Identity Theft Statistics 2026: The Numbers That Actually Matter
If you want to understand your real risk of identity theft, skip the scare headlines and look at what the primary sources actually report. We pulled the latest numbers from the four organizations that track this best — the FBI, the FTC, Javelin Strategy & Research, and the Identity Theft Resource Center — and laid them out plainly.
Every figure below is sourced. Where the most recent full-year data is 2025, we say so; where an agency's latest complete book still covers 2024, we say that too.
The headline numbers
| Metric | Figure | Year | Source |
|---|---|---|---|
| Traditional identity fraud losses | $27.3 billion | 2025 | Javelin |
| Identity fraud victims | 18 million | 2025 | Javelin |
| Combined fraud + scam losses | $38 billion | 2025 | Javelin |
| Total reported cybercrime losses | $20.9 billion | 2025 | FBI IC3 |
| Total fraud losses reported to the FTC | $12.5 billion | 2024 | FTC |
| Data compromises tracked | 3,322 | 2025 | ITRC |
A note on why the loss totals differ: each body measures something different. Javelin surveys consumers and estimates all identity fraud. The FBI counts only crimes reported to IC3. The FTC counts what consumers report to it. None of them captures everything — most fraud goes unreported — so treat these as floors, not ceilings.
Identity fraud: $27.3 billion, 18 million victims
Javelin's 2026 Identity Fraud Study, titled The Illusion of Progress, is the most complete picture of U.S. identity fraud. The 2025 findings:
- $27.3 billion lost to traditional identity fraud, holding roughly steady year over year.
- 18 million Americans hit by traditional identity fraud.
- $38 billion and 36 million victims once scams are counted alongside identity fraud — down $9 billion from 2024.
The "illusion of progress" is the point. Top-line losses look flat or even improving, but the composition is getting worse:
- New-account fraud — a criminal opening accounts in your name — saw victims jump 31%, from 4.2 million to 5.4 million.
- Account takeover rose 18%, from 5.1 million to 6 million victims.
Those two categories are exactly the kind of damage that's slow and painful to unwind, because the fraud is attached to your identity, not just a stolen card number.
Want full protection beyond link checks? Aura monitors threats, blocks phishing & protects your identity — all in one app.
Try Aura →The FBI: record $20.9 billion in reported losses
The FBI's 2025 Internet Crime Report (from its Internet Crime Complaint Center, IC3) set records on both losses and volume:
| Metric | 2024 | 2025 |
|---|---|---|
| Total reported losses | $16.6 billion | $20.9 billion (+26%) |
| Total complaints | 859,532 | 1,008,597 |
It's the first time IC3 has crossed both $20 billion and one million complaints in a single year.
Phishing is still the #1 attack — and the entry point to identity theft
This is the stat most relevant to staying safe day to day. Phishing and spoofing was the single most-reported crime type to the FBI in 2025 — for the third straight year:
- 191,561 phishing/spoofing complaints (about 19% of all complaints).
- Phishing losses jumped 208%, from $70 million to $215.8 million.
Phishing matters out of proportion to its own dollar figure, because it's how the credentials behind identity theft get stolen in the first place. A single convincing fake login page is the front door to account takeover and new-account fraud.
That's the whole reason knowing how to vet a link before you click it is a core skill — see How to Identify Phishing Links and Is This Link Safe to Click?.
The FTC: where the reports actually come from
The FTC's Consumer Sentinel Network Data Book is the largest public database of consumer fraud reports. Its most recent complete edition covers 2024 (published March 2025):
- 6.5 million total consumer reports.
- $12.5 billion reported lost to fraud — a 25% jump over the prior year.
- Identity theft made up 18% of all reports.
- Credit card fraud was the top identity-theft type, with 449,032 reports of misuse on existing or new cards.
- Investment scams were the costliest category at $5.7 billion; imposter scams drew 845,806 reports and $2.95 billion in losses.
One forward-looking signal: the FTC's interim data shows identity theft reports filed between January and September 2025 already exceeded the full-year 2024 total — so the 2025 book is unlikely to bring better news.
RecommendedAll-in-one identity protection with $1M Insurance, credit monitoring, VPN & antivirus. From $10/mo.
* Affiliate link. We may earn a commission at no extra cost to you.
Data breaches: a record 3,322 compromises
Identity theft starts with exposed data, and the Identity Theft Resource Center's 2025 Annual Data Breach Report shows the supply isn't slowing:
| Metric | 2024 | 2025 |
|---|---|---|
| Data compromises | 3,152 | 3,322 (record) |
| Victim notices | ~1.37 billion | 278.8 million |
| Breaches with no disclosed cause | 65% | 70% |
Two things to read carefully here:
- Victim notices fell sharply — but only because 2025 lacked the handful of "mega-breaches" that inflated 2024. The number of breaches still hit an all-time high.
- Transparency is getting worse. Seven in ten breach notices in 2025 didn't say how the breach happened, up from 65% in 2024 — which leaves the people affected with less information to protect themselves.
And the consumer-side reality: in ITRC's survey, 80% of people said they'd received a data breach notice in the past 12 months. Exposure is now close to universal.
If you've gotten one of those notices, here's the step-by-step: What to Do After a Data Breach.
What the data actually tells you
Strip it down and four things stand out:
- Exposure is near-universal. Record breaches, 80% of people notified in a year — assume your data is already out there.
- The dangerous fraud is growing even as totals flatten. New-account fraud (+31%) and account takeover (+18%) are exactly the hardest types to reverse.
- Phishing is the front door. It's the most-reported attack three years running, and it's how the credentials get stolen. Link vigilance is genuinely preventive.
- Stolen data doesn't expire. A 2025 breach can surface as fraud years later — which is why a one-time cleanup matters less than ongoing monitoring.
That last point is the case for continuous identity and credit monitoring rather than a one-and-done reaction. If you want to see what that actually covers, we break it down in the Aura pricing guide and the full Aura review. For whether it's worth paying for at all, see Do I Need Identity Theft Protection?.
Sources & citation
All figures on this page come from primary research, current as of June 2026:
- FBI IC3 — 2025 Internet Crime Report (released April 2026)
- FTC — Consumer Sentinel Network Data Book 2024 (released March 2025; latest complete edition)
- Javelin — 2026 Identity Fraud Study: The Illusion of Progress
- Identity Theft Resource Center — 2025 Annual Data Breach Report
Writing about identity theft and want to cite these numbers? Link back to this page (/statistics/Identity-Theft-Statistics-2026) and we'll keep it updated as the 2026 reports land.
RecommendedAward-Winning Online Safety — All in One Place
Aura brings together everything you need to stay safe online — identity monitoring, credit protection, VPN, antivirus, and a password manager — in a single, easy-to-use platform. Ranked best in class by Forbes Advisor, US News, and Money.
$1M
Identity Insurance per adult
3
Credit bureaus monitored
4.6★
Trustpilot rating
24/7
U.S.-based expert support
* Affiliate link. We may earn a commission at no extra cost to you.
Sources & References
Frequently Asked Questions
How much did identity fraud cost in 2025?
Traditional identity fraud cost Americans $27.3 billion across roughly 18 million victims in 2025, according to Javelin's 2026 Identity Fraud Study. Counting scams alongside it, the combined total reached $38 billion and 36 million victims.
How common is identity theft?
Very. Javelin counted about 18 million traditional identity fraud victims in the U.S. in 2025, and the FTC's Consumer Sentinel Network logged 6.5 million total consumer reports in 2024, with identity theft making up 18% of them. New-account fraud victims alone rose 31% year over year.
What is the most reported type of cybercrime?
Phishing and spoofing — the tactic most commonly used to steal the credentials behind identity theft. The FBI's IC3 logged 191,561 phishing/spoofing complaints in 2025, the most-reported crime type for the third year running, and phishing losses jumped 208% to $215.8 million.
How many data breaches happened in 2025?
The Identity Theft Resource Center tracked 3,322 data compromises in 2025 — a new record, up 5% from 2024. Notably, 70% of breach notices didn't disclose how the breach happened, up from 65% the year before.
Are identity theft losses going up or down?
It depends what you measure. Reported cybercrime losses hit a record $20.9 billion in 2025 (FBI IC3), and data breaches set a new record — but Javelin's combined fraud-and-scam losses actually fell $9 billion year over year. The takeaway: headline totals are stabilizing while the underlying mix shifts toward credential theft and new-account fraud.