Given the pace the online world operates at, the vulnerabilities of users are continuously being exploited by cyber criminals at a commensurate pace. Identity theft has emerged as one of the most serious and prevalent forms of cybercrime, especially for e-commerce customers. As these identity theft statistics we put together show, a substantial portion of information stolen in corporate data breaches subsequently results in further identity theft incidents.
While there is no part of the world completely untouched by the issue of identity thefts, the United States has maintained its unenviable position as the favorite target of global cyber crime.
Because of this, and also because a bulk of the reliable data on identity thefts pertains to USA, we have assigned special focus to ID theft crimes in the country, as tracked by agencies like the Federal Trade Commission (FTC) and the Identity Theft Resource Center.
This section answers important questions like “How many Americans are victims of identity theft each year?”
After covering some data on different types of identity thefts, the final section is related to consumer and business attitudes towards cyber crime.
Despite growing awareness of the basic steps one needs to take to ensure some degree of safety, a surprisingly high number of respondents in various surveys betray resistance to adopting these measures.
We are sure these carefully collected data points will help you develop a clearer understanding of the identity theft problem, including its extent, impact, causes, and possible means of control.
Want to keep your data safe? Then check out the best identity theft protection services to find your online shield!
Top ID Theft Statistics (Editor's Picks)
- There were 16.7 Million ID theft victims In the US in 2017 leading to the loss of over $17 billion.
- In the past year, 446,515,334 personal records were exposed in the US, not including the 1.68 billion non-sensitive exposed records.
- 40% of consumers across the world have been targets of ID theft at least once.
- 8 million records per day were stolen in the first half of 2018 worldwide, leading to 3.3B compromised data records.
- 1.3 million children have their identities stolen every year.
- Having a social media account increases the chance of ID theft by 46%.
- Famous data breaches in 2018: Facebook, Google+, Quora, MyFittnesPal.
- The global average cost per data breach incident rose to $3.86 Million in 2018.
Significant Identity Theft Statistics
1. More than 2 in 5 consumers worldwide have experienced a fraudulent event at least once.
How common is identity theft? According to online fraud statistics from the consumer credit reporting company Experian, 40% of consumers across the world have been targets at least once.
What country has the most identity theft? The highest incidence of such events is in the US and the lowest in the EMEA region.
As the 2019 Global Identity and Fraud Report puts it, this means that even the marketplace that is the most effective in mitigating online fraud has potentially left a full third of its digital customers vulnerable.
2. 978M people across 20 countries reported experiencing cybercrime in 2017.
How many people are affected by identity theft? Admittedly, while not all of these reported crimes mentioned above are related to identity theft, many of them do involve using false identities of consumers in some way.
The distribution of the number of people affected by identity fraud in each country almost matches the distribution of population across countries, which means China, India, and the USA occupy the three highest positions among the countries studied.
3. The number of identity theft victims in the US rose to 16.7M in 2017.
How many identities are stolen each day? In the US, based on the above data, that figure comes to more than 45,000 identities stolen every day. The cost of identity theft in 2017 amounted to over $17 billion.
However, 2017 was not the worst year in terms of losses caused by identity thefts. By comparison, 2012 was much higher at a loss value of $21.8 billion.
4. There were 174,523 incidents of identity fraud in the UK in 2017.
Identity theft statistics worldwide show a growth trend outside the US also. In the UK, eight out of ten of the identity fraud cases occurred online.
This is a 1% rise over 2016 and a massive 125% rise since 2007, showing that identity theft remains a massive problem.
There are more than 450 identity theft cases reported in the UK every day.
5. There were 944 breaches leading to 3.3B data records being compromised worldwide in H1 2018.
That’s more than 5 breaches causing more than a staggering 18 million records to be stolen every day in the first half of 2018!
Compared to the same period in 2017, the number of lost, stolen, or compromised records increased by 72%, though the total number of breaches slightly decreased over the same period, signaling an increase in the severity of each incident. Of these 944, 189 (20%) had an unknown or unaccounted number of compromised data records.
What is considered a data breach? A data breach is a security incident in which sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so.
How do data breaches happen? A data breach can occur in many ways. A criminal breach occurs when a cybercriminal successfully infiltrates a data source and extracts sensitive information.
6. 41,502 data breaches were reported in Europe between May 2018 and January 2019.
There is a silver lining to these concerning scam statistics, though. Since the General Data Protection Regulation (GDPR) took effect on May 25, 2018, there has been a marked improvement in voluntary reporting of data breaches in Europe.
Pre-GDPR, only a few sectors like telecom and banking were obliged to report data breaches.
The GDPR has also helped raise the public’s awareness of their rights under data protection law.
What is a data breach GDPR? GDPR is a regulation in European Union law that aims to give control to individuals over their personal data and to simplify the regulatory environment for international business.
7. The global average cost per data breach incident rose to $3.86M in FY18.
That would approximate to more than $3B lost in the first half of 2018. While the number of data breaches has come down marginally over the same period a year earlier, the average cost per incident has gone up by 6.4%.
This is the objective cost businesses are paying to cyber criminals, and it is going up almost every year.
What causes data breaches? Most data breaches are the direct result of cyber incidents, including phishing, malware, ransomware, brute-force attacks, compromised or stolen credentials, and hacking.
Other methods include theft of paperwork or data storage devices, and breaches caused by rogue employees and other insiders.
8. 83% of all records stolen in H1 2018 involved identity theft.
How often does identity theft occur? Identity theft has remained one of the most common types of data breaches, at least since 2013.
While identity theft statistics 2018 show a drop in the number of identity theft breaches by 26% over the first half of 2017, the number of records stolen through these incidents increased by 757%, representing 83% of all records stolen.
Data breaches statistics show a disturbing trend in the escalation of severity.
Though overall incident numbers are on the decline H1 2017 vs. H1 2018 (171 for H1 2017 and 123 for H1 2018), the number of records breached increased H1 2017 vs. H1 2018 (2.7 million and 359 million) respectively.
9. 31.7% of data breach victims experienced loss of personal data in 2016.
What is a breach of personal data? It refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.
Therefore, identity theft is not only a type of data breach but is also one of the most common outcomes of data theft. 31.7% of breach victims in 2016 later experienced identity fraud, compared to just 2.8% of individuals not notified of a data breach in 2016.
10. 28% of organizations say customer information or customer passwords are the information of greatest value to cyber criminals.
According to a global survey on data breaches in 2018, cyber criminals targeting organizations seem to be the most interested in stealing customer information.
12% say it’s the companies’ financial information, while another 12% say their strategic plans are the top information cyber criminals are looking for.
Other categories that rank slightly lower in terms of threat perception are R&D information, M&A information, and intellectual property.
11. 55% of businesses worldwide report an increase in online fraud-related losses between 2017 and 2018.
Within the US, the cybercrime statistics are even more serious, with 80% of businesses saying their fraud-related losses have increased.
These losses are predominantly related to account origination and account takeover attacks, both particularly damaging to brand reputation.
12. The number of consumer records exposed containing sensitive personally identifiable information in the US jumped by 126% from 2017 to 2018.
According to the latest report from the Identity Theft Resource Center, while the number of data breaches in the US came down by 23% from the all-time high of 1,632 in 2017 to 1,244 in 2018, there was a rise in the severity of these breaches.
As a result, the number of personal records exposed in 2018 rose up to 446,515,334 from 197,612,748 in 2017, which correlates to the expected increase in the number of identity theft victims in 2018.
This does not include an additional 1.68 billion non-sensitive records exposed.
13. In the US, identity theft makes up 13% of all recorded criminal complaints.
The high identity theft percentage makes it one of the biggest crime prevention issues in the US.
The figure is believed to have risen in the last two years with cyber criminals getting more sophisticated and the number of touch points where personal information can be accessed increasing.
14. The 30-39 age group experiences the highest number of identity thefts.
What age group is most commonly victimized by identity theft? It has been found that the number of reported cases of identity thefts falls consistently with increasing age.
The 20-29 and 19 and under groups also have lower reported cases compared to the 30-39 group.
It should be noted that this data comes with the caveat that the FTC report is compiled using reported cases of identity thefts and all actual cases might not get reported.
The answer to the question “How many people each year are victims of identity theft?” is not the same as “How many people actually report an identity theft?” According to another study by the Australian Payment Network, the 55-plus population, traditionally at risk from phone and email scams, is now experiencing a growing rate of identity theft.
15. Older people lose more money per theft case compared to the young.
While the number of internet identity theft cases might be higher (or at least, more widely reported) among younger consumers, it has been found that the average money lost per case is much higher for the older population.
For those over 80, the figure was about $1080 per case while for consumers in the 20-29 age group, the figure was about $400.
16. 1.3 million children have their identities stolen every year.
Child identity theft statistics 2018 show that a majority of these children are under the age of six.
Children make for appealing targets because they have blank credit files and it takes much longer for the fraud to be detected.
The impact might be unseen for a long time—often only when the child turns eighteen—but it can lead to serious issues like a student loan being denied.
17. Wyoming, Arizona, and California see the highest average dollar amount lost due to fraud.
According to identity theft statistics by state, while Nevada, Florida, and New Jersey occupy the top three spots in terms of number of identity thefts, the rankings change when it comes to the average monetary loss per theft incident.
The study also looks at each state’s policies that aim to protect its residents from identity fraud, and Delaware ranks last in this regard.
Common protections used by states include security freezes for minors and identity theft passports that help victims of ID theft recover their identities.
18. People with social media accounts face a 46% higher risk of identity fraud than those without.
Signing into social media networks from unsecured locations can make it easy for criminals to hack into accounts.
Today, many services use your social media credentials to sign you in, which can intensify the issue many times.
A number of these fraud cases involving social media identity theft might not have monetary costs but can do immense harm to the victim’s reputation if the hacker makes posts in his or her name.
19. The most notable compromised social media platform in 2018 was Facebook.
Facebook has been the undisputed leader when it comes to recent data breaches among social media platforms.
Among multiple incidents, including the Cambridge Analytica data misuse, one significant breach caused by a coding vulnerability allowed hackers to access tokens for 50 million accounts and view all information in users’ profiles.
Other victims of the biggest data breaches include Google+, which was breached twice impacting 53 million users, Quora (impact on 100 million users,) and MyFitnessPal (impact on 150 million users).
20. Hospitality company Marriott International had the highest number of reported records exposed in 2018, impacting 383 million people worldwide.
The data breaches list of recent times includes some of the most well-known companies across sectors.
Cathay Pacific and Delta in travel, Hudson Bay (5 million shoppers’ payment card information exposed) and Chegg, the online textbook site (40 million users’ profile details exposed) in retail, and UnityPoint Health (health insurance information of 1.4 million patients exposed) in health care were some other notable entries in the list of recent data breaches in 2018.
21. The 2017 Equifax data breach impacted 145.5 million US consumers.
One of the biggest data breach examples of recent times, indicative of the increasing magnitude of individual incidents, was reported by the credit reporting firm Equifax in September 2017.
The breach is believed to have begun in May, but was observed only by the end of July.
The incident also potentially affected up to 44 million British residents and 8,000 Canadian residents.
22. In November 2017, Hilton Worldwide Holdings paid $700,000 as compensation for a data breach involving exposure of 363,000 customer credit card numbers.
This answers the commonly asked question: “Can I sue for data protection breach?” The answer largely depends on the nature of your pre-existing legal relationship with the company that sustained the breach.
Suing a company for data breach-related damages is easier in Europe after the adoption of GDPR, but even in the US, many states have laws to punish companies that fail to make a timely disclosure of a data breach affecting its individual or business customers.
In the Hilton case, it was found that the hotel chain lacked reasonable data security and was too slow to tell customers about the intrusions.
23. Credit card fraud accounts for 30% of identity theft cases.
What are the five most common types of identity theft? According to the FTC data for 2017, after credit card fraud, the next in the list of most common types of identity theft is employment or tax-related fraud at 18.6% of all identity theft cases.
Other common types are phone or utilities fraud (12.5%), bank fraud (11.4%), loan or lease fraud (6.8%), and government documents or benefits fraud (5.9%).
24. 14.2M credit card numbers were exposed in 2017, up 88% over 2016.
According to a report from the Identity Theft Resource Center on credit card theft, the number of credit card numbers exposed in 2017 totaled up to 14.2 million.
In addition, nearly 158 million Social Security numbers were exposed in 2017, an increase of more than eight times the number in 2016.
25. Online shopping identity theft attempts during the 2017 holiday season increased 22% over the corresponding period in 2016.
The holiday season sees a spike in fraudulent transactions, with 1 out of every 85 transactions in 2017 being a fraudulent attempt. This was compared to 1 out of every 97 transactions in 2016 and 1 out of every 109 transactions in 2015.
26. Money lost in reported impostor scams in 2017 amounted to $328M.
Impostor scams are cases where a scammer pretends to be someone you know and trust. These moved up to be the number one complaint to the FTC in 2017.
While not all impostor scams result in loss of money, one in five victims do lose a substantial sum, with the total value of money lost in 2017 being $328 million in the US alone.
27. More than 27% of data breaches in 2017 were medical or health care related.
Medical identity theft statistics 2018 do not foretell any significant drop in such incidents.
Medical identity theft tends to be more difficult to discover than other types of thefts because it happens when someone steals another person’s identity to receive medical services without any knowledge to the victim.
28. The US Postal Service received over 60,000 complaints of mail theft in 2016.
Criminals have been using mail identity theft to steal personal information for a very long time and aren’t stopping now.
The 60,000 complaints in 2016 resulted in over 2,000 convictions.
The relatively low identity theft conviction rate makes the risk-reward profile for such crimes very attractive for criminals.
29. E-commerce fraud increased by more than 30% in H1 2017 compared to H1 2016.
According to online identity theft statistics, e-commerce fraud is one of the most common consequences of identity theft today.
It occurs when a criminal uses stolen payment information or bank or credit card accounts that have been accessed fraudulently to make retail transactions without the account owner’s knowledge.
30. The transactional value of card-not-present fraud will reach $19.3B by 2022.
Card-not-present fraud is a type of online shopping fraud that occurs when the card is not physically presented during the purchase.
According to identity theft statistics, online payment fraud itself is expected to grow 13.7% annually between 2017 and 2022.
Digital banking fraud is expected to reach a value of $7.9 billion by 2022. As a result, $50.9 billion is expected to be spent on fraud detection and ID theft prevention software between 2017 and 2022.
31. Synthetic ID thefts are believed to have caused losses worth $800M for credit card issuers in 2017.
Synthetic ID theft involves creating a fictitious identity using various pieces of real and fabricated information, such as social security number, date of birth, address, phone number, and email.
While the immediate victim of such a fraud is the bank or credit card issuer, the individual whose identity is stolen ends up with the longer-term impact.
Synthetic identity theft statistics from Experian show that the average loss of money per incident is $6,000.
32. The cost of fraud related to account takeovers reached $5.1B in the US in 2017.
Account takeover (ATO) is a form of identity theft where a criminal gains access to a registered customer’s account.
This is different from synthetic identity theft, which involves mixing in made-up information with bits of actual information.
Internet crime statistics show a significant rise in account takeover fraud in recent times, with the first two quarters of 2018 seeing a 35% growth over the corresponding period in 2017.
33. The IRS stopped 443,000 confirmed identity theft tax returns in the first ten months of 2017.
This was a decline of 30% from the same period in 2016. The total number of such stopped returns in 2016 was 883,000, which was a 37% drop from 2015.
According to tax identity theft statistics 2018, the number of people reporting that they were victims of tax identity theft has also seen a steady decline in the last few years, but the absolute value of fraudulent returns attempted remains quite high with the figure hitting $14.5 billion in 2015.
34. The global cyber identity theft protection services market is expected to be worth $18.7B by 2025.
The market was valued at $4.98 billion in 2017. The growth in e-commerce, increasing comfort with making online payments, and the steady rise in identity theft numbers globally are considered the key drivers for this growth.
Geography-wise, while North America accounts for close to three-quarters of the market value, the greatest growth in this period is expected to come from the Asia Pacific region.
35. It can take up to 3 years to discover identity thefts.
Fraud statistics show that it takes most victims of identity theft about three months to find out that something’s wrong, but as many as 16% don’t find out for three years that they have been targets of identity fraud thefts.
When used for a financial crime, for example, this gives the cyber criminal enough time to extract small sums over months without getting noticed.
36. 15.3% of identity theft victims have had to sell possessions to pay for theft-related expenses.
The ITRC Aftermath study also shows how identity theft cyber crime can have financial and emotional impacts on the victims beyond the immediate loss of sensitive information.
26% of respondents had to borrow money from family or friends, 22% took time off work, 15.3% sold off possessions, and 6.7% obtained a payday loan.
37. 75% of identity theft victims report severe distress because their personal information is misused.
According to this report on victims of identity theft statistics, the emotional impact of identity theft can also be quite severe.
66% of identity theft victims report experiencing fear regarding their personal financial security, 53% felt a sense of powerlessness or helplessness, 25% sought professional help to cope with the experience, and 7% report being suicidal.
38. 65% of Americans are aware of identity protection services.
64% also state that they have a positive opinion of cyber and digital protection services.
Nearly half of global users state they are interested in digital protection services, with respondents from the US, Spain, Romania, and Italy showing the highest interest.
Some of the services that are of interest to respondents include: Alerting Service (57%), 24/7 Assistance Service (54%), Monitoring Service (48%), and Prevention Service (47%).
39. 57% of Americans are very worried about cybersecurity issues.
The widest awareness of cybersecurity risks is seen in the US, which could be partly driven by basic identity theft facts like the country is by far the biggest target, and the likelihood of having been a victim or knowing a victim is very high here.
39% of Americans know someone who has been the victim of an attack on their personal data.
91% of Americans indicate that they consider an attack against their personal data as “very stressful,” compared to 81% Europeans, according to these cyber attack stats.
40. 37% of Americans regularly update their credentials.
Identity theft trends show that changing one’s online credentials regularly is one of the smartest ways to avoid becoming the target of an identity theft.
In contrast to the fairly high number of American users who do this, the rate in some countries like the Czech Republic, Austria, Hungary, and Romania is less than 20%.
41. 88% of users have an anti-virus/anti-malware solution on their PC; only about 50% have it on their mobile or tablet.
This is a concerning figure since half of the web traffic globally now takes place through mobile devices. Identity theft statistics 2018 also shows that there has been a sharp increase in attacks taking the mobile route.
42. 75% of internet users have never used a VPN.
Using a VPN is a proven way of protecting online activities and minimizing the likelihood of identity theft, but identity theft statistics show that as many as 75% internet users have never used a VPN service.
Even among the remaining 25%, the number of those who use it regularly is likely to be quite low.
43. 87% of people have left their personal information exposed at some point.
Despite the rising awareness of the need to handle sensitive information carefully, an incredibly high number of people admit to having been careless when using online banking accounts, emails, or other important apps.
33% of Americans, according to another set of identity theft stats, admit to sharing their login information and passwords with others.
44. 60% of people consider public WiFi safe.
Three-fifths of the people surveyed said that they believe that their information is safe when they connect to public WiFi in restaurants, train stations, hotels, and other places.
The need to remain connected to the internet at all times for our many apps to stay functional puts people at risk of getting their identities stolen.
45. 43% of Americans admit to shopping using public WiFi.
This is another sign of how comfortable customers tend to be with public WiFi despite the obvious risks involved and the high rate of identity theft in the US taking place over public internet connections.
A greater awareness of these risks involved in using sensitive information like banking account details over public WiFi could help control the issue of ID thefts.
46. 52% of small businesses don’t invest anything in cyber theft security.
31% also don’t take any active precautions against cyber theft. There is a misconception among small businesses that they are not the targets of choice of cyber criminals.
The quantum of data gained or value of identification theft information collected by attacking such entities might be small, but the relative ease of committing a theft turns small businesses into low-hanging fruit.
47. Nearly 50% of Americans think that identity thieves will not be interested in them because they have poor credit.
A misconception similar to the one seen in the previous point is common among consumers, too.
Financial fraud statistics show that there are multiple ways in which identity theft can be used to exploit the victim, irrespective of his or her creditworthiness or economic standing.
48. Only 27% of identity theft victims contacted law enforcement about the theft.
According to identity theft facts and statistics, only about 27% of people with identity theft complaints report contacting law enforcement about the theft. Of these, 87% indicate that a report was taken by the authorities.
Reasons for not approaching authorities could include blaming oneself for the theft, not considering the crime serious enough, or the monetary amount involved being low.
49. Computer crime statistics show that 1 in 5 consumers believe that stealing information online is not as bad as stealing property in real life.
The fact that over 20% of people believe that online crime is not as bad or serious as a crime in “real life” shows that many people remain uninformed of the menace of increase in identity theft.
Victims have been known to lose their entire life-savings within seconds because of data breaches, and we have already examined the financial and emotional impact of online fraud.
50. 13% of UK customers believe it is acceptable to use someone else’s credit card without their permission to shop online.
A further 17% believe that it is acceptable to use a false email or someone else’s email to identify themselves.
Such beliefs are indications that many customers still do not take online fraud as seriously as they would any type of fraud or misrepresentation in real life.
Apart from using all kinds of technology to prevent cyber crime, a key takeaway from these identity theft statistics is that a change in people’s attitudes toward this increasingly serious problem is also needed.
