Identity Theft Statistics 2026
The FTC received 1,135,270 identity theft reports in 2024 — a 9.5% increase over 2023 — while total fraud losses across all categories hit $12.5 billion, up 25% from the year before. Those are the primary numbers. Everything else in this article flows from them.
One distinction almost every competitor article ignores, and that changes how you read the data: identity theft and identity fraud are not the same thing. Identity theft is when someone steals your personal information — your Social Security number, date of birth, account credentials. Identity fraud is what happens when they use it: opening credit cards in your name, filing fraudulent tax returns, taking out loans you didn’t authorize. The FTC’s 1.1 million figure counts the theft. The $12.5 billion counts the downstream fraud. Both matter, but conflating them produces statistics that mislead rather than inform.
Table of Contents
The Numbers at a Glance (2024–2026 Primary Data)
| Metric | Figure | Source |
|---|---|---|
| FTC identity theft reports, 2024 | 1,135,270 (+9.5% vs 2023) | FTC Consumer Sentinel Network Data Book 2024 |
| FTC fraud reports, 2024 | 2,626,600 (stable vs 2023) | FTC Consumer Sentinel |
| Total fraud losses reported, 2024 | $12.5 billion (+25% vs 2023) | FTC, March 2025 press release |
| Investment scam losses, 2024 | $5.7 billion (largest single category) | FTC Consumer Sentinel |
| Imposter scam losses, 2024 | $2.95 billion | FTC Consumer Sentinel |
| Fraud reporters who actually lost money, 2024 | 38% (up from 27% in 2023) | FTC Consumer Sentinel |
| Median fraud loss per victim, 2024 | $497 | FTC Consumer Sentinel |
| Bank transfer losses, 2024 | $2.09 billion (highest by payment method) | FTC Consumer Sentinel |
| Cryptocurrency losses, 2024 | $1.42 billion | FTC Consumer Sentinel |
| Most common ID theft type, 2024 | Credit card fraud — 449,076 reports | FTC Consumer Sentinel |
| US consumers affected by traditional ID theft, 2024 | ~18 million individuals | Javelin Strategy & Research |
| Total US identity fraud + scam losses, 2024 | $47 billion | Javelin Strategy & Research |
| Average financial loss per ID theft victim, 2025 | $7,600 | Gen Digital / Dynata study, Oct–Nov 2025 |
| Victims victimized more than once in 2025 | 72% (only 28% victimized once) | ITRC 2025 Consumer Impact Report |
| Synthetic ID theft share of fraud losses, H1 2025 | 20% of all fraud losses | TransUnion Fraud Trends Report H2 2025 |
| AI-enabled fraud attempts, 2026 | 43% of all identity fraud attempts | Signicat research |
| Deepfake files created, 2025 | ~8 million (up from ~500,000 in 2023) | UK Government / Sumsub data |
| FBI IC3 total cybercrime losses, 2025 | $20.877 billion (+26% vs 2024) | FBI IC3 Annual Report, April 6, 2026 |
Sources: FTC Consumer Sentinel Network Data Book 2024, FBI IC3 2025 Annual Report, ITRC 2025 Consumer Impact Report, Javelin Strategy & Research, TransUnion Fraud Trends Report H2 2025.
The Most Important Number Nobody Talks About: 38%
The FTC received 2.6 million fraud reports in 2024 — virtually the same number as 2023. But fraud losses jumped 25%, from $10 billion to $12.5 billion. How does loss grow 25% when report volume is flat?
Because the percentage of reporters who actually lost money nearly doubled in a single year. In 2023, 27% of fraud reporters said they lost money. In 2024, that figure jumped to 38%. The FTC’s March 2025 press release identified this as the primary driver of the loss increase — not more victims, but more successful fraud per victim contact.
The implication: fraud tactics are getting more effective. The same outreach volume is converting at a substantially higher rate. AI-enabled personalization of phishing and impersonation scripts is the most likely mechanical explanation. The FBI’s IC3 2025 Annual Report — which crossed $20 billion in reported cybercrime losses for the first time — documented 22,364 AI-facilitated fraud complaints for the year and noted explicitly that AI involvement is undercounted because most victims don’t recognize it.
Identity Theft by Type: What’s Actually Happening
Credit card fraud remains the top category
Credit card fraud was the most reported form of identity theft in 2024, with 449,076 complaints — up 7.8% from 2023. This includes both takeovers of existing credit card accounts and the fraudulent opening of new accounts. Together these represent roughly 40% of all identity theft reports, a proportion that has held steady for several years.
Loan and lease fraud: slower detection, longer damage
Loan and lease fraud — auto loans, personal loans, student loans, rental fraud — generated 176,417 reports in 2024 (quarterly average: 44,104). In the first three quarters of 2025 alone, that rose to 178,210 reports at a quarterly average of 59,403, per OmniWatch’s analysis of FTC quarterly data. This category causes disproportionate damage because victims often don’t discover it until a lender contacts them about missed payments — sometimes months or years after the fraud occurred.
Employment identity theft: small volume, serious consequences
Employment identity theft — where criminals use a stolen Social Security number to obtain employment — generated 37,556 reports in 2024, up 20% year-over-year. The financial loss per case is often not immediate, but the consequences are durable: unpaid tax liability appearing in the victim’s name, criminal background records attached to their SSN, and complications resolving the SSN conflict with the IRS that can take years.
Tax fraud: seasonal and predictable
Tax identity theft peaks in February and March each year as fraudsters race to file returns before legitimate taxpayers. The pattern is consistent enough that early filing — before a fraudster files in your name — is the single most reliable prevention tactic. The IRS’s Identity Protection PIN (IP PIN) program is the second-most effective: a six-digit PIN issued annually that must accompany any tax return filed under your Social Security number.
“Other” identity theft: the early warning category
The FTC’s catch-all “Other” category — which captures fraud types that don’t yet have their own classification — showed 79% year-over-year growth in Q1 2025 versus Q1 2024, according to OmniWatch’s FTC data analysis. This category has grown without meaningful pullback since 2022. Analysts treating this as a leading indicator flag it as evidence of fraud techniques that are scaling faster than the classification system can categorize them. Synthetic identity fraud and platform-based account abuse are the most likely contributors.
The Revictimization Problem
The ITRC’s 2025 Consumer Impact Report documented a finding that changes the practical framing of identity theft protection: only 28% of identity theft victims in 2025 were victimized once. Among the rest:
- 31% were victimized twice in the same year
- 25% were victimized three times
- 14% were victimized four or more times
This is not a coincidence. When personal information is exfiltrated in a data breach, it enters criminal markets where it circulates indefinitely. A stolen SSN, date of birth, and home address don’t expire. Multiple threat actors can purchase and use the same dataset, targeting the same individual through different fraud vectors in parallel. Credit freezes and identity monitoring reduce — but do not eliminate — exposure because the underlying data remains available.
The practical consequence: recovering from identity theft is not a single event. It requires ongoing monitoring, not a one-time response.
Who Gets Targeted: Demographics and Geography
Age and loss severity move in opposite directions
Younger adults report identity theft more frequently. Adults in their 30s account for the largest share of FTC identity theft complaints. But older adults suffer the highest median losses when fraud occurs.
Per FTC 2024 Consumer Sentinel data:
- Adults 20–29: 44% of fraud reporters lost money; median loss not the highest
- Adults 70–79: only 24% of fraud reporters lost money; but when they did, median loss was $1,000 (vs. $497 overall)
- Adults 80+: only 21% lost money; median loss was $1,650
The pattern reflects two different fraud profiles. Younger adults encounter more fraud attempts and lose money more often per attempt — largely via online shopping fraud and investment scams. Older adults encounter fewer but more targeted attacks, primarily bank account fraud, wire transfer scams, and impersonation schemes — and the amounts extracted per successful attack are substantially higher.
Baby Boomers suffer a higher proportion of bank account fraud relative to other identity theft types than any other demographic group, according to Security.org’s 2026 analysis. Bank account fraud — unlike credit card fraud — can drain savings in full, with far less recourse.
Top states by identity theft rate (2024)
| Rank | State / Metro | Reports per 100,000 population |
|---|---|---|
| 1 | Florida | 528 per 100K (115,842 total reports) |
| 2 | Georgia | 517 per 100K |
| 3 | Washington, D.C. | — (ranked 3rd) |
| 4 | Nevada | — |
| 5 | Texas | — |
| — | — | — |
| Top metro | Miami–Fort Lauderdale | 903 per 100K |
| 2nd metro | Atlanta | 690 per 100K |
| 3rd metro | Houston | 573 per 100K |
Source: FTC Consumer Sentinel Network Data Book 2024.
Florida’s top ranking reflects its combination of large retirement population (higher absolute fraud losses per case), dense tourism infrastructure (high card-present fraud), and one of the most active cybercriminal networks targeting seniors in the country.
Children and teens: an underreported vector
Javelin Strategy & Research has documented growing identity theft targeting minors, driven by social media oversharing and data breaches in educational software. The ITRC 2025 Annual Data Breach Report flagged the PowerSchool breach — which exposed data from 71.9 million educational records — as the single largest compromise of 2025. Children’s identity data is particularly valuable to fraudsters because it is clean: no credit history means no anomaly detection against a baseline when synthetic accounts are opened.
The AI Shift: From Scale to Precision
Deepfake fraud: from novelty to infrastructure
Deepfake files grew from approximately 500,000 in 2023 to approximately 8 million in 2025 — a 1,500% increase in two years, per research cited by the UK government and Sumsub’s 2025–2026 Identity Fraud Report. Fraud attempts involving deepfake content have surged more than 2,000% over three years, according to Signicat research cited by LifeLock.
The mechanism has evolved. Early deepfake fraud used pre-recorded video held to a camera during identity verification. Modern attacks inject a synthetic video feed directly into the verification pipeline — a technique called an “injection attack” — that bypasses liveness detection because the deepfake feed enters the video stream before the authentication system can distinguish it from a live camera.
Sumsub’s 2025–2026 Identity Fraud Report documented a 180% increase in sophisticated fraud — defined as multi-layer attacks combining deepfakes, synthetic identities, and social engineering — compared to 2024.
Synthetic identities: the fraud type that hides for months
Synthetic identity fraud combines real information (typically a legitimate Social Security number, often stolen from a child or someone with limited credit history) with fabricated information (name, address, date of birth) to create a “Frankenstein identity” that passes basic verification checks. According to TransUnion’s Fraud Trends Report H2 2025, synthetic identity theft accounted for 20% of all fraud losses in the first half of 2025 — making it the third-largest fraud category, behind scams and account takeovers.
What makes synthetic identity fraud particularly damaging: the fraudster builds credit slowly over months or years, paying bills on time to raise the credit limit, before executing a “bust-out” — maxing out all available credit lines and disappearing. The victim often doesn’t discover the fraud until the SSN appears in a credit report, sometimes years after the initial synthetic account was opened.
Up to 80% of new account fraud is estimated to involve synthetic identities, per BIIA research. Synthetic identity fraud could generate $23 billion in US losses by 2030 if current trends continue, according to the same analysis.
AI-generated phishing: the volume problem
The FBI IC3’s 2025 Annual Report documented AI-facilitated fraud for the first time as a standalone category: 22,364 complaints, $893 million in attributed losses. The FBI explicitly noted this is an undercount — most victims don’t recognize AI involvement in attacks targeting them.
The operational effect of AI on phishing is not primarily about quality. It is about volume. A fraudster with access to a language model can now generate thousands of personalized phishing emails — each referencing the recipient’s name, employer, and recent activity scraped from public sources — at the cost of a single prompt. The grammatical errors and awkward phrasing that historically made phishing detectable are largely gone.
How Fraud Losses Are Actually Paid
The FTC’s 2024 data on payment methods used in fraud is one of the most actionable findings in the Sentinel Data Book, because it directly informs what’s reversible:
| Payment Method | Aggregate Losses | Reversibility |
|---|---|---|
| Bank transfers & payments | $2.09 billion (highest) | Low — wire transfers are typically irreversible |
| Cryptocurrency | $1.42 billion | Essentially zero — blockchain transactions are permanent |
| Credit cards | Lower aggregate, but most reported | High — chargebacks available in most cases |
| Gift cards | Growing category | Zero — gift cards are cash equivalents with no chargeback |
| Cash | Lowest aggregate | Zero |
The combination of bank transfers and cryptocurrency accounted for the majority of fraud losses where a payment method was identified — and both are effectively irreversible. This is not coincidental. Fraud designed for scale selects for payment mechanisms that prevent recovery. The evolution away from credit card fraud (reversible) toward wire transfer and crypto schemes (irreversible) is the structural factor making aggregate loss figures grow faster than victim counts.
The FBI IC3 Context: Identity Theft Within the Broader Cybercrime Picture
The FBI IC3 2025 Annual Report places identity theft within a broader cybercrime ecosystem that crossed $20 billion in reported US losses for the first time. Investment fraud (pig-butchering schemes primarily) generated $8.65 billion. Business email compromise added $3.046 billion. Personal data breaches contributed $1.3 billion in direct reported losses — a figure that understates total impact because breach-related identity fraud typically occurs months after the breach itself.
The FBI also noted that fewer than 15% of cybercrime victims report to law enforcement. The $20.877 billion represents reported losses from roughly 1 million complaints. True aggregate US cybercrime losses — including unreported incidents — are estimated at several multiples of that figure.
What These Numbers Mean in Practice
The case for a credit freeze
A credit freeze (also called a security freeze) prevents any new credit from being issued under your name without your PIN to lift it. It is free at all three major bureaus — Equifax, Experian, and TransUnion — under federal law. It does not affect your existing credit accounts. It does not affect your credit score. It is the single most effective action an individual can take against new-account identity fraud, and it costs nothing.
ITRC president James E. Lee’s recommendation, published in the ITRC’s 2025 Data Breach Report release, was direct: “Freezing your credit and transitioning to passkeys are the foundational requirements for digital safety.”
The IRS IP PIN
The IRS Identity Protection PIN program assigns a six-digit PIN that must accompany any federal tax return filed under your SSN. Without the current-year PIN, a fraudulent return will not process. The program is free and available to any US taxpayer at IRS.gov/IPPIN. Once enrolled, you receive a new PIN each January.
Early discovery matters more than most people know
The FTC’s own historical research documents a clear relationship between discovery timing and loss severity: when fraud is discovered within five months of onset, the total value obtained by the thief was under $5,000 in 82% of cases. When discovery took six months or longer, the thief obtained $5,000 or more in 44% of cases. Credit monitoring and account alert services exist primarily to compress this discovery window.
Frequently Asked Questions
How many people fall victim to identity theft each year in the US?
The FTC received 1,135,270 identity theft reports through IdentityTheft.gov in 2024 — a 9.5% increase over 2023. Javelin Strategy & Research estimates approximately 18 million Americans fell victim to traditional identity theft (unauthorized use of existing accounts or personal information) in 2024. These figures measure different populations: FTC reports are self-filed; Javelin uses survey methodology.
How much money is lost to identity theft each year?
This depends on scope. The FTC’s Consumer Sentinel Data Book recorded $12.5 billion in fraud losses across all fraud categories in 2024 — a 25% increase over 2023. Javelin’s broader measure, which includes identity fraud and scams using stolen personal information, puts total US losses at $47 billion in 2024. The FBI IC3’s 2025 Annual Report recorded $20.877 billion in total cybercrime losses.
What is the most common type of identity theft?
Credit card fraud — including takeovers of existing accounts and fraudulent new account openings — was the most reported category in 2024, with 449,076 FTC complaints. It represents approximately 40% of all identity theft reports.
How does synthetic identity theft work?
Synthetic identity fraud combines a real Social Security number (often from a child, elderly person, or recent immigrant with limited credit history) with fabricated personal details to create a composite identity. The fraudster slowly builds credit over months, then “busts out” by maxing all available credit lines. Victims often don’t discover it until the SSN appears on a credit report. Synthetic identity theft accounted for 20% of all fraud losses in H1 2025, per TransUnion.
Are older adults or younger adults more targeted?
Both, but differently. Adults 30–39 account for the largest share of FTC reports. But when adults 70+ fall victim, their median loss ($1,000) is double the overall median ($497), and adults 80+ average $1,650 median losses. Bank account fraud — the most severe form because it can drain savings entirely — is disproportionately concentrated in older victims.
What is AI’s role in identity theft in 2026?
Significant and growing. Signicat research found that 43% of identity fraud attempts now involve AI. Deepfake files grew from ~500,000 in 2023 to ~8 million in 2025. The FBI’s 2025 IC3 report documented $893 million in AI-attributed fraud losses and noted the figure is undercounted because most victims don’t recognize AI involvement. Sumsub documented a 180% increase in sophisticated multi-layered fraud (combining deepfakes, synthetic identities, and social engineering) from 2024 to 2025.
What states have the highest rates of identity theft?
Florida led in 2024 with 528 identity theft reports per 100,000 population, followed by Georgia (517 per 100K). At the metro level, Miami–Fort Lauderdale had the highest rate at 903 per 100K, followed by Atlanta (690 per 100K). The lowest rates are in states like Hawaii, Wyoming, and the Dakotas.
What can I do right now to protect myself?
Three steps with documented effectiveness: (1) freeze your credit at all three bureaus — it’s free and prevents new account fraud; (2) enroll in the IRS Identity Protection PIN program — it costs nothing and blocks fraudulent tax returns; (3) set up account alerts on every financial account so unusual transactions surface within hours, not months.
Source Transparency
All statistics in this article are drawn from primary government research or named primary research organizations with documented methodologies. No secondary aggregators were used as sources for factual claims.
- FTC Consumer Sentinel Network Data Book 2024 — released March 2025; based on 6.5 million consumer reports filed in 2024 (ftc.gov/reports/consumer-sentinel-network-data-book-2024)
- FBI IC3 2025 Internet Crime Report — released April 6, 2026; based on 1,008,597 complaints (ic3.gov)
- ITRC 2025 Consumer Impact Report — released October 2025 by the Identity Theft Resource Center; survey of 1,040 consumers (idtheftcenter.org)
- ITRC 2025 Annual Data Breach Report — released January 29, 2026 (idtheftcenter.org/publication/2025-data-breach-report/)
- TransUnion Fraud Trends Report H2 2025 — released October 2025 (transunion.com)
- Javelin Strategy & Research 2025 Identity Fraud Study — annual primary survey, figures cited via Fintech Global, March 2026
- Gen Digital / Dynata consumer study — conducted October–November 2025 among 1,000 US adults; cited via LifeLock (gen.com)
- Sumsub 2025–2026 Identity Fraud Report — published December 2025 (sumsub.com)
- Signicat research on AI fraud — cited via LifeLock and industry sources
Living document: Updated when the FTC Consumer Sentinel Data Book 2025 is released (typically February–March 2026) and when ITRC, Javelin, and FBI IC3 publish annual reports. Last reviewed: April 21, 2026.
Others articles:
- Data breach statistics 2026: records, costs, industries
External authoritative sources cited:
- FTC Consumer Sentinel Network Data Book 2024 — https://www.ftc.gov/reports/consumer-sentinel-network-data-book-2024
- FTC March 2025 press release ($12.5 billion losses) — https://www.ftc.gov/news-events/news/press-releases/2025/03/new-ftc-data-show-big-jump-reported-losses-fraud-125-billion-2024
- FBI IC3 2025 Annual Report — https://www.ic3.gov/AnnualReport/Reports/2025_IC3Report.pdf
- ITRC 2025 Annual Data Breach Report — https://www.idtheftcenter.org/publication/2025-data-breach-report/
- IRS Identity Protection PIN program — https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin
- Equifax credit freeze — https://www.equifax.com/personal/credit-report-services/credit-freeze/
- Experian credit freeze — https://www.experian.com/freeze/center.html
- TransUnion credit freeze — https://www.transunion.com/credit-freeze
- Sumsub 2025–2026 Identity Fraud Report — https://sumsub.com/blog/top-new-identity-fraud-trends/
- Fintech.global AI and deepfakes in identity fraud 2026 — https://fintech.global/2026/03/20/how-ai-and-deepfakes-are-reshaping-identity-fraud-in-2026/
