The FTC received 1,135,270 identity theft reports in 2024, a 9.5% increase from the 1,036,845 complaints logged in 2023, according to the Consumer Sentinel Network. Javelin Strategy and Research estimated that identity fraud caused $27.3 billion in losses affecting 18 million victims in 2025. Someone in the United States becomes a victim of identity theft approximately every 4.9 seconds, and an estimated 22% of Americans experience identity theft at some point in their lives.
The data below spans complaint volumes, financial losses, victim demographics, geographic trends, and emerging threats from AI-driven fraud.
Key Takeaways
- The FTC received 1,135,270 identity theft complaints in 2024, a 9.5% increase from 2023.
- Combined identity fraud and scam losses totaled $38 billion in 2025, affecting 36 million victims, according to Javelin Strategy and Research.
- Credit card fraud led identity theft types with 449,076 FTC reports in 2024.
- The FBI IC3 documented $20.9 billion in cybercrime losses in 2025, a 26% increase from the prior year.
- Millennials account for 42% of identity theft reports, the highest of any generation.
- Data breaches hit a record 3,322 compromises in 2025, a 79% jump over five years, per the ITRC.
- Victims spend an average of 10 hours resolving identity fraud, up from 6 hours in 2022, according to Javelin.
Editor’s Choice
- Identity fraud losses reached $27.3 billion in 2025, relatively flat compared to $27.2 billion in 2024, affecting 18 million victims.
- Account takeover losses exceeded $15 billion in 2025, the costliest fraud type, with 6 million victims, up 18% from 2024.
- New account fraud surged to $7 billion, up 13% year-over-year, with 5.4 million victims, up 31% from 2024.
- Florida reported 528 identity theft cases per 100,000 residents, the highest state rate in 2024.
- Credential theft increased 160% in 2025, with 1.8 billion logins stolen from 5.8 million infected hosts.
- An estimated 17.3 billion stolen session cookies circulated on the dark web in 2024.
- US data breach costs averaged $10.22 million per incident in 2025, an all-time regional high per IBM.
Recent Developments
- The FBI IC3 2025 report documented $20.9 billion in cybercrime losses across over 1 million complaints, released April 2026.
- Javelin’s 2026 Identity Fraud Study found combined losses of $38 billion affecting 36 million victims, released April 2026.
- The ITRC Q1 2026 analysis recorded 780 data compromises generating nearly 140 million victim notices, released April 2026.
- Europol and Microsoft disrupted the Tycoon 2FA phishing-as-a-service infrastructure in March 2026, reducing credential theft by 41% week-over-week.
- The ITRC 2025 Annual Report confirmed a record 3,322 data compromises, a 79% five-year jump, released January 2026.
- Credential theft surged 160% in 2025, with 1.8 billion logins stolen from 5.8 million infected hosts, per Recorded Future data released in March 2026.
Identity Theft Reports and Complaints by Year
- The FTC Consumer Sentinel Network received more than 6.47 million consumer reports in 2024, covering fraud, identity theft, and other categories.
- Identity theft accounted for 18% of all Sentinel reports in 2024, ranking as the second-largest category behind Credit Bureaus and Information Furnishers at 21%.
- FTC identity theft reports grew from approximately 325,000 in 2001 to 6.47 million total consumer reports in 2024, roughly a 20-fold increase over two decades.
- Identity theft incidents have increased nearly 85% over the past decade.
- Imposter scams generated 847,346 complaints in 2024, a 1% decrease from 2023, making them the most-reported fraud type.
- Online shopping scams accounted for 386,487 complaints in 2024, a 1.8% increase from the prior year.
- The “other identity theft” category (online shopping, payment account, email, and social media fraud) generated 359,008 complaints, a 38% increase and the largest growth category.
- Consumers reported losing more than $12.5 billion to fraud in 2024, representing a 25% increase over the prior year, per the FTC.
| Year | Total FTC Reports | Identity Theft Reports | YoY Change |
| 2001 | 325,519 | N/A | N/A |
| 2009 | 1,428,977 | N/A | N/A |
| 2014 | 2,620,931 | N/A | N/A |
| 2019 | 3,485,938 | 650,572 | N/A |
| 2023 | 5,478,311 | 1,036,845 | N/A |
| 2024 | 6,471,708 | 1,135,270 | +9.5% |
Source: FTC Consumer Sentinel Network
Identity Theft Financial Losses
- Combined identity fraud and scam losses totaled $38 billion in 2025, down $9 billion from 2024, per Javelin Strategy and Research.
- Identity fraud alone resulted in $27.3 billion in losses in 2025, relatively flat compared to $27.2 billion in 2024.
- Scam-related losses declined 45% year-over-year to $10.7 billion in 2025.
- The FTC reported consumers lost more than $12.5 billion to fraud in 2024, a 25% increase from the prior year.
- The median reported loss per victim reached $497 in 2024.
- Nearly 125,000 people reported losses exceeding $10,000 each in 2024.
- Bank transfer and payment fraud cost consumers over $2 billion in 2024, compared to $275 million for credit card fraud specifically.
- An AARP-sponsored Javelin report estimated identity fraud cost Americans an estimated $47 billion in 2024, with roughly 18.2 million victims.
- The FBI IC3 documented total cybercrime losses of $20.9 billion in 2025, a 26% increase from the previous year.
| Year | FTC Total Fraud Losses | Identity Fraud Losses (Javelin) | Median Victim Loss (FTC) |
| 2020 | $3.3 billion | $13 billion | $311 |
| 2021 | $5.8 billion | $24 billion | $500 |
| 2022 | $8.8 billion | $43 billion | $500 |
| 2023 | $10.0 billion | $47 billion | $500 |
| 2024 | $12.5 billion | $47 billion | $497 |
| 2025 | N/A | $27.3 billion | N/A |
Source: FTC Consumer Sentinel Network, Javelin Strategy and Research
Identity Theft by Type
- Credit card fraud topped all identity theft types with 449,076 reports in 2024, a 7.8% increase from 416,466 in 2023.
- The “other identity theft” category generated 359,008 complaints in 2024, a 38% increase, making it the fastest-growing type.
- Loan or lease fraud accounted for 176,409 complaints in 2024.
- Bank account theft generated 114,626 complaints in 2024.
- Employment or tax-related fraud produced 87,473 complaints in 2024.
- Medical identity theft accounted for 10,116 reports in 2024, a smaller category but one that can corrupt health records and affect the medical care victims receive.
- Credit card fraud represented approximately 43.9% of all identity theft reports.
- Miscellaneous identity theft (online shopping, payment, email, and Gen Z social media fraud accounted for 32.4% of reports.
Identity Theft Victims by Age and Generation
- Millennials (ages 30 to 44) account for 42% of identity theft reports, the highest share of any generation.
- Gen X (ages 45 to 60) accounts for 24% of identity theft reports.
- Gen Z (ages 18 to 29) accounts for 21% of reports, driven by active digital presence and online financial transactions.
- Baby Boomers (ages 61 to 79) account for 11% of identity theft reports but experience higher per-incident losses exceeding $1,000.
- Adults in their 70s reported losing a median of $1,000, compared with a median of about $417 for those in their 20s.
- People aged 80 and over had median reported losses exceeding $1,600, the highest of any age group.
- Approximately 51% of identity theft victims had an annual household income of $75,000 or more, per the Bureau of Justice Statistics.
- People with an annual income of $24,999 or less accounted for 12% of identity theft victims.
- Approximately 24 million Americans had their identity stolen over a 12-month period, according to Bureau of Justice Statistics data.
Identity Theft Among Older Adults
- Total fraud losses reported by older adults (ages 60 and over) increased about fourfold from about $600 million in 2020 to $2.4 billion in 2024, per the FTC.
- Older consumers reported $159 million in losses to tech support scams in 2024.
- Identity theft complaints involving Americans 60 and older filed with the FBI IC3 totaled 5,359 complaints and $48.5 million in reported losses in 2025, a roughly 70% increase from 2024.
- Adults in their 70s reported losing a median of $1,000, compared with a median of about $417 reported by those in their 20s.
- People 80 and over had median reported losses exceeding $1,600, the highest per-incident loss of any demographic group tracked in attention span research.
- Approximately 1.1 million child identity theft incidents occurred in 2024, per an AARP-sponsored report.
- Investment scams generated the highest total losses among older adults in 2024.
- Phone-based fraud contact generated median losses of $1,500, compared to $600 for email-based contact, with older adults disproportionately targeted by phone scams.
| Age Group | Median Loss | Total Losses (2024) | Change 2020-2024 |
| 20-29 | $417 | N/A | N/A |
| 60-69 | $800 | $1.1 billion | +300% |
| 70-79 | $1,000 | $850 million | +350% |
| 80+ | $1,600+ | $450 million | +400% |
| All 60+ | $1,000+ | $2.4 billion | +300% |
Source: FTC Protecting Older Consumers Report
Identity Theft by State and Region
- Florida reported the highest identity theft rate at 528 cases per 100,000 residents in 2024, with 115,842 total reports, a 24% increase.
- Georgia ranked second with 517 cases per 100,000 residents and 55,954 total reports, a 15% increase.
- Georgia and Florida were the only two states to report more than 2,000 cases of fraud and more than 500 identity theft incidents per 100,000 residents in 2024.
- The Miami-Fort Lauderdale metropolitan area had the highest metro rate at 903 reports per 100,000 population.
- The Atlanta metro area ranked second among metro areas at 690 reports per 100,000 people.
- The Houston metro area reported 573 per 100,000, and the Las Vegas metro area reported 570 per 100,000.
- Florida residents face over 5 times higher identity theft risk than South Dakota residents.
- South Dakota and North Dakota consistently reported the fewest identity theft cases per capita.
Credit Card Fraud Statistics
- Credit card fraud was the most commonly reported type of identity theft, with the FTC receiving 449,076 reports in 2024, a 7.8% increase from 416,466 in 2023.
- Credit card fraud accounted for approximately 43.9% of all identity theft reports filed with the FTC in 2024.
- Bank transfer and payment fraud cost consumers over $2 billion in 2024, compared to $275 million for credit card fraud losses specifically.
- The FTC categorizes credit card fraud as both misuse of existing accounts and fraudulent new card applications.
- Account takeover (which includes credit card takeover) losses exceeded $15 billion in 2025, with 6 million victims, up 18% from 2024.
- Email-based fraud contact generated median losses of $600, while phone-based contact produced median losses of $1,500 per victim.
- The FTC received 371,664 phishing-related reports in 2024, a primary method criminals use to steal credit card information.
- Investment fraud had the highest proportion of complaints resulting in monetary losses at 79%, with total losses of $5.8 billion, a 20% increase from 2023.
| Year | Credit Card Fraud Reports | Share of ID Theft | Bank Transfer Losses |
| 2019 | 271,823 | 41.8% | N/A |
| 2020 | 393,207 | 29.4% | N/A |
| 2021 | 389,737 | 28.0% | N/A |
| 2022 | 399,785 | 40.2% | N/A |
| 2023 | 416,466 | 40.2% | N/A |
| 2024 | 449,076 | 43.9% | $2 billion+ |
Source: FTC Consumer Sentinel Network
Data Breaches and Identity Theft
- The ITRC tracked a record 3,322 data compromises in the United States in 2025, an increase of 5% from 3,158 in 2024 and surpassing the previous record of 3,202 set in 2023.
- The number of victim notices in 2025 was 278,827,933, a decrease of 79% from 1,367,117,021 in 2024.
- The decline in victim notices resulted from the absence of “mega-breaches” in 2025, unlike 2024, which had five breaches each exceeding 100 million notices.
- Seventy percent (2,324) of data breach notices in 2025 did not include attack information, compared to 65% in 2024 and 45% in 2023.
- Eighty percent of survey respondents had received a data breach notice in the last 12 months.
- Nearly 40% of respondents received 3 to 5 separate data breach notices in the past year.
- Supply chain breaches affected 1,251 entities in 2025, nearly double the 2024 figure.
- The ITRC Q1 2026 analysis recorded 780 compromises in the first three months of the year, generating nearly 140 million victim notices.
- Financial Services remained the most breached industry in Q1 2026 with 166 compromises, followed by Professional Services at 122 and Healthcare at 110.
By the numbers: According to the ITRC, the United States recorded 3,322 data compromises in 2025, a 79% jump over five years. Supply chain breaches nearly doubled to 1,251 affected entities, while 70% of breach notices omitted attack details, making post-breach identity protection harder for consumers.
| Year | Data Compromises | Victim Notices | Attack Info Missing |
| 2021 | 1,862 | 293 million | 35% |
| 2022 | 1,802 | 422 million | 40% |
| 2023 | 3,202 | 419 million | 45% |
| 2024 | 3,158 | 1.37 billion | 65% |
| 2025 | 3,322 | 278.8 million | 70% |
| Q1 2026 | 780 | 140 million | N/A |
Source: Identity Theft Resource Center
Synthetic Identity Fraud Statistics
- TransUnion’s internal analysis showed US lender exposure to synthetic identities for credit cards, auto loans, personal loans, and retail cards totaled $3.3 billion in potential losses at the end of 2024.
- Auto lenders are the most exposed to synthetic fraud, with losses in the first half of 2024 totaling $2 billion.
- Research from Sumsub reported a 311% increase in synthetic identity document fraud between Q1 2024 and Q1 2025.
- Synthetic account fraud attempts grew 153% from late 2023 to early 2024.
- An estimated 64% of industry respondents cited AI and deepfake concerns as a top fraud threat.
- The Federal Reserve Bank of Boston reported that generative AI makes synthetic identity fraud harder to detect, as AI can create more realistic fabricated identities.
- The Federal Reserve launched its synthetic identity fraud awareness initiative in 2018 and released a Mitigation Toolkit in early 2022.
- New account fraud, a category closely tied to synthetic identities, reached $7 billion in losses in 2025, up 13% year-over-year, with 5.4 million victims.
Key finding: According to TransUnion, US lender exposure to synthetic identities totaled $3.3 billion at the end of 2024, with auto lenders absorbing $2 billion in the first half alone. Sumsub documented a 311% surge in synthetic document fraud over 12 months, while 64% of industry respondents flagged AI-generated deepfakes as a top fraud threat.
| Category | Exposure/Loss | Growth Rate | Source |
| Total Lender Exposure | $3.3 billion | N/A | TransUnion |
| Auto Lending Losses (H1 2024) | $2 billion | N/A | TransUnion |
| Synthetic Document Fraud | N/A | +311% (Q1 2024 to Q1 2025) | Sumsub |
| Synthetic Account Attempts | N/A | +153% (late 2023 to early 2024) | Sumsub |
| New Account Fraud (2025) | $7 billion | +13% YoY | Javelin |
Source: TransUnion, Sumsub, Javelin Strategy and Research
Cybercrime and Identity Theft Losses (FBI IC3)
- The FBI IC3 documented total losses of $20.9 billion in 2025, a 26% increase from the prior year.
- The IC3 received over 1 million complaints for the first time, up from 859,532 in 2024, averaging approximately 3,000 complaints per day.
- Investment fraud remained the costliest category at $8.6 billion in reported losses.
- Business email compromise accounted for $3.04 billion, up from $2.77 billion in 2024.
- AI-related cybersecurity threats generated approximately $900 million in losses from about 22,000 complaints.
- Phishing losses increased threefold to $215.8 million from $70 million in 2024.
- Identity theft complaints involving Americans 60 and older totaled 5,359 complaints and $48.5 million in reported losses in 2025, a roughly 70% increase from 2024.
- The IC3 identified 63 new ransomware variants in 2025, with ransomware losses reaching $32.3 million, up 159% from the prior year.
Identity Theft Recovery Time and Cost
- Consumers spent an average of 10 hours resolving identity fraud in 2024, up from 6 hours in 2022, per Javelin Strategy and Research.
- Only 12% of victims seeking ITRC assistance resolved their identity theft issues within one week.
- Nearly 48% of identity theft cases assisted by the ITRC remained unresolved after 12 months.
- Victims not seeking ITRC assistance showed faster resolution, with 48% resolved in under a week.
- The ITRC estimates average out-of-pocket costs of $1,500 or more for identity theft victims.
- The ITRC reported that 67% of identity theft victims experience significant emotional distress.
- The IRS takes an average of 22 months to help victims recover their identity through its assistance program.
- Identity theft victims report an average loss of 200 hours when dealing with fraud-related situations in severe cases.
The recovery data reveal a counterintuitive pattern: victims who seek professional help through the ITRC resolve issues more slowly than self-resolvers. This selection bias likely reflects the severity of cases that prompt professional assistance, meaning published recovery timelines overstate difficulty for typical identity theft incidents.
| Recovery Metric | Finding | Source |
| Average Resolution Time | 10 hours | Javelin (2024) |
| Severe Case Resolution | 200 hours | Security.org |
| ITRC-Assisted: Resolved in 1 Week | 12% | ITRC/Experian |
| ITRC-Assisted: Unresolved After 12 Months | 48% | ITRC/Experian |
| Self-Resolved in 1 Week | 48% | ITRC/Experian |
| Average Out-of-Pocket Cost | $1,500+ | ITRC |
| IRS Recovery Timeline | 22 months | IRS |
| Emotional Distress Rate | 67% | ITRC |
Source: Javelin Strategy and Research, ITRC, IRS
Dark Web and Stolen Credentials
- SpyCloud found more than 53 billion unique identity records on the web in its 2025 report, with 7.6 billion recaptured in 2024 alone.
- An estimated 17.3 billion stolen session cookies circulated the dark web in 2024, allowing attackers to impersonate legitimate users without credentials, MFA, or passkeys.
- Credential theft surged 160% in 2025, with 1.8 billion logins stolen from 5.8 million infected hosts, per Recorded Future, reinforcing trends tracked in Google search statistics around credential-related query growth.
- Constella processed over 27.9 billion identity records in 2025, a 135% year-over-year increase from breaches, data leaks, and infostealer packages.
- Constella processed 51.7 million infostealer packages in 2025, a 72% increase year-over-year, identifying 24.8 million unique infected devices.
- Credential-related breaches cost an average of $4.81 million and take 292 days to detect and contain, per Microsoft 365 platform statistics.
- Recorded Future identified 50% more credentials in the second half of 2025 than in the first half, and 90% more in the last three months than in the first three months.
- Password manager users reported an identity theft rate of 17%, compared with 32% for non-users.
| Metric | Volume (2024-2025) | YoY Change |
| Unique Identity Records | 53 billion+ | N/A |
| Records Recaptured (2024) | 7.6 billion | N/A |
| Stolen Session Cookies | 17.3 billion | N/A |
| Login Credentials Stolen (2025) | 1.8 billion | +160% |
| Identity Records Processed (Constella) | 27.9 billion | +135% |
| Infostealer Packages (Constella) | 51.7 million | +72% |
| Infected Devices Identified | 24.8 million | N/A |
Source: SpyCloud, Recorded Future, Constella
AI-Driven Identity Fraud Trends
- The FBI IC3 reported approximately $900 million in AI-related cybercrime losses from about 22,000 complaints in 2025.
- Javelin’s 2026 study found that scammers are increasingly stealing information instead of money, with 30% of scam victims reporting they provided banking details to scammers.
- Bank imposter scams rose sharply between 2024 and 2025, contributing to growing distrust in financial communications.
- Among alert recipients who did not respond, 55% believed the message was a scam, per Javelin.
- An estimated 64% of industry respondents cited AI workforce disruption and deepfake concerns as a top fraud threat.
- New account fraud losses reached $7 billion in 2025, up 13% year-over-year, with 5.4 million victims, up 31% from 2024.
- Phishing losses tripled to $215.8 million from $70 million in 2024, driven partly by AI-generated phishing content.
- The Federal Reserve Bank of Boston reported that generative AI makes fraudulent communications more convincing and harder to detect, expanding the reach of fraud schemes.
Javelin’s findings about information theft over money theft signal a structural shift. Current loss statistics systematically undercount future identity fraud exposure because stolen banking details set up fraud that will not appear in loss figures until the data gets exploited, potentially months or years later.
| AI Fraud Metric | Value | Context |
| AI-Related Cybercrime Losses | $900 million | FBI IC3, 2025 |
| AI-Related Complaints | 22,000 | FBI IC3, 2025 |
| Scam Victims Providing Banking Details | 30% | Javelin 2026 |
| Alert Recipients Suspecting Scam | 55% | Javelin 2026 |
| Industry Citing AI/Deepfake as Top Threat | 64% | TransUnion/Sumsub |
| New Account Fraud Losses | $7 billion | Javelin 2026, +13% YoY |
| Phishing Losses | $215.8 million | FBI IC3, +208% YoY |
Source: FBI IC3, Javelin Strategy and Research, TransUnion
Child Identity Theft and Prevention Statistics
- Approximately 1.1 million child identity theft incidents occurred in 2024, per AARP-sponsored research.
- Password manager users reported an identity theft rate of 17%, compared with 32% for non-users.
- Twenty-four percent of respondents use multi-factor authentication (MFA) for account protection.
- An additional 23% of respondents rely on biometric verification and authentication.
- Infostealer malware harvests live session cookies, system metadata, and autofill data, enabling attackers to bypass MFA entirely through session hijacking.
- Identity theft incidents have increased nearly 85% over the past decade, underscoring the growing need for preventive measures.
- The average cost of a data breach dropped to $4.44 million globally in 2025, a 9% decrease from the all-time high in 2024, per IBM.
- Healthcare remains the costliest sector for data breaches for the 14th consecutive year, with average breach costs reaching $7.42 million per incident.
| Protection Measure | Adoption Rate / Impact | Source |
| Password Manager Use | 17% ID theft rate (vs. 32% non-users) | AARP/Javelin |
| Multi-Factor Authentication | 24% adoption | AARP/Javelin |
| Biometric Verification | 23% adoption | AARP/Javelin |
| Average Data Breach Cost (Global) | $4.44 million | IBM |
| Average Data Breach Cost (US) | $10.22 million | IBM |
| Healthcare Breach Cost | $7.42 million | IBM |
| Child Identity Theft Incidents | 1.1 million (2024) | AARP |
Source: AARP, Javelin Strategy and Research, IBM
Frequently Asked Questions (FAQs)
The FTC received 1,135,270 identity theft reports in 2024, a 9.5% increase from the prior year. Someone becomes a victim approximately every 4.9 seconds, and an estimated 22% of Americans experience identity theft during their lifetime, per Security.org analysis of FTC data.
Credit card fraud ranks as the most commonly reported identity theft type, with 449,076 FTC complaints in 2024. Credit card fraud accounts for approximately 43.9% of all identity theft reports. The “other” category (online shopping, payment accounts, social media) ranks second with 359,008 reports.
The median loss per identity theft victim reached $497 in 2024, according to FTC data. Losses vary significantly by age, with adults 80 and over reporting median losses exceeding $1,600 and adults in their 20s reporting median losses of approximately $417.
Florida reported the highest rate at 528 identity theft cases per 100,000 residents in 2024. Georgia followed at 517 per 100,000. Among metro areas, Miami-Fort Lauderdale led at 903 reports per 100,000. South Dakota and North Dakota had the lowest per-capita rates.
Consumers spent an average of 10 hours resolving identity fraud in 2024, per Javelin research. Severe cases require up to 200 hours. The IRS takes an average of 22 months to help victims recover their identity through its tax-related assistance program.
Synthetic identity fraud involves combining real and fabricated personal information to create a new fictitious identity. TransUnion estimates US lender exposure at $3.3 billion as of 2024. Synthetic document fraud surged 311% between Q1 2024 and Q1 2025, with generative AI making fabricated identities harder to detect.
Conclusion
Identity theft reports grew 9.5% to 1,135,270 in 2024. Combined fraud losses reached $38 billion in 2025, per Javelin. The data reveals three structural trends: rising complaint volumes driven by digital transaction growth, an accelerating role for AI in both perpetrating and scaling fraud, and a widening gap between reported losses and actual exposure as scammers shift toward information theft over direct financial extraction.
Consumers tracking their credit activity, financial institutions investing in synthetic identity detection, and policymakers evaluating regulatory responses to AI-driven fraud all benefit from monitoring these trends. The shift from money theft to data theft means the numbers reported this year likely understate the fraud that will materialize in the coming years.
Data in this report was cross-referenced against FTC Consumer Sentinel Network filings, FBI IC3 annual reports, Javelin Strategy and Research studies, and ITRC data breach tracking.
