Facts + Statistics: Identity theft and cybercrime

The scope of identity theft

According to 2018 Identity Fraud: Fraud Enters a New Era of Complexity from Javelin Strategy & Research, in 2017, there were 16.7 million victims of identity fraud, a record high that followed a previous record the year before. Criminals are engaging in complex identity fraud schemes that are leaving record numbers of victims in their wake. The amount stolen hit $16.8 billion last year as 30 percent of U.S. consumers were notified of a data breach last year, an increase of 12 percent from 2016. For the first time, more Social Security numbers were exposed than credit card numbers.

Following the introduction of microchip equipped credit cards in 2015 in the United States, which make the cards difficult to counterfeit, criminals focused on new account fraud. New account fraud occurs when a thief opens a credit card or other financial account using a victim’s name and other stolen personal information. According to the Javelin study, account takeovers tripled in 2017 from 2016, and losses totaled $5.1 billion.

Identity theft and fraud complaints

The Consumer Sentinel Network, maintained by the Federal Trade Commission (FTC), tracks consumer fraud and identity theft complaints that have been filed with federal, state and local law enforcement agencies and private organizations. Of the 3.1 million complaints received in 2016, 1.3 million were fraud-related, costing consumers over $744 million. The median amount consumers paid in these cases was $450. Within the fraud category, debt collection complaints were the most reported and ranked first among all 30 types of complaints identified by the FTC. They accounted for 28 percent of all the complaints reported to the FTC and 66 percent of all fraud complaints. In 2016 thirteen percent of all complaints were related to identity theft. Identity theft complaints were the third most reported to the FTC and had increased by more than 47 percent from 2013 to 2015 but fell about 19 percent from 2015 to 2016.

Identity Theft And Fraud Complaints, 2013-2016 (1)

id_theft_and_fraud_complaints_2013-2016.gif

(1) Percentages are based on the total number of Consumer Sentinel Network complaints by calendar year. These figures exclude "Do Not Call" registry complaints.

Source: Federal Trade Commission, Consumer Sentinel Network.

View Archived Graphs

How Victims' Information Is Misused, 2016 (1)

 

Type of identity theft fraud Percent
Employment or tax-related fraud 34.0%
     Tax fraud 29.2
Credit card fraud 32.7
     New accounts 25.6
Other identity theft 16.0
Phone or utilities fraud 13.1
Bank fraud (2) 11.8
Loan or lease fraud 6.8
Government documents or benefits fraud 6.6

(1) Percentages are based on the total number of identity theft complaints in the Federal Trade Commission’s Consumer Sentinel Network (399,225 in 2016). Percentages total to more than 100 because some victims reported experiencing more than one type of identity theft.
(2) Includes fraud involving checking, savings, and other deposit accounts and debit cards and electronic fund transfers.

Source: Federal Trade Commission.

View Archived Tables

Identity Theft By State, 2016

State Complaints per
100,000 population (1)		 Number of
complaints		 Rank (2) State Complaints per
100,000 population (1)		 Number of
complaints		 Rank (2)
Alabama 82.4 4,007 36 Montana 68.2 711 43
Alaska 96.1 713 25 Nebraska 83.1 1,584 35
Arizona 126.2 8,748 10 Nevada 135.8 3,993 9
Arkansas 77.2 2,308 39 New Hampshire 101.3 1,352 23
California 139.5 54,744 4 New Jersey 111.5 9,977 16
Colorado 112.0 6,203 15 New Mexico 96.9 2,016 24
Connecticut 137.9 4,933 6 New York 102.3 20,205 22
Delaware 155.9 1,484 3 North Carolina 96.1 9,746 26
Florida 166.8 34,384 2 North Dakota 61.3 465 47
Georgia 124.0 12,787 11 Ohio 94.8 11,009 27
Hawaii 55.2 789 50 Oklahoma 85.1 3,337 33
Idaho 80.1 1,348 37 Oregon 105.3 4,312 20
Illinois 138.0 17,660 5 Pennsylvania 109.7 14,030 17
Indiana 76.8 5,091 40 Rhode Island 115.1 1,216 13
Iowa 68.1 2,135 44 South Carolina 89.5 4,438 28
Kansas 87.1 2,532 31 South Dakota 58.1 503 49
Kentucky 65.3 2,898 45 Tennessee 86.0 5,718 32
Louisiana 69.7 3,264 42 Texas 119.2 33,214 12
Maine 87.9 1,170 29 Utah 83.2 2,540 34
Maryland 137.1 8,251 7 Vermont 62.0 387 46
Massachusetts 107.0 7,287 19 Virginia 104.3 8,772 21
Michigan 175.6 17,430 1 Washington 114.0 8,310 14
Minnesota 107.2 5,919 18 West Virginia 59.7 1,093 48
Mississippi 79.6 2,378 38 Wisconsin 87.5 5,054 30
Missouri 136.1 8,292 8 Wyoming 74.6 437 41

(1) Population figures are based on the 2016 U.S. Census population estimates.
(2) Ranked by complaints per 100,000 population. The District of Columbia had 198.5 complaints per 100,000 population and 1,352 victims.

Source: Federal Trade Commission, Consumer Sentinel Network.

View Archived Tables

See also the Identity Theft section of our Web site Click Here

Top 10 Writers Of Identity Theft Insurance By Direct Premiums Written, 2016 (1)

($000)

Rank Group/company Direct premiums written As a percent of total
1 Nationwide Mutual Group  $36,511 15.9%
2 State Farm Mutual Automobile Ins. 28,311 12.3
3 Travelers Companies Inc. 24,424 10.6
4 State National Companies Inc.  15,697 6.8
5 Allstate Corp. 11,816 5.1
6 American Family Insurance Goup 10,576 4.6
7 Hanover Insurance Group Inc. 10,494 4.6
8 Liberty Mutual 10,490 4.6
9 Erie Insurance Group  8,131 3.5
10 American International Group  7,649 3.3
  Total, top 10 $164,100 71.4%
  Total (2) $229,708 100.0%

(1) Includes stand-alone policies and the identity theft portion of package policies. Does not include premiums from companies that cannot report premiums for identity theft coverage provided as part of package policies.
(2) Direct premiums written in the U.S. and its territories, Canada and other foreign territories.

Source: NAIC data, sourced from S&P Global Market Intelligence, Insurance Information Institute.

Cybercrime

As businesses increasingly depend on electronic data and computer networks to conduct their daily operations, growing pools of personal and financial information are being transferred and stored online. This can leave individuals exposed to privacy violations, and financial institutions and other businesses exposed to potentially enormous liability if and when a breach in data security occurs.

Interest in cyber insurance and risk continues to grow as a result of high-profile data breaches and awareness of the almost endless range of exposure businesses face. In 2017, the largest U.S. credit bureau, Equifax, suffered a breach that exposed the personal data of 145 million people, including Social Security numbers.  It was among the worst breaches on record because of the amount of sensitive information stolen. A 2016 data leak, called the Panama Papers in the media, exposed millions of documents from the electronic files of Panamanian law firm Mossack Fonseka. In 2015, two health insurers, Anthem and Premera Blue Cross, were breached, exposing the data of 79 million and 11 million customers, respectively. The U.S. government has also been the target of hackers. Recent breaches at the Federal Deposit Insurance Corp. and the Internal Revenue Service follow multiple breaches in May 2015 of the Office of Personnel Management and the Department of the Interior where the records of 22 million current and former U.S. government employees were compromised.

Cyberattacks and breaches have grown in frequency, and losses are on the rise. Breaches again hit a new record in 2017, with 1,579 breaches tracked, up 44.7 percent from 1,091 in 2016, as business and government entities move toward timely reporting, according to the Identity Theft Resource Center (ITRC). The number of records exposed rose to about 179 million, compared with 37 million in 2016. The majority of the data breaches in 2017 affected the business sector, with 870 breaches or 55 percent of the total number of breaches. The business category has suffered the most breaches for the third year in a row. Medical/healthcare organizations were affected by 374 breaches (23.7 percent of total breaches). The banking/credit/financial sector ranked third as it sustained 134 breaches (8.5 percent of all breaches). These figures do not include the many attacks that go unreported and undetected.

In 2018 the IRTC tracked 425 breaches through the month of April. The number of records exposed totaled 14.8 million. The business category continues to be the most affected sector, with 180 breaches, or 42 percent of all breaches detected.  The business sector breaches affected 9.4 million records, or 63 percent of all records affected.  The IRTC noted that in April alone, unauthorized access was the most commonly used method for breaching organizations, accounting for 32 percent of all breaches in April.  This was the first time this category accounted for the majority of breaches since it was added in 2016.

In 2014 McAfee and the Center for Strategic and International Studies (CSIS) estimated annual global losses from cybercrime fall between $375 billion and $575 billion. The costs of cybercrime are growing. An annual study of U.S. companies by the Ponemon Institute cites estimated average costs at $15 million in 2015, up 21 percent from $12.7 million in 2014. These costs ranged among the 58 organizations surveyed from a low of $1.9 million to a high of $65 million each year per company. Cyber insurance evolved as a product in the United States in the mid- to late-1990s as insurers have had to expand coverage for a risk that is rapidly shifting in scope and nature. More than 60 carriers offer stand-alone policies in a market encompassing $2.75 billion in gross written premiums in 2015. By mid-2016 gross premiums written was estimated at $3.25 billion.

Number Of Data Breaches And Records Exposed, 2007-2016 (1)

num_of_data_breaches_and_rec_exp_07-16.gif

(1) As of January 18, 2017.

Source: Identity Theft Resource Center.

View Archived Graphs

Cybercrime Complaints, 2012-2016 (1)

cyb_crime_comp_12-16.gif

(1) Based on complaints submitted to the Internet Crime Complaint Center.

Source: Internet Crime Complaint Center.

View Archived Graphs

Top 10 States By Number Of Cybercrime Victims, 2016

Rank State Number
1 California 39,547
2 Texas 21,441
3 Florida 21,068
4 New York 16,426
5 Illinois 9,177
6 Maryland 8,361
7 Pennsylvania 8,265
8 Virginia 8,068
9 Ohio 7,052
10 Washington 6,874

(1) Based on the total number of complaints submitted to the Internet Crime Complaint Center via its website from each state and the District of Columbia where the complainant provided state information.

Source: Internet Crime Complaint Center.

View Archived Tables

Top 10 Writers Of Cybersecurity Insurance By Direct Premiums Written, 2016 (1)

($000)

Rank Group/company Direct premiums written As a percent of total
1 American International Group  $228,325 17.0%
2 XL Group Ltd. 160,809 12.0
3 Chubb Ltd.  133,599 10.0
4 Travelers Companies Inc.  92,189 6.9
5 Beazley Insurance Co. 83,908 6.3
6 CNA Financial Corp.  68,476 5.1
7 BCS Insurance Co. 55,411 4.1
8 AXIS Capital Holdings Ltd. 50,273 3.7
9 Liberty Mutual 34,343 2.6
10 Allied World Assurance Co.  32,533 2.4
  Total, top 10 $939,866 70.1%
  Total (2) $1,340,976 100.0%

(1) Includes stand-alone policies and the cybersecurity portion of package policies. Does not include premiums from companies that cannot report premiums for cybersecurity coverage provided as part of package policies.
(2) Direct premiums written in the U.S. and its territories, Canada and other foreign territories.

Source: NAIC data, sourced from S&P Global Market Intelligence, Insurance Information Institute.

Additional resources

Federal Trade Commission

Internet Crime Complaint Center

Back to top