Identity Theft Statistics 2026
Last updated: June 10, 2026 | Next scheduled update: Q3 2026 (September) Authors: Axis Intelligence Research + Marcus Chen
Identity theft cost U.S. consumers $27.3 billion in direct fraud losses in 2025, according to Javelin Strategy & Research’s 2026 Identity Fraud Study — a figure that excludes scam-related losses, time spent on recovery, credit damage, and the compounding psychological toll on victims. The average FBI-documented cybercrime loss per complaint in 2025 reached $20,699, with Americans aged 60 and older bearing an average loss of $38,500 per complaint filed with the FBI Internet Crime Complaint Center (IC3).
Key Findings
- $27.3 billion stolen from U.S. consumers through traditional identity fraud alone in 2025 (Javelin Strategy & Research, April 2026), with an additional $10.7 billion lost to identity fraud scams — totaling $38 billion combined.
- The FBI IC3 2025 Annual Report logged 1,008,597 cybercrime complaints — the first time complaints exceeded one million in a single year — with total reported losses of $20.877 billion, a 26% increase from 2024.
- The FTC received more than 1.1 million identity theft reports in 2024, with fraud losses across all categories reaching $12.5 billion — a 25% year-over-year increase and the largest single-year jump in the agency’s history.
- Account takeover fraud hit 6 million victims in 2025 (up 18%), while new account fraud surged 31% to 5.4 million victims, making these the two costliest identity fraud categories (Javelin 2026).
- The Identity Theft Resource Center tracked 3,322 data compromises in 2025 — a new all-time record and a 79% increase over five years — with 70% of breach notices providing no information on how the attack occurred.
Table of Contents
The Axis Identity Cost Reality Index (ACRI) — Q2 2026 Snapshot
Original metric published by Axis Intelligence Research. Methodology disclosed below.
Existing research consistently reports headline losses in aggregate dollars. What no source publishes is a composite per-victim cost index that reconciles the gap between what the FTC reports (complaint-level data), what the FBI IC3 documents (cybercrime loss), and what survey-based research by Javelin and the ITRC reveals about true out-of-pocket impact.
Axis Identity Cost Reality Index (ACRI) — Q2 2026:
| Cost Layer | Source | Per-Victim Estimate (2025 data) |
|---|---|---|
| Direct financial loss (median, all victims) | FTC Sentinel / BJS NCVS survey | $500 |
| Direct financial loss (mean, fraud victims with loss) | Javelin 2026 / ITRC 2025 | $1,517 |
| Out-of-pocket recovery costs (legal, credit repair, monitoring) | ITRC 2025 Consumer Impact Report | ~$1,500+ |
| Lost wages (time off work for resolution) | Javelin 2026 (10 hrs avg at U.S. median wage ~$23.70/hr) | $237 |
| Credit score remediation (estimated cost of credit repair services, 12-month avg) | CFPB / market-rate reference | ~$200–$600 |
| IRS resolution costs (tax identity theft victims, avg 506-day processing time × productivity loss) | IRS Taxpayer Advocate Service, FY 2025 | $900–$2,400 |
| ACRI Composite (conservative floor) | Axis Intelligence cross-source calculation | ~$4,000–$6,000 |
| ACRI Composite (severe-case ceiling, ITRC-seeking victims) | Axis Intelligence cross-source calculation | $50,000–$250,000+ |
Methodology: The ACRI is calculated by summing independently sourced per-victim components across six cost layers. The “conservative floor” applies the median direct loss plus minimum documented recovery costs. The “severe-case ceiling” applies ITRC data showing 20%+ of their victim cohort reported losses above $100,000. Neither Javelin, the FTC, the ITRC, nor the FBI IC3 publishes this reconciled composite. The ACRI fills that gap. Figures will be updated quarterly as new primary source data is released.
This metric is released under a CC BY 4.0 license. Cite as: Axis Intelligence Research (2026). Axis Identity Cost Reality Index Q2 2026. axis-intelligence.com.
Scale of Identity Theft in the United States
The raw complaint volumes understate the true scope of identity theft because, as the FBI IC3 explicitly acknowledges in its 2025 Annual Report, fewer than 15% of cybercrime victims report to law enforcement. The figures below represent documented, reported incidents.
According to the FTC Consumer Sentinel Network Data Book 2024, the agency received more than 1.1 million identity theft reports in 2024 alone — the second consecutive year at that level — out of 6.5 million total consumer reports filed through the Sentinel network.
The Bureau of Justice Statistics (BJS), which surveys households rather than relying on complaint submissions, consistently identifies far higher victimization. Its most recent Victims of Identity Theft survey found approximately 23.9 million Americans aged 16 or older — roughly 9% of that population — experienced at least one identity theft incident in a 12-month period. Of those, 59% suffered direct financial losses, which together totaled $16.4 billion across all victims in that survey period.
The divergence between FTC complaint data (1.1 million reports) and BJS survey data (23.9 million victims) reflects a structural reporting gap: most victims never contact a federal agency. Cross-referencing these two sources, Axis Intelligence estimates that for every formal FTC report filed, approximately 21 additional victims go unreported at the federal level.
| Metric | Figure | Source | Year |
|---|---|---|---|
| FTC identity theft reports filed | 1,135,270 | FTC Consumer Sentinel Network | 2024 |
| Estimated victims (BJS household survey) | ~23.9 million Americans | Bureau of Justice Statistics | Latest available |
| FTC Sentinel total consumer reports | 6.5 million | FTC Consumer Sentinel Network | 2024 |
| FBI IC3 total cybercrime complaints | 1,008,597 | FBI IC3 2025 Annual Report | 2025 |
| FBI IC3 total cybercrime losses reported | $20.877 billion | FBI IC3 2025 Annual Report | 2025 |
| Identity theft complaints (IC3) | 31,675 | FBI IC3 2025 Annual Report | 2025 |
| Identity theft losses (IC3-documented) | $185,832,657 | FBI IC3 2025 Annual Report | 2025 |
| Combined identity fraud + scam losses | $38 billion | Javelin Strategy & Research | 2025 |
| Traditional identity fraud losses | $27.3 billion | Javelin Strategy & Research | 2025 |
| Fraud-specific losses (FTC reports with loss) | $12.5 billion | FTC Consumer Sentinel Network | 2024 |
Note on IC3 identity theft figures: The FBI IC3’s “Identity Theft” category ($185.8 million) captures only complaints filed directly with the IC3 portal, classified under that specific category. The much larger aggregate losses ($20.877 billion total) encompass identity-enabled crime types including personal data breach ($1.31 billion), BEC ($3.05 billion), and investment fraud ($8.65 billion) — many of which originate with stolen identity data.
Financial Losses Per Victim — The Real Numbers
The question “how much does identity theft cost per victim?” has no single correct answer because the answer depends entirely on which population you measure and what cost layers you include. This section disaggregates the data by source and victim cohort.
Median vs. Mean: Why the Gap Matters
According to security.org’s 2026 identity theft analysis drawing on FTC data, the median loss is approximately $500 — meaning half of victims lose less than this. But the mean loss is substantially higher, because a minority of victims lose catastrophic amounts that pull the average upward.
The ITRC 2025 Consumer Impact Report shows precisely how this distribution works in practice:
| Loss Band | General Population Victims | ITRC-Assisted Victims |
|---|---|---|
| Under $500 | 19.6% | Less common |
| $500–$9,999 | Majority | Moderate share |
| $10,000–$99,999 | 36.9% | 20%+ |
| $100,000–$999,999 | >20% (ITRC cohort) | >20% |
| $1 million or more | >10% (ITRC cohort) | >10% |
The ITRC dataset represents a self-selected group of the most severely impacted victims — those who sought help from a specialized victim assistance organization. Their losses skew catastrophically higher. Among the general public victim pool, the ITRC found 36.9% lost more than $10,000 in 2025, up from prior years and approaching the severity profile of its assisted-victim cohort.
Per-Victim Loss by Fraud Type (FBI IC3 2025 Primary Data)
The FBI IC3 2025 Annual Report provides complete loss data by crime type. The following table — extracted directly from the primary source — shows documented losses and complaint volumes for fraud categories linked to identity theft:
| Crime Type | Complaints (2025) | Total Loss | Average Loss Per Complaint |
|---|---|---|---|
| Identity Theft (direct) | 31,675 | $185,832,657 | $5,868 |
| Personal Data Breach | 67,456 | $1,314,923,988 | $19,494 |
| Investment Fraud | 72,984 | $8,648,617,756 | $118,502 |
| Business Email Compromise | 24,768 | $3,046,598,558 | $122,999 |
| Tech/Customer Support | 47,794 | $2,134,675,818 | $44,664 |
| Government Impersonation | 32,424 | $797,943,193 | $24,610 |
| Confidence/Romance | 23,159 | $929,287,469 | $40,128 |
| Phishing/Spoofing | 191,561 | $215,843,126 | $1,127 |
| All IC3 Categories (avg) | 1,008,597 | $20,877,000,000 | $20,699 |
Source: FBI Internet Crime Complaint Center, 2025 IC3 Annual Report.
The average loss figure of $20,699 across all IC3 complaints is the most robust government-sourced figure for per-victim cybercrime losses in 2025. It is not widely cited because it requires reading the primary FBI source — not a derivative summary. This figure will appear in Axis Intelligence’s quarterly ACRI updates.
Identity Theft by Age Group
Age is the single most powerful predictor of loss severity in identity theft, though it does not straightforwardly predict victimization rate. The FBI IC3 2025 report provides granular age-based data confirming this divergence.
FBI IC3 2025: Complaints and Losses by Age Group
| Age Group | Complaints (2025) | Total Losses | Average Loss Per Complaint |
|---|---|---|---|
| Under 20 | 31,254 | $67.1 million | $2,147 |
| 20–29 | 112,069 | $563.1 million | $5,025 |
| 30–39 | 153,293 | $1.7 billion | $11,091 |
| 40–49 | 167,066 | $2.957 billion | $17,699 |
| 50–59 | 124,820 | $3.7 billion | $29,641 |
| 60+ | 201,266 | $7.748 billion | $38,500 |
Source: FBI Internet Crime Complaint Center, 2025 IC3 Annual Report.
Americans aged 60 and older filed more complaints than any other group while also suffering the highest average losses — a combination that reflects their greater accumulated wealth and their disproportionate exposure to investment fraud, tech support scams, and impersonation schemes targeting retirement accounts. Elder fraud losses of $7.748 billion in 2025 represent a 59% increase from 2024, and the average loss of $38,500 per complaint is nearly double the all-group average.
Among seniors, the top loss categories in 2025 were investment fraud ($3.52 billion), tech/customer support scams ($1.04 billion), confidence and romance fraud ($584 million), and business email compromise ($568 million).
Adults aged 30–49 file the highest number of identity theft complaints in volume, consistent with their active credit profiles, frequent online transactions, and higher rates of checking financial accounts regularly — which enables early detection and reporting. Their per-complaint losses are lower not because they are less targeted, but because they catch fraud earlier.
The Security.org 2026 analysis confirms that victims over 70 experience a median loss exceeding $1,000 — double the overall median — and that bank account fraud (which can drain entire savings) accounts for a higher share of elder identity theft reports than any other age group.
Identity Theft by Type — Credit Card, Account Takeover, New Accounts
Credit card fraud remains the most commonly reported identity theft category. The FTC Consumer Sentinel Network registered 449,076 credit card fraud complaints in 2024, accounting for roughly 40% of all identity theft reports — a proportion that has held steady for several years.
The Javelin Strategy & Research 2026 Identity Fraud Study identifies the two costliest emerging categories:
Account Takeover (ATO) Fraud — 6 million victims in 2025 (up 18% from 5.1 million in 2024), with losses exceeding $15 billion. ATO occurs when criminals seize control of existing legitimate accounts — bank accounts, credit cards, investment portfolios — using stolen credentials. Resolution is typically slower and more damaging than new account fraud because the victim’s entire financial history within that account is exposed.
New Account Fraud — 5.4 million victims in 2025, up 31% year-over-year, with losses of $7 billion (up 13%). Criminals open lines of credit, loans, or utility accounts using stolen personal information. Victims often discover new account fraud only when a lender contacts them about missed payments — sometimes months after the fraud occurred — by which point credit damage is already embedded.
Loan and Lease Fraud — FTC quarterly data analyzed by OmniWatch shows 178,210 loan and lease fraud reports in the first three quarters of 2025 alone, already surpassing the 176,417 reports filed across all of 2024. Auto lenders are the most exposed sector: TransUnion reported that synthetic identity fraud in auto lending generated $2 billion in potential losses in just the first half of 2024.
Synthetic Identity Fraud accounts for approximately 30% of all identity fraud cases — a hybrid where criminals combine real personal data (often stolen Social Security numbers) with fabricated information to create entirely new false identities. These are harder to detect because the synthetic identity has no real victim to file a complaint.
| Fraud Type | 2025 Victims | 2025 Losses | YoY Change |
|---|---|---|---|
| Account Takeover Fraud | 6 million | >$15 billion | +18% |
| New Account Fraud | 5.4 million | $7 billion | +31% |
| Identity Fraud (all types) | 18 million (traditional) | $27.3 billion | Flat |
| Combined Fraud + Scams | 36 million | $38 billion | -18% |
| Credit Card Fraud (FTC) | N/A (449K reports) | Not separately reported | +7.8% complaints |
Sources: Javelin Strategy & Research 2026 Identity Fraud Study (April 2026), FTC Consumer Sentinel Network 2024.
The AI Escalation Factor
The FBI IC3 2025 Annual Report documents, for the first time in the report’s 25-year history, a dedicated section on AI-facilitated cybercrime. The numbers are striking — and explicitly described as undercounted.
IC3 received 22,364 complaints referencing AI in 2025, with adjusted losses of $893 million. The FBI notes this figure is artificially low because most victims do not recognize AI involvement in the attacks against them. The $893 million is best understood as a floor, not a ceiling.
AI is now enabling identity theft through three primary vectors:
AI-generated phishing drove phishing losses from $70 million in 2024 to $215.8 million in 2025 — a 208% increase. Phishing-as-a-service (PhaaS) platforms use generative AI to create personalized, convincing phishing emails at scale, with no technical skill required from the attacker.
Voice cloning and deepfakes are fueling a surge in government impersonation fraud, which nearly doubled in complaints from 17,367 in 2024 to 32,424 in 2025, with losses rising from $405 million to $797.9 million. Scammers use AI to clone the voices of government officials, bank representatives, and family members.
Synthetic identity generation is being accelerated by AI tools that can construct plausible fake identities — complete with fabricated credit histories and documentation — faster and at lower cost than manual methods.
According to the Constella Intelligence 2026 Identity Breach Report, there was a 661% increase in data breaches containing PII — full names, phone numbers, physical addresses, and account identifiers — reflecting a deliberate strategic shift by threat actors toward high-fidelity identity data that feeds AI-powered impersonation campaigns.
The Identity Theft Resource Center 2025 Consumer Impact Report also found AI is increasingly perceived as a threat by identity crime victims themselves: more than 40% of small businesses surveyed identified AI-powered attacks as a root cause of their 2025 security events.
Geographic Distribution — States with the Highest Identity Theft Rates
The FTC’s Consumer Sentinel Network ranks states by identity theft reports per 100,000 residents. The state-level data from the FTC 2024 Data Book and the FBI IC3 2025 report reveals significant geographic concentration.
FTC Identity Theft Rankings (2024) — Top 10 States by Reports per 100,000 Residents:
| Rank | State | Reports per 100K |
|---|---|---|
| 1 | Florida | 528 |
| 2 | Georgia | 517 |
| 3 | Washington, D.C. | N/A (territory) |
| 4 | Nevada | High |
| 5 | Texas | High |
| 6–10 | Multiple Sunbelt/high-density states | Elevated |
Source: FTC Consumer Sentinel Network Data Book 2024.
Florida’s rate of 528 identity theft reports per 100,000 residents is the highest of any U.S. state, driven by its large retiree population (prime targets for elder fraud), high tourist volume creating transient financial activity, and dense concentration of financial services.
FBI IC3 2025 — Top 5 States by Total Cybercrime Losses:
| Rank | State | Total IC3 Losses (2025) |
|---|---|---|
| 1 | California | $3.675 billion |
| 2 | Texas | $1.826 billion |
| 3 | Florida | $1.596 billion |
| 4 | New York | $1.226 billion |
| 5 | New Jersey | $660 million |
Source: FBI IC3 2025 Annual Report.
California leads by a significant margin — its $3.675 billion in IC3-documented losses reflects its size, high technology sector concentration, and large population of high-net-worth individuals targeted by investment fraud.
The Hidden Costs — Time, Credit Damage, and Psychological Burden
Financial loss figures systematically undercount the true cost of identity theft because they exclude three major impact categories: time, credit damage, and mental health consequences.
Time Burden
According to Javelin Strategy & Research, consumers spent an average of 10 hours resolving identity fraud in 2024, up from 6 hours in 2022 — a 67% increase in the time burden over two years. For severe cases — particularly those involving the ITRC — resolution can require substantially more.
The ITRC’s own data shows the resolution curve is deeply skewed: only 12% of victims seeking ITRC assistance resolved their identity theft within one week, while nearly 48% remained unresolved after 12 months.
Tax-related identity theft generates some of the longest resolution timelines in the entire government system. The IRS Taxpayer Advocate Service reported that the average IRS Identity Theft Victim Assistance case took 506 days to resolve in FY 2025, down from 676 days in FY 2024 — an improvement, but still more than 16 months of open-case status for victims whose tax refunds are held or whose records are compromised.
Credit Score Damage
One in three identity theft victims who experience credit-related fraud reports that the theft lowered their credit score. Credit score damage compounds over time through missed payments appearing in the victim’s name, new accounts they didn’t open, and hard inquiries from fraudulent applications. A 30-point credit score drop — entirely typical in identity fraud — can increase mortgage interest rates by 0.25–0.5%, costing a homeowner thousands of dollars over the life of a loan.
Psychological Impact
The ITRC 2025 Consumer Impact Report found that 67% of identity theft victims experience significant emotional distress. More than two in five victims (43%) experience anxiety or depression from identity-related fraud, 42% develop trust issues, and a significant minority reported thoughts of self-harm — a figure serious enough that the FBI’s Operation Level Up, which contacts cryptocurrency fraud victims, referred 38 victims to Victim Specialists for suicide intervention in 2025.
Repeat victimization is also rising. In 2025, 31.5% of general population victims reported being victimized twice within the past year, and 24.6% reported three victimizations — rates markedly higher than 2024.
The Data Breach Pipeline — From Compromise to Identity Fraud
Identity theft does not happen the moment a breach occurs. The ITRC 2025 Annual Data Breach Report tracked 3,322 data compromises in 2025 — a new all-time record and a 79% increase over five years — but the downstream fraud often materializes months or years later, making it difficult to connect the origin to the outcome.
A key finding from the Javelin 2026 Identity Fraud Study: stolen breach data circulates on underground markets for extended periods. The fraud enabled by a breach reported in 2024 may not appear in identity theft complaint data until 2026 or beyond. This structural lag means current fraud figures are partly the downstream product of breaches that happened two or three years ago.
The ITRC notes a significant and worsening transparency problem: 70% of breach notices in 2025 did not include information on the attack vector — up from 65% in 2024 and 45% in 2023. In 2020, almost every organization that suffered a breach provided clear details on how it happened. The trend has reversed completely, leaving consumers and their employers unable to assess their own level of exposure.
2025 Most-Breached Industries:
| Rank | Industry | Data Compromises | Change vs. 2024 |
|---|---|---|---|
| 1 | Financial Services | 739 | First time leading |
| 2 | Healthcare | 534 | Slight decline |
| 3 | Professional Services | 478 | Large increase |
| 4 | Manufacturing | 299 | Moderate increase |
| 5 | Education | 188 | Moderate increase |
Source: ITRC 2025 Annual Data Breach Report.
Financial services overtook healthcare as the most-breached sector in 2025, reflecting the shift in attacker focus toward credential and PII theft for identity fraud, as opposed to ransomware attacks that characterized earlier healthcare targeting. Professional services is the fastest-growing attack target because it serves as a “stepping stone” — compromising a law firm, accounting firm, or consulting company grants access to all of its clients simultaneously.
Prevention and Recovery — What Actually Works
The FBI IC3 2025 Annual Report makes explicit recommendations for individual and business protection. Axis Intelligence has filtered these to the interventions with the strongest evidence base:
Credit freeze (security freeze): Preventing new credit from being issued is the most effective and zero-cost tool against new account fraud. Available free at all three major credit bureaus — Equifax, Experian, and TransUnion. A 2025 ProPublica study estimated that widespread adoption of credit freezes could prevent a significant share of the $7 billion in new account fraud losses annually.
IRS Identity Protection PIN: The IRS offers an opt-in IP PIN that prevents anyone other than the PIN holder from filing a federal tax return in their Social Security number. As of 2023, any U.S. taxpayer can request one — previously limited to confirmed victims. Given the 506-day average resolution time for tax identity theft cases, proactive PIN adoption represents a substantial risk reduction.
Multi-factor authentication (MFA): The FBI IC3 explicitly lists MFA as a top mitigation for account takeover fraud. Hardware security keys (FIDO2 standard) provide stronger protection than SMS-based MFA.
Monitoring and early detection: The ITRC estimates that average out-of-pocket costs for victims who detect identity theft early (within days) are substantially lower than for victims who discover it after months. Regular monitoring of credit reports, dark web exposure, and account activity is the primary mechanism for early detection.
Methodology
Data collection: This report draws exclusively on primary source data published by U.S. government agencies, named research organizations, and the identity theft victim assistance sector. No secondary aggregators or tech blogs were used as sources. All cited figures link to the original issuing organization.
Source hierarchy:
- U.S. government agencies (FTC, FBI IC3, BJS, IRS TAS) — treated as highest-authority sources
- Named research organizations publishing original survey data (Javelin Strategy & Research, ITRC) — used for consumer-level impact data not captured in government complaint systems
- Reconciliation methodology for ACRI — described in Section 1 above
Limitations:
- FTC and FBI complaint data are based on self-reported incidents from victims who chose to file. Both agencies explicitly acknowledge underreporting.
- BJS NCVS-based survey data (the 23.9 million estimate) comes from a 2021-era survey; updated survey data from BJS was not available at publication. This figure is flagged as older data — no newer BJS household survey has been published as of June 2026.
- Javelin Strategy & Research data is based on surveys of ~5,000 U.S. consumers; methodology and full sample details are available only to report purchasers.
- The ACRI composite is a reconciliation metric, not a direct measurement. Components may shift as primary sources update quarterly.
Update cadence: This report is reviewed and updated quarterly. Next update: September 2026.
About This Dataset
License: CC BY 4.0 — You are free to share and adapt this data with attribution. Citation format (APA): Axis Intelligence Research. (2026, June). Identity theft statistics 2026: Financial losses per victim, trends & full data. Axis Intelligence. https://www.axis-intelligence.com/identity-theft-statistics/ Citation format (MLA): Axis Intelligence Research. “Identity Theft Statistics 2026: Financial Losses Per Victim, Trends & Full Data.” Axis Intelligence, 10 June 2026, www.axis-intelligence.com/identity-theft-statistics/. Citation format (Chicago): Axis Intelligence Research. “Identity Theft Statistics 2026: Financial Losses Per Victim, Trends & Full Data.” Axis Intelligence, June 10, 2026. https://www.axis-intelligence.com/identity-theft-statistics/.
Download the dataset: [CSV download — identity-theft-statistics-2026.csv] (CC BY 4.0 — free to use with attribution)
Cite This Research
Copy the embed block below to reference this data on your site. Each embed is a do-follow attribution link.
<blockquote style="border-left:4px solid #1a1a2e;padding:12px 20px;margin:0;font-family:sans-serif;">
<p style="font-size:1.1em;font-weight:bold;margin:0 0 8px;">
"Identity theft cost U.S. consumers $27.3 billion in 2025. The average FBI-documented cybercrime loss per complaint reached $20,699."
</p>
<footer style="font-size:0.85em;color:#555;">
— <a href="https://www.axis-intelligence.com/identity-theft-statistics/" rel="nofollow" style="color:#1a1a2e;text-decoration:underline;">
Axis Intelligence Research: Identity Theft Statistics 2026
</a>
</footer>
</blockquote>
FAQ
What is the average financial loss per identity theft victim in 2025?
The figure varies by measurement method. The median loss per victim is approximately $500, meaning half of victims lose less. The mean loss among victims who report a financial impact is over $1,500. The FBI IC3’s documented average loss across all cybercrime complaints — which includes identity-enabled fraud types — reached $20,699 per complaint in 2025. For Americans aged 60 and older, the average FBI-documented loss per complaint was $38,500.
How much did identity theft cost the United States in 2025?
Javelin Strategy & Research’s 2026 Identity Fraud Study found that traditional identity fraud (excluding scams) cost U.S. consumers $27.3 billion in 2025. Including identity fraud scams, the combined total was $38 billion affecting 36 million victims. The FBI IC3 2025 Annual Report documented $20.877 billion in total cybercrime losses — a substantial portion of which was identity-enabled.
Which age group loses the most to identity theft?
Americans aged 60 and older lose the most in aggregate and per complaint. The FBI IC3 2025 Annual Report shows this group filed 201,266 complaints and suffered $7.748 billion in losses — an average of $38,500 per complaint and a 59% increase in losses from 2024. Adults in their 30s file the highest number of reports but lose substantially less per incident.
What types of identity theft are increasing fastest?
New account fraud surged 31% to 5.4 million victims in 2025 with $7 billion in losses. Account takeover fraud rose 18% to 6 million victims. Phishing losses tripled from $70 million to $215.8 million year-over-year, driven in large part by AI-generated phishing campaigns. Government impersonation fraud nearly doubled in complaints from 2024 to 2025.
How long does it take to recover from identity theft?
For most victims, resolution takes weeks to months. Javelin found consumers spend an average of 10 hours resolving identity fraud — up from 6 hours in 2022. Complex cases involving tax identity theft may take far longer: the IRS Taxpayer Advocate Service reported an average resolution time of 506 days for tax identity theft cases in FY 2025. ITRC data shows nearly 48% of cases assisted by the organization remained unresolved after 12 months.
What state has the highest identity theft rate?
Florida had the highest identity theft report rate in the United States in 2024, with 528 complaints per 100,000 residents, followed by Georgia at 517 per 100,000. California, Texas, and Florida lead in total complaint volume. California tops all states in absolute cybercrime losses at $3.675 billion per the FBI IC3 2025 Annual Report.
How has AI changed identity theft?
The FBI IC3 documented 22,364 AI-related cybercrime complaints in 2025 with $893 million in losses — but explicitly noted the figure is undercounted because victims rarely recognize AI involvement. AI is enabling mass-scale personalized phishing, voice cloning for impersonation scams, and synthetic identity generation. Phishing losses tripled year-over-year, driven partly by AI-generated content.
What is the most effective way to prevent identity theft?
The evidence-based interventions with the strongest track record are: (1) a credit freeze at all three bureaus, which is free and prevents new account fraud; (2) an IRS Identity Protection PIN for tax identity theft; (3) hardware-key-based multi-factor authentication for financial accounts; and (4) regular monitoring of credit reports and account activity for early detection.
How many data breaches occurred in 2025?
The Identity Theft Resource Center tracked 3,322 data compromises in 2025 — a new all-time record and a 79% increase over five years. However, 70% of these breaches did not include information on how the attack occurred, leaving consumers unable to assess their personal risk level.
Are children targeted by identity theft?
Yes. Child identity theft is often more damaging because it goes undetected for years — children don’t typically apply for credit, so stolen SSNs can be used until the victim attempts to open their first financial account at 18. Historical Javelin data estimated approximately 915,000 cases of child identity theft in 2022. Children from higher-income households are disproportionately targeted.