Facts and Statistics
Find out more about the nation's fastest growing crime

More than ever, the information explosion, aided by an era of easy credit, has led to the expansion of a crime that feeds on the inability of consumers to control who has access to sensitive information and how it is safeguarded. That crime is identity theft.

The Identity Theft Resource Center not only conducts its own studies but reviews ones done by research groups and governmental agencies. The information below should be viewed as “what is known to date” and not as the final word about identity theft. This is a changing field and many studies have varying numbers due to the language and word definitions used in collecting data.

What everyone does agree upon is that identity theft remains the #1 concern among consumers contacting the Federal Trade Commission. Their fears are not unfounded. The facts on identity theft speak for themselves.

VICTIMIZATION DATA (Individuals):

• According to the Gartner study the 2006 victim population was at 15 million victims. That means every minute about 28 ½ people become a new victim of this crime, or a new victim in just over 2 seconds.
• Almost all studies agree that the top states in terms of victims per capita are: New York, California, Nevada, Arizona, Washington, and Texas. The Id Analytics study 2007 includes Hawaii, Illinois, Oregon, and Michigan. The FTC 2006 report includes Florida, Georgia and Colorado.
• The incidence of victimization increased 11-20% between 2001 and 2002 and 80% between 2002 and 2003 (Harris Interactive). This same study found that 91% of respondents do not see an “end to the tunnel” and expect a heavy increase in victimization. 49% also stated that they do not feel they know how to adequately protect themselves from this crime.
• In a bulletin published by the Bureau of Justice Statistics, an estimated 3.6 million households were affected by identity theft during a 6-month period in 2004. If an entire year was considered, that could mean that 7.2 million households were affected in a 12 month period. [i]

BUSINESS LOSS DATA:

• This crime also affects a second set of victims: the business community. According to one expert, the loss or theft of just one laptop can cost a company as much as $90,000 or more in fines, credit monitoring for victims, public relations damage control, and class action litigation. [ii]
• Studies on the total cost of identity theft vary. One study said that identity theft cost U.S. businesses and consumers $56.6 billion in 2005. [iii]

LAW ENFORCEMENT DATA:

• Law enforcement is reporting a higher volume of identity theft cases. In Waco, Texas they saw a 700% increase between 2004 and 2005. [iv]
• According to the U.S. Department of Justice Statistics, identity theft is now passing up drug trafficking as the number one crime in the nation. [v]   A preliminary study done by ITRC shows that the majority of id theft criminals are repeat offenders. Other convictions include substance abuse, narcotic trafficking, violent crime, robbery, and immigration issues.
• According to the 2007 ID Analytics white paper: The research showed that identity theft victimizing an actual consumer (true-name identity theft) accounts for 10-15 percent of all identity fraud. Identity fraud using identities fabricated from real and false data (synthetic identity fraud) accounts for 85-90 percent of all identity fraud. While the applications include real addresses for the purposes of verification and receipt of credit cards and goods, the addresses may be residences, places of work or any other physical location where fraudsters can conveniently receive the tools and plunder of their trade. [vi]
• In 2005, the Justice Department charged 226 defendants with aggravated identity theft. In the first half of 2006, the Justice Department charged 432 defendants with the same crime. The FBI says it has 1,587 cases related to identity theft under way, having opened 662 cases in 2005 and 272 in 2006 to date. Postal inspectors opened 1,530 identity theft-related cases and made 2,277 arrests in 2005, and opened 1,012 identity theft-related cases and made 1,294 arrests in the first half of 2006. The SSA OIG Office of Investigations said it opened 1,566 cases involving the misuse of Social Security Numbers in 2005, and 812 such cases in the first half of 2006. [vii]
• A GAO study on identity theft (GAO-02-363, issued March 2002) discussed costs to federal agencies - The executive office for U.S. Attorneys estimated cost of prosecuting a white-collar crime case was $11,443. The Secret Service estimates the average cost per financial crime investigation is $15,000. The FBI estimates the average cost per financial crime investigation is $20,000.

BREACH DATA:

• The U.S. Government Reform Committee reports that all 19 government departments and agencies reported at least one loss of personally identifiable information since Jan. 2003. Only a small number of the data breaches reported to the Committee were caused by hackers. The vast majority of losses occurred from physical thefts of portable computers, drives and disks, or unauthorized use of data by employees. [viii]
• Another study, released by the Ponemon Institute in October 2006, [ix] found that information losses cost U. S. companies an average of $182 per compromised record, an increase of about 31% from 2005 ($138 per record). That equates to an average price tag of $660,000 per company in expenses in notifying customers and indirect fallout including higher-than normal customer turnover. This researcher contends that each company “sacrificed” roughly $2.5 million in lost business, based on these incidents. This number included investigative time, setting up customer support hotline, offering monitoring services, legal expenses, auditing programs, and setting up remediation policies.
• This same study found the following: In charting the most common sources of data leaks, researchers found that lost or stolen laptops remain the top culprit, accounting for 45 percent of all the incidents studied. Records lost by third party-business partners or outsourcing companies represented the second most popular type of event, representing 29 percent of all the reported leaks. Misplaced or stolen backup files, such as those stored on magnetic tapes, accounted for 26 percent of the incidents, while the much-publicized use of malware programs that steal data were reported in only 10 percent of the losses.
• Scams play a role in identity theft. According to the Anti-Phishing Working Group, they found a total of 23,670 phishing websites in July 2006 compared to just 4,564 in July 2005. [x]
• In a recent study conducted by the University of Indiana, they found that 14% of phishing scams are successful, much higher than the Gartner report which quoted a 3% success rate. In other words, people fell for the scam. The test sent out a phishing email pretending to be from eBay. The link inside did indeed link the person to eBay’s website, but it sent a message back to the school telling them when the link was clicked. [xi]

A 2006 study done by Gartner Research found:

•  Losses from phishing attacks: in 2004 was $137 million, in 2006 it was $2.8 billion
• Number of US adults who received a phishing email: the number doubled from 57 million in 2004 to 109 million in 2006
• The per victim loss increased almost five-fold from $257 in 2004 to $1,244 in 2006
• The money recovered by consumers dropped from 80% in 2004 to 54% in 2006

A survey done in the Spring of 2006 by the Identity Theft Resource Center reflected the following information:

• Of 309 people, 15 people believe they answered a scam email. That number is probably higher due to the following response.
• When asked the question- what is phishing, researchers got the following answers:

1. Email sent by virus – 5
2. Email sent by thief- 28
3.  Email trying to get me to buy something- 15
4. I don’t know – 165 people answered representing more than 50% of the total population interviewed.
5. Other- Trying to get personal information from me – 49
6. Trying to get me to go to a website – 24
7.  Only 77 people got the right answer

ITRC DATA STUDIES:

The ITRC also does studies on victimization. This is a comparison of some of the information between 2003 and the 2004 The Aftermath Studies. These studies can be found at  www.idtheftcenter.org under Surveys and Studies.

1. Hours spent: In 2004, victims spent an average of 330 hours recovering from this crime, often over a period of years compared to 600 hours in 2003. In 2004 the total reported hours ranged from 3 hours to 5,840. This difference is due to the severity of the crime- a lost credit card vs. the use of your Social Security number or information to be your “evil twin.”

2. Time dealing with the case: In both years 26 to 32% responded that they spent a period of four to six months. However, a higher number of respondents in 2003 (23%) as compared to those in 2004 (11%) responded that they had been dealing with their case for a period of seven months to a year.

3. Moment of discovery: In 2004, 37.5% of those surveyed reported that they found out within three months, down from 48% in 2003. Of those responding in 2004, 18% said that it took them four years or more to discover that their identities had been misused doubling the 9% from the 2003 sample.

4. Unexpected secondary effects: Even after the thief stops using the information, victims struggle with the impact of identity theft. That might include increased insurance or credit card fees, inability to find a job, higher interest rates and battling collection agencies and issuers who refuse to clear records despite substantiating evidence of the crime. This “tail” may continue for more than 10 years after the crime was first discovered.

5. Business losses: Per victim estimation, losses increased in 2004 over 2003 by about $7,500. ($49,254 and $41,717 respectively). Forty percent of both sample groups reported business costs that exceeded $15,000 in their identity theft cases.

6. Imposter relationship to victim: In 2004, of the 43% who believe they knew their imposter, 14% said that it was an employee of a business who had their information, as compared to about a quarter of respondents in 2003.

7. Emotional Impact: The emotional impact on victims is likened to that felt by victims of more violent crime, including rape, violent assault and repeated battering. Some victims feel dirty, defiled, ashamed and embarrassed, and undeserving of assistance. Others report a split with a significant other or spouse and of being unsupported by family members.

8. Victimization on a secondary emotional level: Few significant positive changes have occurred in the feelings of victims and in terms of reported victim symptomology. As in 2003, this study discovered that that identity theft victims share far more response similarities with ALL victims of crime than previously realized. More than 40% of both samples reported stressed family life, perhaps due to their displaced anger and frustration. Finally, 9% and 16% in the 2004 and 2003 surveys respectively, responded that their relationship was “on the rocks” or ended as a result of their victimization.

9. Inability to correct negative reports: The vast majority of those who answered this question in both samples (70 and 66% in 2004 and 2003 respectively) responded that there was still negative information in their records

Revised 4-07