1. Home
  2. Finance
  3. Identity Theft Protection
  4. Identity theft statistics

2022 Identity theft statistics

Trends and statistics about identity theft

Author picture
Written by
Edited by
Reviewed by

Take an Identity Theft Quiz. Get matched with an Authorized Partner.


    According to the Federal Trade Commission's “Consumer Sentinel Network Data Book,” the most common categories for consumer complaints in 2021 were:

    1. Identity theft
    2. Imposter scams (a subset of fraud)
    3. Credit bureaus, information furnishers and report users

    “Government documents or benefits fraud” was the most prevalent type of identity theft case — more than 395,000 people reported that someone submitted a fraudulent government document under their name.

    As the COVID-19 pandemic continues in 2022, the FTC also continues to send out warnings of scams targeting Americans working and studying from home.

    Similar warnings come from the business sector as well. “When you are working from home, you are not behind the castle walls anymore,” said John Hammond, a cybersecurity researcher at the security firm Huntress. “You are working with your own devices, away from the safe perimeter of corporate networks.”

    This situation creates an easier and more lucrative path for attackers to launch ransomware. From 2019 to 2020, the U.S. experienced a 311% increase in victims, with a total payout of $350 million. Global ransomware attacks then nearly doubled in 2021 compared with 2020, increasing by 93%, according to the NCC Group’s 2021 Annual Threat Report.

    Sophos’ State of Ransomware report showed a similar trend, with 66% of the organizations surveyed seeing ransomware attacks in 2021. For context, only 37% of respondents reported that they were hit by ransomware attacks in 2020. Experts believe one important contributing factor to the popularity of this kind of attack is the number of people still working from home.

    The FTC continues to advise consumers to be wary of cybercriminals exploiting coronavirus fears to steal personally identifiable information (PII). Financial information and medical information are especially susceptible right now.

    Register for the free FTC Consumer Alerts blog to keep up with recent tips, advice and scams.

    Cybersecurity and COVID-19

    According to the FTC, fraudsters are still at work creating scams perpetuating virus-related fear. Texts and robocalls concerning vaccines, COVID-19 cures and antibody tests are prevalent. Some scammers are even impersonating FTC staff to tempt people with nonexistent awards or funds related to the pandemic.

    The U.S. Department of Justice shut down hundreds of bogus websites in the first year of the pandemic, but plenty are still active. These sites are often disguised as government agencies or humanitarian organizations and promise coronavirus tests, relief payments or outright cures.

    They look legitimate, so it’s easy to click, but a click provides hackers the means to start phishing email campaigns and implant malware, all in an attempt to get personal and private information.

    For example, a link that seems like it should lead you to a map of “COVID-19 cases near me” could infect your phone or computer with spyware or ransomware. Remember to visit the Centers for Disease Control and Prevention or World Health Organization for safe, accurate information about coronavirus trends and statistics.

    According to the U.S government, the IRS and Equifax, common COVID-19-related scams in 2021 included:

    • Economic impact payment theft
    • Scammers impersonating government officials
    • Delivery scams
    • Fake COVID testing, vaccine and treatment scams
    • Unemployment benefits fraud
    • Fake charities made to look like real charities that deal with the COVID-19 pandemic

    5 cybersecurity tips for working from home

    Now that more Americans are working from home indefinitely, we asked the ConsumerAffairs Information Security team for some tips on how to stay safe online.

    For more on how to keep your devices safe while socially distancing or sheltering in place, the ConsumerAffairs Information Security team recommends visiting sans.org and staysafeonline.org.

    1. Secure your home network: Strong passwords and encryption are the best ways to secure your home network. Change your default administrator password before a hacker discovers you've left it set to the manufacturer’s default. Use WPA2 or WPA3 encryption so hackers can’t read the information you send. For more guidance, read about securing your wireless network.
    2. Limit access to your work device: Avoid giving anyone an opportunity to view confidential material without your authorization. Be sure to shut down or lock your work computer when you aren’t around. It’s too easy for friends and family to accidentally erase, modify or infect information on your device.
    3. Be careful where you click: Always hover over links before you click them to make sure the hyperlink is the same as the link-to address. Be extra cautious about emails from unknown people, especially if they seem random, illogical or threatening.
    4. Be skeptical of job offers: Cybercriminals use bogus employment posts to trick people into money laundering schemes (“money mules”) and collect their PII or financial information. Remote freelancers could be especially vulnerable.
    5. Protect your devices: If you haven’t already, ensure that your antivirus and anti-malware software is up to date.

    Who is most at risk for identity theft?

    Most identity thefts are crimes of opportunity. Identity thieves often target those who don’t regularly check for identity theft warning signs and are unlikely to report irregular activity on their credit reports. This means that several groups are especially vulnerable to identity theft.

    Children and seniors

    Everyone with a Social Security number is at risk for identity theft, but two demographics get targeted aggressively and often: the very young and the very old.

    • Children are targeted because identity thieves can use a child’s Social Security numbers to establish a fraudulent “clean slate.” Identity theft experts recommend parents monitor their kids’ credit reports to check for identity theft as often as their own.
    • Seniors are targeted most often over the telephone and through internet phishing scams. Some studies suggest that people become more trusting as they age, which explains why it’s more difficult for older adults to detect fraudsters.
    graph showing amount of money lost to fraud by age
    Younger adults lose money to fraud more often per capita, but when older people experience a fraud-related financial loss, the median amount is much higher, according to the Federal Trade Commission.

    Members of the military

    While deployed, active-duty members of the armed services are particularly vulnerable to identity theft because they may not notice mistakes on their credit reports or receive calls from debt collectors regarding a fraudulent charge. According to FTC reports, military consumers are most affected by government documents or benefits fraud and credit card fraud.

    • There were 17,407 total military consumer government documents or benefits fraud reports in 2021.
    • There were 9,379 total military consumer credit card fraud reports in 2021.
    • Military consumers’ reports of bank fraud increased by roughly 8.4% between 2020 and 2021.
    • Military members are also increasingly affected by loan or lease fraud.

    2021 military consumer loan or lease fraud reports

    Fraud typeTotal reportsDifference from previous year
    Business/personal loan5,607+80%
    Auto loan/lease1,184-11%
    Apartment or house rented334-17%
    Nonfederal student loan370-5%
    Federal student loan225-34%
    Real estate loan310-9%

    Social media users

    It’s relatively easy for cybercriminals to discover a person’s name, date of birth, phone number, hometown and other sensitive information through social media and networking sites. With this information, an identity thief can target victims for phishing and imposter scams.

    • Last year, the FTC processed 15,374 email or social media identity theft reports, a 9% increase from 2020.
    • Fraud victims in the U.S. reported losing close to $800 million through social media in 2021 alone, according to the FTC.
    • In 2021, posting a picture of a “proof of vaccination” card on social media became popular. Doing that reveals full name and birthdate, enough information for a cybercriminal to get to work. “Please — don’t do that! You could be inviting identity theft,” the FTC stated in a release.
    chart showing the number of social networking identity theft cases each year
    According to the FTC, identity theft reports involving social networking are increasing.

    Repeat victims

    People who have previously been affected by identity theft are at a greater risk for future identity theft and fraud. “Three out of every ten people tell us this happened to them before and now they’re dealing with it again,” said the ITRC's Velasquez.

    For more information about how victims of identity theft can protect themselves from future fraud, read about the identity theft recovery process.

    The deceased

    Identity thieves can target the recently departed with information gleaned from public obituaries and access the deceased’s Social Security number through the Social Security Administration’s master files.

    Stealing a dead person’s identity is commonly referred to as “ghosting.” Ghosting often goes unnoticed by surviving family members for months or years.

    Where is identity theft most common?

    The FTC collects reports from consumers on a range of marketplace experiences and stores them in a secure online database. FTC statistics also include reports from other organizations, including federal, state, local and international law enforcement agencies. Out of over 5.7 million reports last year, slightly more than 25% were related to identity theft.

    map of the united states showing identity theft reports per state

    According to the FTC, in 2021, Rhode Island had the highest rate of identity theft reports per capita, but Texas had the highest total number of reports overall.

    Identity theft statistics by state

    Rank & stateReports per 100,000Total reports
    1. Rhode Island2,85730,270

    2. Kansas

    3. Illinois924117,056
    4. Louisiana73234,043
    5. Georgia61865,666
    6. Nevada58417,985
    7. Colorado58333,572
    8. New York563109,466
    9. Delaware5605,449
    10. Florida515110,675
    11. Texas504146,095
    12. Maryland49329,778
    13. Ohio43150,421
    14. Pennsylvania42554,460
    15. Alabama40219,691
    16. Arizona38628,108
    17. New Jersey35931,857
    18. South Carolina34317,642
    19. California337133,119
    20. Mississippi3339,906
    21. Tennessee29720,254
    22. North Carolina28930,318
    23. Massachusetts24016,566
    24. Kentucky23310,416
    25. Virginia22519,214
    26. New Mexico2204,611
    27. Missouri21813,372
    28. Hawaii2112,993
    29. Arkansas2116,358
    30. Michigan20620,556
    31. Wisconsin19311,253
    32. Oregon1908,016
    33. Utah1896,060
    34. Connecticut1876,666
    35. Indiana17611,866
    36. Oklahoma1736,850
    37. Washington17012,917
    38. Minnesota1689,457
    39. Maine1672,239
    40. New Hampshire1622,205
    41. West Virginia1592,845
    42. Idaho1522,719
    43. Vermont132825
    44. North Dakota131999
    45. Nebraska1252,409
    46. Alaska122896
    47. Iowa1193,758
    48. Wyoming107620
    49. Montana1061,130
    50. South Dakota76673

    Top 10 metropolitan statistical areas for identity theft reports

    Rank & MSAReports per 100,000Total reports
    1. Providence-Warwick, RI-MA1,98132,176
    2. Lawrence, KS1,7792,175
    3. Topeka, KS1,5483,591
    4. Wichita, KS1,3788,825
    5. Lafayette, LA1,2125,931
    6. Baton Rouge, LA1,18410,126
    7. Tuscaloosa, AL1,1532,907
    8. Manhattan, KS1,0621,384
    9. Chicago-Naperville-Elgin, IL-IN-WI97592,239
    10.Memphis, TN-MS-AR92412,434

    Bottom line

    Anyone with a Social Security number can be the subject of identity theft, but according to the FTC’s 2021 Sentinel Data Book, published in February 2022, the most targeted victims are between the ages of 60 and 69. We can’t completely eliminate identity theft, but people who regularly monitor their accounts, bills and credit reports can lower their risk.

    If you think you’re a victim of identity fraud, work with the FTC to restore your accounts and get on the road to recovery.

    Identity theft terms

    The better people understand identity theft, the more equipped they are to protect themselves. Our identity theft glossary below is regularly updated to include the most recent identity theft terms in the news.

    • Account takeover: An account takeover is when a fraudster uses personal information to obtain products and services. Credit card fraud is the most rampant, but skimming and phishing are also common types of account takeovers.
    • Anti-virus: Anti-virus software runs continuously in the background of a computer and scans for viruses, worms and malware every time the user accesses a website or downloads anything.
    • Bait and switch: A bait and switch attack is when a hacker buys advertising space on a webpage and then links the advertisement to a page infected with malware.
    • Black hat hacker: All hackers are capable of compromising computer systems and creating malware, but black hat hackers use these skills to commit cybercrimes.
    • Blockchain: A blockchain is a string of time-stamped digital records shared between multiple computers. If the data in one block changes, all subsequent blocks in the blockchain reflect the alteration and become invalid. Blockchains help prevent identity theft and fraud by making it difficult to tamper with the data in a block.
    • Bot: Short for “robot,” a bot is an autonomous program that interacts with computer systems in a way that appears or attempts to appear human. Hackers can use bots to mine for usernames and passwords used to commit identity fraud.
    • Cookie theft: Cookie theft is when a cybercriminal makes copies of unencrypted session data and then uses that data to impersonate someone else.
    • Credential cracking: Credential cracking describes the various methods — word lists, guessing and brute-force — cybercriminals use to obtain passwords. Credential cracking threats are why it’s important to create varied and complicated passwords for all accounts.
    • Criminal impersonation: Someone commits criminal impersonation when they assume a fake or false identity, usually for political or financial gain.
    • Cybersquatting: Also sometimes called domain squatting, cybersquatting is when a domain name is stolen or misspelled to attract users for exploitation or profit.
    • Cryptovirology: Cryptovirology is the study of how cryptology is used to create dangerous malware.
    • Data breach: A data breach is when private or confidential information is released to an untrusted environment. Cybercriminals can infiltrate a data source physically or remotely bypass network security to expose passwords, banking and credit data, passport and Social Security numbers, medical records and more.
    • Dark web: The dark web, also known as the deep web or invisible web, is a part of the internet that’s not accessible through standard search engines such as Google or Bing. It's often accessed through Tor Browser software, which keeps visitors anonymous and untraceable. It’s not illegal to be on the dark web, but many illegal transactions occur on the dark web (such as buying credit card or Social Security numbers).
    • Denial-of-service attack: A denial-of-service (DoS) attack potentially causes a victim’s server or network to become overwhelmed with traffic, resulting in a denial of service to legitimate traffic. At this point, the victim’s data is also locked or is under threat of a leak. The victim is pressured to pay to stop the attack and regain control of their data.
    • Distributed denial-of-service attack: A distributed denial-of-service (DDoS) attack uses a network of distributed computers to direct junk traffic at the targeted website.
    • Encryption: Encryption is a way to scramble data using computer algorithms to prevent unauthorized access to data or sensitive information.
    • Firewall: In computing, a firewall is a software program that blocks unauthorized users from getting in without restricting outward communication.
    • Formjacking: Formjacking is when a hacker infiltrates an e-commerce checkout page to steal credit card information. It's similar to ATM skimming for the internet age.
    • Ghosting: In the context of identity theft, ghosting refers to when someone steals the identity of a dead person.
    • Grey hat hacker: Grey hat hackers’ ethics are somewhere between black and white hat hackers. Grey hat hacking involves illegal cyberactivity, but the hacker often reports vulnerabilities to the system’s owner and requests a fee in exchange for the information — if a system's owner does not comply with their request, the grey hat hacker usually exploits the newly discovered cybersecurity vulnerability.
    • Honeypot: A honeypot is a decoy target used to mitigate cybersecurity risks or get more information about how cybercriminals work.
    • Identity cloning: Identity cloning is a type of identity theft in which a fraudster assumes someone else’s identity and attempts to live under that assumed identity.
    • Identity score: Similar to a credit score, an identity score is a system that gauges an individual’s data for legitimacy.
    • Imposter scam: Imposter scams involve a fraudster posing as a different person for financial or political gain. Usually, the imposter tricks others into giving them money through email, over the phone or via online dating services.
    • Internet of Things: The Internet of Things, or IoT, describes the interconnectedness of all devices that access WiFi, including cell phones, cameras, headphones and an increasing number of other objects, including washing machines and thermostats.
    • Keylogger: A keylogger is a computer program that records a person’s keystrokes to obtain confidential data.
    • Malware: A portmanteau of “malicious” and “software,” malware describes any software created with the specific intent to cause disruption or damage. Trojans, bots, spyware, worms and viruses are all types of malware.
    • Passive attacks: Any network attack where the system is monitored or scanned for vulnerabilities is considered “passive attack” because the targeted data isn’t modified or damaged.
    • Pharming: Sometimes called “phishing without a lure,” pharming is a type of scam where malicious code is installed onto a device or server to misdirect users onto illegitimate websites.
    • Phishing: Phishing is a popular type of internet scam in which fraudsters send emails claiming to be from a reputable company to trick individuals into revealing personal information. Phishing attacks more than doubled from 2019 to 2020, from 114,702 incidents to 241,324 incidents.
    • Physical identity theft: Unlike wireless identity theft, physical identity theft requires an identity thief to be in close proximity to their target. Examples of physical identity theft include stealing a wallet or computer, dumpster diving and postal mail theft.
    • Proxy server: A proxy server establishes a substitute IP (Internet Protocol) address identity. When you connect online, your computer’s IP address is transmitted to websites and establishes your location and may give other identifying details. Proxy servers allow users to connect to the internet anonymously and bypass blocked or restricted websites.
    • PowerShell: An automated task framework by Microsoft, PowerShell can be embedded in applications to automate batch processing and systems management tools.
    • Ransomware: Ransomware is a type of malware that threatens to expose or block an individual's or business’ data unless a ransom is paid.
    • SIM swap scam: Sometimes called a port-out scam or SIM splitting, a SIM swap scam is a complex type of cell phone fraud that exploits two-factor authentication to access data stored on someone’s cell phone. Put simply, if a fraudster has your phone number, they can call your phone company and ask to have the number transferred to “your” new phone. The fraudster then has access to all of your accounts that use two-factor authentication.
    • Skimming: Skimming is a type of credit card fraud in which the victim’s account numbers are copied and transferred to a counterfeit card.
    • Smishing: Similar to phishing, smishing (or SMS phishing) is when someone attempts to mine sensitive information under a fake identity through text messages.
    • Sockpuppet: Sockpuppetting is when a person assumes a false identity on the internet for the purpose of deception.
    • Spoofing: A spoofing attack is when an illegitimate website falsifies data to appear as a trustworthy website to visitors.
    • Spyware: Spyware is any software designed to gather data from an individual or enterprise. The four primary types of spyware are adware, Trojan horses, tracking cookies and system monitors.
    • Synthetic identity theft: Synthetic identity theft is when a criminal combines stolen and fake information to create a new, fraudulent identity.
    • System monitor: Much like it sounds, a system monitor is an application that surveils computer activity. System monitors usually run unnoticed and can record passwords, chats and emails, websites visited and other sensitive or identifying data.
    • Tracking cookie: Websites use tracking cookies to gather and share data from their visitors. Unlike malware, tracking cookies won’t damage computer systems, but they can create privacy concerns. Google has stated it intends to eliminate the use of third-party cookies by the end of 2023.
    • Trojan horse: Like its classical namesake, a Trojan horse is a type of malware disguised to appear like safe software. Cybercriminals use Trojans to access sensitive data and gain access to private systems.
    • Waterhole attack: A waterhole attack occurs when a hacker targets a specific group or community. The hacker infects an individual within the targeted group with malware in an attempt to infect the entire group.
    • Wireless identity theft: Also sometimes called contactless identity theft or RFID identity theft, wireless identity theft is committed by wireless mechanics. Examples of wireless identity theft include phishing and spoofing.
    • Whaling: Whaling is a phishing attack that targets high-level employees within a company to steal confidential information or sensitive data.
    • White hat hacker: Unlike a black hat hacker, a white hat hacker uses their ability to break computer networks or bypass security protocols for good rather than evil. White hat hackers are often employed by governments or companies to perform vulnerability assessments.
    • Worm: A worm is a type of malware that self-replicates and spreads from computer to computer.
    • Virus: Similar to worms, viruses make copies of themselves. The main difference between viruses and worms is that viruses require a host program to spread.
    • Vishing: Like phishing or smishing, vishing is when an identity thief attempts to gain sensitive information over the phone.
    • Zero-day exploit: A zero-day exploit is when cybercriminals target a software the same day weakness in that software is discovered and before a patch can be released to fix the vulnerability.
    Did you find this article helpful? |
    Share this article