30+ Identity Theft Statistics for 2024

by Josh Howarth
December 5, 2023

Identity theft is nothing new. But the ways in which personal information is being attained and the rising figures are.

The pandemic has inadvertently boosted identity theft cases. And internet users are at risk without proper precautions.

With that in mind, we’ll take a deep dive into the latest identity theft and fraud statistics covering:

Identity Theft & Fraud Key Statistics (2024)

  • Almost one-third of Americans have been a victim of identity theft.
  • Over 300,000 Americans fall victim to phishing/vishing/smishing attacks yearly.
  • Every year there are more than 50,000 individual personal data breaches in the US.
  • Identity theft victims in the US are most commonly aged between 30-39 years old.
  • Americans are statistically likely to know a victim of identity theft.
  • 87% of people leave personal information exposed online.

How Common is Identity Theft?

Around 1 in 3 Americans have experienced identity theft (Proofpoint)

According to recent data, approximately 33% of Americans have been victims of identity theft. That’s more than double the global average.


More than 300,000 Americans fall victim to phishing/vishing/smishing each year (FBI)

According to the Federal Bureau of Investigation’s (FBI) 2021 Internet Crime Report, the most common type of cybercrime in the US is phishing/vishing/smishing - all of which involve stealing users’ personal data.

These types of cyber crimes occur almost 4x more than any other.

Around $4 billion is lost to cybercrime each year in the US alone (FBI)

Cybercrime can be incredibly costly for victims.


Here are the top eight most common types of cybercrime in the US:

Rank Cybercrime US Victims (2021)
1 Phishing/Vishing/Smishing 323,972
2 Non-Payment/Non-Delivery 82,478
3 Personal Data Breach 51,829
4 Identity Theft 51,629
5 Extortion 39,360
6 Confidence/Romance Fraud 24,299
7 Tech Support 23,903
8 Investment 20,561

In total, approximately $4 billion was lost from the crimes listed above.

Combined, over 100,000 identity theft and personal data breaches occur every year (FBI)

More than 50,000 cases of identity theft are reported each year in the US. And over 50,000 personal data breaches occur per year.

Despite these high numbers, many similar crimes are thought to go unreported.

Stolen Data Statistics

Around 4 in 5 fraud examiners predicted identity theft risk to increase between 2020 and 2021 (ACFE)

Identity theft, in particular, has seen a marked increase since the pandemic first started.

A 2020 survey of global fraud examiners found that 57% believed identity theft risk had increased in May 2020.

This figure rose further to 67% in August 2020. And was projected to increase further in the following 12 months (82%).

Here’s the global identity theft threat data broken down:

Month, Year Slight Risk Increase Significant Risk Increase Total Risk Increase
May 2020 35% 22% 57%
August 2020 38% 29% 67%
August 2021* 39% 43% 82%

*Predicted in August 2020.

Approximately 1 in 10 Europeans claim to have recently experienced online identity theft (European Commission)

In 2019, European internet users were asked if they had personally experienced online identity theft in the previous three years. Around 9 in 10 (92%) claimed they had never experienced it.


Of the remaining respondents, 3% claimed to have experienced identity theft once.

And 2% stated “two or three times”. Just 1% have been victims on more than three occasions.

Lastly, 2% of respondents did not know if they had personally experienced identity theft in the last three years.

Almost half of all compromised accounts are taken over within a day (Javelin)

Given the sheer amount of data breaches, authorities are well aware of the risks. Yet fraudsters act quickly, very quickly.

Research indicates that around 40% of account takeovers take less than 24 hours to complete.

Some stolen credit cards are sold on the dark web for under $1 (Symantec)

Once data is obtained it often ends up on the dark web.

Despite the large financial cost associated with losing a credit card, thieves commonly sell stolen details for as little as $0.50 per credit card.

Cards with full details tend to be priced at $1 to $45 each.

Identity Theft Victims

The average identity fraud victim is 30-39 years old (FTC)

In the US, the most common victims of identity theft are aged 30-39 years old. This is closely followed by those aged 40-49 years old.


The least likely age group to fall victim to identity theft by raw numbers is 80+.

Here’s the full breakdown of identity theft complaints lodged with the Federal Trade Commission in the US in 2020 by age:

Rank* Age Group Complaints Proportion of Complaints
1 30-39 years 306,090 24.9%
2 40-49 years 302,678 24.6%
3 50-59 years 244,183 19.9%
4 20-29 years 190,916 15.5%
- Average 153,534 -
5 60-69 years 123,112 10%
6 70-79 years 39,009 3.2%
7 19 and under 23,651 1.9%
8 80 and over 9,915 0.8%

*Based on the raw number of Federal Trade Commission complaints.

More than 1 million children fall victim to identity fraud annually (Identity Theft Resource Center)

Despite a relatively low number of lodged complaints, children are commonly the victims of stolen identity. The Identity Theft Resource Center reports that around 1.3 million children’s records are stolen each year. And foster children are at the most risk.


In fact, there was a 63% increase in reported child identity thefts in 2021 compared to 2019.

Using social media significantly increases your risk of identity theft (Javelin)

Social media presence has been found to be a significant risk factor for identity theft.

Individuals who are active on social media are 30% to 46% more likely to be at risk of identity theft and/or account takeovers.

Americans are statistically likely to know a victim of identity theft (Consumer Sentinel Network)

Approximately 20% of US citizens were a victim of identity fraud in 2021.

If this doesn’t sound accurate, it may be due to the fact that more than 1 in 10 (11%) identity theft victims do not want police reports taken.

Between $24 million and $55 million is lost annually to card ID theft in the UK (UK Finance)

There are several types of identity theft and related fraud including card ID theft.

In the UK, millions of pounds are lost every year through card ID theft. In 2008 and 2018, the figures peaked at 20-year highs of over £45 million ($55 million).

Even during quieter years like 2002 and 2011, card ID theft still surpasses at least £20 million ($24.5 million).

Over $200 million is lost every year to ATM fraud in Europe (European ATM Security Team)

In Europe, ATM fraud rose year-over-year between 2013 and 2017. But dropped significantly in 2018 and remained low the following year.


Here’s a closer look at ATM fraud in select European countries over time:

Year Reported Losses Difference Over Previous Year
2010 €268 million ($281 million) -
2011 €234 million ($245 million) ↓ $36 million
2012 €265 million ($278 million) ↑ $33 million
2013 €248 million ($260 million) ↓ $18 million
2014 €280 million ($294 million) ↑ $34 million
2015 €327 million ($343 million) ↑ $49 million
2016 €332 million ($348 million) ↑ $5 million
2017 €353 million ($370 million) ↑ $22 million
2018 €247 million ($259 million) ↓ $11 million
2019 €249 million ($261 million) ↑ $2 million

Well over half a million USD was lost in a single cryptocurrency heist in 2021 (DeFiYield)

Perhaps unsurprisingly, the rise of cryptocurrency has led to a rise in crypto theft.

Between 2020 and 2021, the value of crypto lost to security threats increased by around 9x.

A single incident in August 2021 saw approximately $610 million stolen in one of the biggest crypto heists of all time.

More than $5.8 billion is lost due to each year (FTC)

Reported losses from fraud are on the rise according to the FTC.

In 2019 approximately $1.8 billion was lost due to fraud. This figure grew to $3.3 billion in 2020. And this increased further to $5.8 billion in 2021.


Reluctance to report means that these figures are likely lower than the real amount.

Global data breaches rose year-over-year between 2013 and 2017 (Gemalto)

The above data supports the general upward trend of worldwide data breaches leading up to 2019.

In H1 2013, there were 357 global data breaches. By H2 2017, this total had more than tripled to 1,085.

Curiously, H1 for 2013-2016 saw more breaches than H2 for those respective years. Only 2017 saw more data breaches in the second half of the year from the available data.

Here are the full data records for worldwide data breaches between 2013 and 2018:

Year Data Breaches Change Over Previous year H1 H2
2013 699 - - 357 342
2014 928 ↑ 229 ↑ 32.76% 476 452
2015 1,001 ↑ 73 ↑ 7.87% 552 449
2016 1,050 ↑ 49 ↑ 4.9% 621 429
2017 1,765 ↑ 715 ↑ 68.1% 680 1,085
2018* - - - 609 -

*Incomplete data set.

California has seen over 2x more data breaches than any other state since 2005 (comparitech)

Looking at US states, California has seen the most data branches (1,777) between 2005 and 2020.

New York (863) and Texas (819) follow in terms of data breaches.

No state has had more personal records lost/stolen than California (comparitech)

California has seen over 5.6 billion personal records lost/stolen between 2005 and 2020.

Oregon (1.38 billion) and Maryland (388 million) are second and third for records lost/stolen respectively.

Here’s the full list of US states by number of records lost/stolen between 2005-2020:

State Rank State* No. of Records Lost/Stolen Data Breaches
1 California 5,604,164,335 1,777
2 Oregon 1,380,348,717 182
- US** 1,358,221,906 186
3 Maryland 388,461,514 285
4 Florida 355,660,019 638
5 Georgia 355,331,875 365
6 Virginia 311,628,882 359
7 New York 295,801,833 863
8 Texas 294,847,285 819
9 New Jersey 150,028,157 269
- District of Columbia 148,382,228 189
10 Indiana 110,351,941 269
11 Washington 81,289,253 299
12 Minnesota 45,470,352 246
13 North Carolina 27,406,656 290
14 Nevada 25,752,176 92
15 Illinois 21,582,351 533
16 Pennsylvania 17,614,927 438
17 Arizona 10,905,610 181
18 Michigan 10,851,171 226
19 Tennessee 9,612,731 223
20 Wisconsin 8,173,146 163
21 South Carolina 7,656,310 102
22 Connecticut 7,511,586 191
23 Colorado 7,372,814 244
24 Oklahoma 7,347,113 75
25 Massachusetts 7,302,719 431
26 Kansas 6,387,245 81
27 Ohio 6,278,403 361
28 Alabama 5,759,952 127
29 Missouri 4,589,556 202
30 Utah 4,546,054 117
31 Maine 4,378,565 69
32 Kentucky 3,623,799 136
33 Iowa 2,484,067 114
34 Alaska 2,255,560 42
- Puerto Rico 1,685,456 33
35 Montana 1,637,832 72
36 Arkansas 1,568,464 74
37 Nebraska 1,507,583 65
38 Idaho 1,286,990 50
39 Louisiana 749,802 83
40 Hawaii 682,982 33
41 Delaware 636,171 50
42 New Hampshire 598,140 104
43 New Mexico 519,795 68
44 North Dakota 440,698 19
45 Mississippi 370,565 41
46 Vermont 245,441 82
47 Rhode Island 206,955 67
48 West Virginia 108,432 30
49 Wyoming 103,063 22
50 South Dakota 45,179 21

*Includes other districts.

** Represents nationwide data breaches that cannot be pinned to a specific state.

Identity Theft Risk Factors

Almost 9 in 10 people leave personal information exposed online (NortonLifeLock)

There are various risk factors when it comes to identity theft - most of which are entirely preventable.

In total, 9 in 10 people allow personal information to be exposed online while doing activities such as using email services or accessing bank accounts.


6 out of 10 people believe their personal information is not at risk when using WiFi (NortonLifeLock)

In general, people are waking up to the importance of cybersecurity, but there is still a long way to go.

Just 40% of consumers believe their personal information could be at risk when using public WiFi.

86% of internet users do not use a VPN (Symantec)

Virtual private networks (VPNs) are a solution that is being increasingly adopted.

But just 14% of internet users currently protect their WiFi using a VPN.

Almost half of all identity theft victims claim to have shopped online prior to an attack (Experian)

The route of identity theft, at least in the US, appears to be irresponsible online shopping habits.

Nearly half (43%) of US identity theft victims reported shopping online prior to the cyberattack.

Around 2 in 5 people would happily use public WiFi for internet shopping (Experian)

An increase in online shopping during the pandemic has seen online fraud incidents skyrocket.

Yet, 42% of shoppers claim they would use public WiFi networks to shop in the future.

Around 4 in 5 Americans share passwords (Google)

Data shows that 79% of Americans claim to share passwords with family or friends.


While 65% of people reuse passwords across multiple websites.

Despite this, just 13% of people surveyed admit to being worried about identity fraud.

Outcomes of Identity Theft

More than half of surveyed Brits are at least partially concerned about identity theft (European Commission)

Concern in the UK over identity theft appears to be considerably higher than in the US.

29% of people are “very concerned”, while 38% are “fairly concerned”.

Around one-third of people are not very concerned with 12% “not at all concerned”. The final 1% “don’t know”.

An average of $500 is lost by each fraud victim per year (FTC)

The above concerns are seemingly justified by the amount lost to fraud.

According to the FTC, the average amount lost to fraud was $500 in 2021.


The elderly may be less common fraud victims, but the median amount lost is 3x more ($1,500) for 80+ year-olds.

Nearly half of all fraud victims feel like they can no longer trust family members (Identity Theft Resource Centre)

As well as financial loss, identity theft can have damaging emotional and physiological effects.

One study found that 77.3% of victims suffered increased stress. And 54.5% became more fatigued and experienced lower energy.

Personal relationships can also suffer as 45% of fraud victims do not feel they can trust family members after the fact. And 55% stated new trust issues among friends.

Preventative Measures for Identity Theft

Parental controls are the most commonly used online protective measure (NortonLifeLock)

There are many preventative measures that internet users take to protect online activities and personal information.

Here are the results from a 2021 worldwide survey:

Rank Preventative Measure Share of Respondents
1 Used online parental controls* 33%
2 Changed default privacy settings on the device 29%
3 I have not done anything 29%
4 Used and identity theft protection service (US only) 27%
5 Disabled third-party cookies in a browser 26%
6 Enabled multi-factor authentication 26%
7 Used something other than the full name for social media 22%
8 Used an encrypted email service or messaging app 18%
9 Disabled microphone access on my device 18%
10 Used a VPN to encrypt information 16%
11 Deleted a social media account 16%
12 Used anonymous payment methods 15%
13 Used privacy monitoring service (US only) 14%
14 Asked a company what personal information they have about me on their personal records 8%

*Parents of minors only.


Identity theft isn’t going away. And the methods of obtaining unauthorized data continue to evolve.

Ultimately, the understanding and utilization of cybersecurity measures are pivotal in the battle to protect personal information.

If you enjoyed reading these statistics on identity theft, check out our related content on IT trends and cybersecurity startups.