ID Theft Statistics
September 2011 PWC Data and Privacy Report
According to accounting firm PricewaterhouseCoopers (PwC) medical identify theft is the fastest-growing form of identity theft in 2010:
- Affecting 1.42 million Americans
- Costing more than $28 billion
August 2011 Digital Forensic Association the Leaking Vault - 6 years of Data Breaches
The Leaking Vault 2011 presents data gathered from studying 3,765 publicly disclosed data breach incidents, and is the largest study of its kind to date. Information was gleaned from the organizations that track these events, as well as government sources. Data breaches from 33 countries were included, as well as those from the United States.
This study covers incidents from 2005 through 2010, and includes over 806.2 million known records disclosed.
On average, every single day for the past six years, these organizations lost:
- 388,000 records per day
- 15,000 records per hour
The estimated cost for these breaches comes to more than $156 billion to the organizations experiencing these incidents. This figure does not include the costs that the organizations downstream or upstream may incur, nor that of the data subject victims.
May 2011 GAO Taxes and ID Theft Report
In 2010 alone, the Internal Revenue Service (IRS) identified over 245,000 identity theft incidents that affected the tax system.
Identity theft harms innocent taxpayers through employment and refund fraud. In refund fraud, an identity thief uses a taxpayer's name and Social Security Number (SSN) to file for a tax refund, which IRS discovers after the legitimate taxpayer files.
In employment fraud, an identity thief uses a taxpayer's name and SSN to obtain a job. When the thief's employer reports income to IRS, the taxpayer appears to have unreported income on his or her return, leading to enforcement action.
The IRS and Taxpayers may not discover refund or employment fraud until after legitimate tax returns are filed.
The number of tax-related identity theft incidents (primarily refund or employment fraud attempts) identified by IRS has grown:
Number of Incidents
- 51,702 incidents in 2008
- 169,087 incidents in 2009
- 248,357 incidents in 2010
- 1,000,000+ incidents in 2011
February 2012 ID Theft and Fraud Report - FTC Consumer Sentinel Report
Identity theft was the number one complaint category in the CSN for calendar year 2011 with 15% of the overall complaints.
Government documents/benefits fraud (27%) was the most common form of reported identity theft, followed by credit card fraud (14%), phone or utilities fraud (13%), and bank fraud (9%). Other significant categories of identity theft reported by victims were employment fraud (8%) and loan fraud (3%).
Other types of identity theft categories included:
Identity Theft Complaints by Victims' Age:
Top 10 states with the highest per capita rate of reported identity theft complaints include:
March 2012 Ponemon Cost of a Data Breach Study
Data breach costs have continued to rise:
- Data breaches continue to cost organizations more every year.
- The average organizational cost of a data breach in 2010 increased to $7.2 million, up 7% from $6.8 million in 2009.
- Total breach costs have grown every year since 2006.
- Data breaches in 2011 cost their companies an average of $194 per compromised record.
2012 Privacy Rights Clearinghouse - (www.privacyrights.org)
- 563,335,224 Total Records Breached
- 3,284 Total Data Breaches made public since 2005 through August, 2012
Public Data Breach Events since 2005 - 2,670 breaches totaling 535,605,215 records
Public Data Breach Events in 2012 - 213 breaches totaling 8,524,426 records
Organizational Type for Years 2005 – August, 2012
BSO - Businesses - Other - 420 breaches totaling 14 million records
BSF - Businesses - Financial and Insurance Services - 446 breaches totaling 255 million records
BSR - Businesses - Retail/Merchant - 368 breaches totaling 117 million records
EDU - Educational Institutions – 639 breaches totaling 10.2 million records
GOV - Government and Military - 584 breaches totaling 141.4 million records
MED - Healthcare - Medical Providers - 749 breaches totaling 23 million records
NGO - Nonprofit Organizations - 78 breaches totaling 1.8 million records
Type of Breaches for years 2005 – August, 2012
Unintended disclosure (DISC) - 582 breaches totaling 25 million
Hacking or malware (HACK) - 685 breaches totaling 315 million
Payment Card Fraud (CARD) - 47 breaches totaling 7.2 million
Insider (INSD) - 371 breaches totaling 32.3 million
Physical loss (PHYS) - 414 breaches totaling 2.9 million
Portable device (PORT) - 876 breaches totaling 170.5 million
Stationary device (STAT) - 205 breaches totaling 7.2 million
Unknown or other (UNKN) - 104 breaches totaling 2.9 million
Definitions of Breach Types
- Unintended Disclosure (DISC) - Sensitive information posted publicly.
- Hacking or malware (HACK) - Electronic entry via outside party, malware and spyware.
- Payment Card Fraud (CARD) - Fraud with debit and credit cards such as skimming devices at point-of-service terminals.
- Insider (INSD) - Someone with legitimate access intentionally breaches information.
- Physical loss (PHYS) - Lost, discarded or stolen non-electronic records.
- Portable device (PORT) - Lost, discarded or stolen laptop, smartphone or flash drive.
- Stationary device (STAT) - Lost, discarded or stolen stationary electronic device or server not designed for mobility.
- Unknown or other (UNKN) - Unknown or other.
Organizational Type in 2012
BSO - Businesses - Other - 58 breaches totaling 4,708 records
BSF - Businesses - Financial and Insurance Services - 33 breaches totaling 7.2 million records
BSR - Businesses - Retail/Merchant - 66 breaches totaling 169,269 records
EDU - Educational Institutions - 55 breaches totaling 1.2 million records
GOV - Government and Military - 58 breaches totaling 9.7 million
MED - Healthcare - Medical Providers - 132 breaches totaling 570,618 records
NGO - Nonprofit Organizations - 9 breaches totaling 28,142 records
Types of Breaches for 2011
Unintended disclosure (DISC) - 66 breaches totaling 8.6 million records
Hacking or malware (HACK) - 143 breaches totaling 1.3 million records
Payment Card Fraud (CARD) - 6 breaches totaling 7 million records
Insider (INSD) - 48 breaches totaling 160,840 records
Physical loss (PHYS) - 50 breaches totaling 19,200 records
Portable device (PORT) - 67 breaches totaling 1.8 million records
Stationary device (STAT) - 13 breaches totaling 26,671 records
Unknown or other (UNKN) - 18 breaches totaling 3,726 records