share passwords (Google)
Data shows that 79% of Americans claim to share passwords with family or friends.
While 65% of people reuse passwords across multiple websites.
Despite this, just 13% of people surveyed admit to being worried about identity fraud.
Outcomes of Identity Theft
More than half of surveyed Brits are at least partially concerned about identity theft (European Commission)
Concern in the UK over identity theft appears to be considerably higher than the US.
29% of people are “very concerned”, while 38% are “fairly concerned”.
Around one third of people are not very concerned with 12% “not at all concerned”. The final 1% “don’t know”.
On average, $500 is lost by each fraud victim per year (FTC)
The above concerns are seemingly justified by the amount lost to fraud.
According to the FTC, the average amount lost to fraud was $500 in 2021.
The elderly may be less common fraud victims, but the median amount lost is 3x more ($1,500) for 80+ year-olds.
Nearly half of all fraud victims feel like they can no longer trust family members (Identity Theft Resource Centre)
As well as financial loss, identity theft can have damaging emotional and physiological effects.
One study found that 77.3% of victims suffered increased stress. And 54.5% became more fatigued and experienced lower energy.
Personal relationships can also suffer as 45% of fraud victims do not feel they can trust family members after the fact. And 55% stated new trust issues among friends.
Preventative Measures for Identity Theft
Parental controls are the most commonly used online protective measure (NortonLifeLock)
There are many preventative measures that internet users take to protect online activities and personal information.
Here are the results from a 2021 worldwide survey:
|Rank||Preventative Measure||Share of Respondents|
|1||Used online parental controls*||33%|
|2||Changed default privacy settings on the device||29%|
|3||I have not done anything||29%|
|4||Used and identity theft protection service (US only)||27%|
|5||Disabled third-party cookies in a browser||26%|
|6||Enabled multi-factor authentication||26%|
|7||Used something other than the full name for social media||22%|
|8||Used an encrypted email service or messaging app||18%|
|9||Disabled microphone access on my device||18%|
|10||Used a VPN to encrypt information||16%|
|11||Deleted a social media account||16%|
|12||Used anonymous payment methods||15%|
|13||Used privacy monitoring service (US only)||14%|
|14||Asked a company what personal information they have about me on their personal records||8%|
*Parents of minors only.
Identity theft isn’t going away. And the methods of obtaining unauthorized data continue to evolve.
Ultimately, the understanding and utilization of cybersecurity measures is pivotal in the battle to protect personal information.