Identity Theft

The Scope of Identity Theft

According to Javelin Strategy & Research, in 2017, there were 16.7 million victims of identity fraud, a record high that followed a previous record the year before. Criminals are engaging in complex identity fraud schemes that are leaving record numbers of victims in their wake. Accumulative losses hit $16.8 billion in 2017 as 30 percent of U.S. consumers were notified they were exposed to a data breach in 2017, an increase of 12 percent from 2016. For the first time in history, more Social Security numbers were exposed than credit card numbers.

Following the introduction of microchip equipped credit cards in 2015 in the United States, which make the cards difficult to counterfeit, criminals focused on new account fraud. New account fraud occurs when a thief opens a credit card or other financial account using a victim’s name and other stolen personal information. According to the Javelin study, account takeovers tripled in 2017 from 2016, and losses totaled $5.1 billion.

Identity theft and fraud complaints

The Consumer Sentinel Network, maintained by the Federal Trade Commission (FTC), tracks consumer fraud and identity theft complaints that have been filed with federal, state and local law enforcement agencies and private organizations. Of the 3 million identity theft and fraud reports received in 2018, 1.4 million were fraud-related, and 25 percent of those cases reported money was lost. In 2018, consumers reported losing about $1.48 billion related to fraud complaints, an increase of $406 million from 2017. The median amount consumers paid in these cases was $375. Within the fraud category, imposter scams were the most reported and ranked first among the top 10 fraud categories identified by the FTC. They accounted for $488 million in losses. In 2018, 15 percent of all complaints were related to identity theft. Identity theft complaints were the third most reported to the FTC. Identity theft claims fell from 2015 to 2018 by 9.3 percent, but began to increase again in 2018 and were up 19.8 percent from 2017 to 2018.


As businesses increasingly depend on electronic data and computer networks to conduct their daily operations, growing pools of personal and financial information are being transferred and stored online. This can leave individuals exposed to privacy violations, and financial institutions and other businesses exposed to potentially enormous liability, if and when a data security breach occurs.

Act Now to Protect Yourself

As new research on identity theft continues to roll in, it paints an unsettling picture of how good crooks are getting at their craft. Although the number of U.S. breaches fell in 2018, the number of records exposed containing sensitive, personally identifiable information (such as Social Security and financial-account numbers) spiked by 126% from the year before, according to a report from the Identity Theft Resource Center. “That tells us thieves aren’t committing less crime—they’re just getting better at it,” says Eva Velasquez, president and CEO of the ITRC.

One of the largest breaches disclosed in 2018 was at Marriott International, which admitted in November that its Starwood guest reservation database had been hacked starting in 2014. That exposed up to 383 million guest records (though the number of guests affected is likely smaller because of multiple records). Many records contained sensitive data such as passport numbers, addresses, dates of birth and, in some cases, customers’ payment-card information. Quora, an online question-and-answer platform, also discovered a breach of account information including names, e-mail addresses and passwords of up to 100 million users. Hackers may try to enter stolen usernames and passwords into other sites—say, those of banks or retailers—in hopes that some customers reuse their log-in details across several accounts. “The chances that some of those credentials will work on one or more other websites are exceptionally high,” says Velasquez.

Fortunately, none of those 2018 breaches involved Social Security numbers—a key piece of information a thief can use to run away with someone else’s identity. But the 2017 Equifax data breach exposed the names, Social Security numbers, birth dates and other sensitive data of more than 145 million Americans. Those bits of info are permanent pieces of your identity, and they may sit idle for years before a criminal puts them to work.

Sophisticated schemes. Imposter scams, in which crooks claim to be representatives of the IRS, Social Security Administration or other entities in attempts to glean personal information or money from their targets, topped the list of consumer complaints submitted to the Federal Trade Commission in 2018—the first time such scams have reached the number-one spot. Scammers are taking aim at both consumers and businesses with increasingly realistic “phishing” e-mails, persuading individuals to click on links or attachments that could infect their computers with malware or prompt them to send sensitive information.

Credit and debit card fraud

The U.S. transition to credit and debit cards equipped with microchips—and payment terminals that accept chip transactions—is reducing fraud on existing card accounts. If ID thieves try to intercept chip transactions, they can’t get enough usable data to create counterfeit cards. Losses from fraud on existing card accounts fell from $8.1 billion in 2017 to $6.5 billion in 2018, according to a recent report from Javelin Strategy & Research.

But payment terminals at gas pumps, in particular, are vulnerable to “skimming” of customer card data by crooks because gas stations don’t yet face liability for counterfeit-card transactions at the pump. Starting in October 2020, gas stations that haven’t upgraded to chip terminals at the pump may incur liability for such transactions.

Fraudsters are also going online to steal payment credentials. Through a method called formjacking, they embed malicious code on retail websites to grab customers’ payment information. Such fraud affected more than 4,800 websites per month last year, on average, according to a recent report from Symantec. Small and midsize retailers are often targets, although well-known companies such as British Airways and Ticketmaster have been hit, too.

Phishing - Don't get taken in by fake messages

Phishing can come in the form of e-mails, texts, social media messages or phone calls that try to extract personal information from you or infect your device with malware. These devious messages may address you by name, appear to come from a person or company you recognize, and mimic the look and tone of communications from your bank, social media accounts, credit card companies, employer etc.

If you fall for a phisher’s e-mail or other message and click on a nefarious link, or open a malicious attachment, your computer or phone is now owned by the bad guys. Criminals can monitor your activity, steal your log-in credentials to sensitive websites, spy on you by turning on your camera or microphone remotely, hold your data for ransom, and more.

Protect Yourself

While identity theft can happen to anyone, there are some things you can do to reduce your risk.

When you become a member of, you are joining a group of millions of Americans who believe their personal data should be confidential and not posted on the Internet without consent. As a united group of members of we can affect positive changes in the federal privacy laws that will enforce strict guidelines on corporations and entities that are publishing personal and confidential data on the Internet.

Become a member and gain access to our members only section which includes a members only forum, fraud & scam alerts, proposed changes to the federal privacy laws, tips on protecting your privacy and how to remove your personal information from the Internet and more.