Platform

Product

Solutions

Integrations

Integrations

Resources

Help center

Pricing

Start Your 14-Day Free Trial

Pricing

Manage your Device Fleet

Unified Device Management

Mobile Device Management

Unified Endpoint Management

MDM for Education

Linux MDM

Windows MDM

Apple MDM

Android MDM

NVIDIA Drive OS

Remote Monitoring

Rust Desk

Live Terminal

Smart Group

Self Service Portal

MSP Program

SECURITY

Compliance Benchmark

Compliance Dashboard

Intelligence

TrustClaw

Shadow IT

Swif IQ

Swif Browser Extension

Device CVE Report

Slack

Access management and notifications

Zoom

Access management

Google

Employee management

Deel

Employee management

Azure AD

Employee management

Okta

Enforce SSO and identity policies

Workbrew

Automate local CLI deployments

Vanta

Track security compliance across devices

Drata

Track security compliance across devices

Thoropass

Track security compliance across devices

Sprinto

Track security compliance across devices

Delve

Automate device compliance & auditing

Comply Jet

Sync device compliance for audits

SecureFrame

Sync device compliance for audits

Swif for

Enterprise

Fintech

Healthtech

vCISO

Frameworks

SOC 2

ISO 27001

HIPAA

NIS 2

Countries

India

United Kingdom

Brazil

Switzerland

Canada

Australia

Italy

Spain

France

Mexico

Philippines

South Africa

New Zealand

Netherlands

Kenya

Malaysia

Poland

Colombia

Argentina

Pakistan

Thailand

Turkey

United Arab Emirates

Indonesia

Austria

Singapore

Saudi Arabia

Germany

Back

About us

Partners

Partner with us

Product Hunt

SXSW

Blog

Case Study

Newsletter

Partners

Shadow IT report

Release Notes

FAQ

Roadmap

Status

Help Center

Cybersecurity Health Checker tool

Trust Center

Product

MSSP Package

Log inContact salesStart Your 14-Day Free Trial
Help Center
Contact sales

Identity Theft Statistics for 2026

Contact Sales

By

Hadley McIntosh - Head of Growth

·

June 1, 2026

·

9 inutes

Identity theft remains one of the most expensive consumer crimes in the United States. According to the Federal Trade Commission, Americans filed more than 1.1 million identity theft reports in 2024 and lost over $12.5 billion to fraud overall, a 25 percent jump from the previous year. The Javelin Strategy and Research 2026 Identity Fraud Study puts the specific cost of identity fraud at $27.3 billion in 2025, roughly flat with 2024 but masking a sharp rise in account takeover and AI-enabled attacks. The Identity Theft Resource Center tracked a record 3,322 data compromises in 2025, the highest annual total in the 20-year history of its report, which is what keeps fueling new identity crime year after year.

Key identity theft statistics at a glance

  • $27.3 billion: total US identity fraud losses in 2025, essentially flat with the $27.2 billion lost in 2024 (Javelin 2026 Identity Fraud Study).
  • 1,135,000+: identity theft reports submitted to the FTC's IdentityTheft.gov in 2024, the second-highest annual total on record (FTC, March 2025).
  • $12.5 billion: total US consumer fraud losses reported in 2024, up 25 percent year over year (FTC Consumer Sentinel).
  • 3,322: data compromises tracked in the US in 2025, an all-time high and a 79 percent jump over five years (ITRC 2025 Annual Data Breach Report).
  • $16.6 billion: total US cybercrime losses reported to the FBI in 2024, a 33 percent year-over-year increase (FBI IC3 2024 Internet Crime Report).
  • 6 million: account takeover victims in the US in 2025, up 18 percent from 5.1 million in 2024 (Javelin 2026).
  • 5.4 million: new-account fraud victims in 2025, a 31 percent year-over-year increase (Javelin 2026).
  • 64 percent: share of fraud and identity professionals who flag AI-generated deepfakes as a top fraud threat (Javelin 2026).

23.9 million: Americans aged 16 or older who experienced at least one identity theft incident in a 12-month period, the most recent federal household survey on the topic (Bureau of Justice Statistics, Victims of Identity Theft).

Identity theft reports and consumer fraud losses

The FTC's Consumer Sentinel Network is the largest US clearinghouse for consumer fraud and identity theft complaints. According to the 2024 Data Book, the agency received 6.5 million consumer reports in 2024. Identity theft was the second-largest category, with more than 1.1 million reports, behind only credit bureau and information furnisher complaints (which often originate from identity theft cases anyway).

Of the 2.6 million fraud-specific reports filed in 2024, only 38 percent involved a financial loss, but those losses totaled more than $12.5 billion. That is a $2.5 billion increase over 2023 and the largest year-over-year jump the FTC has ever recorded (FTC, March 2025).

Imposter scams remained the top reported fraud category in 2024, with 845,806 reports and $2.95 billion in losses. Government imposter scams alone took $789 million from consumers, and business and job-opportunity scams stole another $750.6 million (FTC). These categories matter for identity theft because they are the front door: once a scammer has a Social Security number, date of birth, or one-time passcode, account takeover and new-account fraud usually follow.

How much identity fraud costs Americans in 2025

Javelin Strategy and Research has run an annual identity fraud study for 23 years. Its latest edition, The Illusion of Progress, reports that traditional identity fraud cost US consumers $27.3 billion in 2025. That number is essentially flat compared to the $27.2 billion lost in 2024 (which the AARP-sponsored 2025 study documented), but the underlying mix of attacks has shifted in a worrying direction.

Account takeover (ATO) fraud, where a criminal seizes control of a legitimate consumer account, climbed to 6 million victims in 2025, up 18 percent from 5.1 million the year before. New-account fraud, where criminals open lines of credit in a victim's name, jumped 31 percent to 5.4 million victims. Together, those two categories accounted for the largest share of identity-fraud dollars (Javelin 2026). The dollar volume of phishing losses inside that pool tripled year over year, from $70 million in 2024 to $215.8 million in 2025, driven in part by AI-generated lures.

Combined identity fraud and scam losses totaled $38 billion in 2025, down from $47 billion in 2024. Javelin notes that the decline is not necessarily good news: scam losses dropped sharply, but criminals are increasingly converting scam-derived data into longer-term identity fraud that does not always show up in the same reporting year (Javelin 2026).

The cybercrime layer: where stolen identities come from

The FBI Internet Crime Complaint Center (IC3) received 859,532 complaints of suspected internet crime in 2024 and tallied reported losses of more than $16.6 billion, a 33 percent year-over-year increase. Cyber-enabled fraud accounted for 83 percent of those losses, or $13.7 billion.

Phishing and spoofing was the most-reported crime type, followed by extortion and personal-data breaches. Investment fraud, much of it cryptocurrency-related, was the most expensive single category at more than $6.5 billion in reported losses (FBI IC3). For IT and security teams, the through-line is the same: most identity theft starts as a credential or data-exposure event, then matures into account fraud weeks or months later.

Data breaches: the supply chain for identity crime

The Identity Theft Resource Center's 2025 Annual Data Breach Report logged 3,322 publicly reported data compromises in the US, a new all-time high and a 79 percent jump over five years. Notably, this was the first year on record where the number of victim notices fell sharply (down 79 percent to 278.8 million), because 2024's mega-breaches (changes, telecom, payroll providers) did not repeat at the same scale.

By industry, financial services overtook healthcare as the most-breached vertical in 2025 with 739 compromises, followed by healthcare (534), professional services (478), manufacturing (299), and education (188). Transparency continued to deteriorate: 70 percent of breach notices in 2025 did not include attack-vector information, up from 65 percent in 2024 and 45 percent in 2023 (ITRC). For identity theft monitoring, that opacity matters because victims and their employers cannot tell whether credentials, payment data, or full identity records were exposed.

Who gets hit, and how badly

The Bureau of Justice Statistics' most recent Victims of Identity Theft report, based on the Identity Theft Supplement to the National Crime Victimization Survey, found that about 23.9 million Americans aged 16 or older (9 percent of that population) experienced at least one incident of identity theft during a 12-month period. For 76 percent of victims, the most recent incident involved misuse of a single existing account, most often a credit card or bank account. About 59 percent of victims suffered direct financial losses, which together added up to $16.4 billion.

Children remain a disproportionate target. The Javelin-AARP research found that minors are roughly 50 times more likely than adults to have their identity used for fraud, because children's Social Security numbers carry no credit history and the misuse often goes undetected for years (AARP and Javelin). That is the same dataset that drives the often-cited stat that 1.25 million American children were victims of identity fraud in a single year.

Emerging trends and what's new in 2026

Three trends are reshaping the identity theft landscape in 2026, and they are the angles IT and security teams should be ready to brief their boards on.

1. AI-generated identities are now a board-level risk. In Javelin's industry survey for the 2026 study, 64 percent of fraud and identity professionals named AI-generated deepfakes as a top fraud threat for the coming year. Phishing losses tripled year over year, with much of the increase attributed to AI-written messages that are indistinguishable from legitimate corporate communications.

2. Impersonation scams are the front door to new-account fraud. The ITRC's 2025 Trends in Identity Report documented a 148 percent year-over-year rise in impersonation scams, making them the single largest scam category reported to the center. Government imposter scams alone cost consumers $789 million in 2024 (FTC), and they harvest exactly the personally identifiable information needed for downstream identity theft.

3. Breach opacity is making detection harder for IT teams. With 70 percent of 2025 breach notices omitting attack details (ITRC), security and compliance leaders cannot use breach disclosures alone to model exposure. The practical implication is that endpoint and SaaS-side telemetry, especially identity provider logs and device compliance data, now carries more weight than ever in detecting whether stolen credentials are being reused inside an organization.

A fourth, quieter trend is the workplace overlap. The FBI IC3 categorizes business email compromise (BEC) separately from identity theft, but the underlying credential and identity abuse is nearly identical. Cyber-enabled fraud accounted for 83 percent of all 2024 IC3 losses (FBI IC3). For IT and security teams, that means consumer identity theft data is increasingly a leading indicator of the BEC risk facing the same employees on Monday morning.

What identity theft statistics mean for IT and security teams

The numbers above are consumer-facing, but the underlying behaviors hit employers directly. A workforce that is being phished, deepfaked, and breached at home shows up to work with reused passwords, compromised personal devices, and identity records already exposed on criminal markets. The defensive playbook for IT and security teams has three components.

First, treat device compliance as identity hygiene. Stolen credentials are most damaging when they land on an uncompliant device that bypasses conditional access. Continuous compliance posture on every endpoint, paired with hardware-bound credentials, neutralizes most account takeover attempts.

Second, get visibility into the shadow SaaS and AI tools employees are using. The ITRC's 2025 data shows financial services and healthcare as the most-breached industries, and many of those breaches originate at third-party vendors employees adopted without IT's knowledge. Surfacing and governing that tool sprawl shrinks the identity-exposure surface.

Third, line up compliance evidence with the framework that auditors will ask for. SOC 2, ISO 27001, and HIPAA controls around access management, device security, and incident response map directly onto the categories that drive identity theft losses. Pre-built evidence collection cuts the time it takes to demonstrate those controls during an audit.

For broader context on the trends above, see our password statistics and data breach statistics roundups.

How swif.ai helps

swif.ai gives IT and security teams a single console to enforce device, identity, and compliance controls across the macOS, Windows, and Linux endpoints behind the numbers above. Explore swif.ai mobile device management to see how it works.

Related Article

Insider Threat Statistics for 2026

May 29, 2026

·

8 inutes

MFA Statistics for 2026: Adoption Rates, Effectiveness, and the Push-Bombing Problem

May 29, 2026

·

10 minutes

Retail Cybersecurity Statistics for 2026: Breach Costs, Ransomware, Magecart, and Bot Attacks

May 29, 2026

·

12 minutes

  • VioletX, trusted customer of Swif.ai.
  • Eden Data, trusted customer of Swif.ai.
  • Topography health, trusted customer of Swif.ai.
  • VioletX, trusted customer of Swif.ai.
  • Eden Data, trusted customer of Swif.ai.
  • Topography health, trusted customer of Swif.ai.

Ready to unify your endpoint security and compliance?

Contact Sales
Best MDM software and unified endpoint management software symbolizing intelligent automation and secure device control

Product

PlatformMobile Device ManagementUnified MDMMDM for EducationApple MDMWindows MDMLinux MDMAndroid MDMNVIDIA Drive OSSmart GroupMSP PortalTrustClawShadow ITSwif browser extensionDevice CVE ReportRust Desk
Live TerminalSelf-service software portalCompliance BenchmarkCompliance DashboardOnboard / OffboardIT disposition

Solutions

EnterpriseFinTechHealthTechvCISOAccess ManagementOnboard / Offboard

Frameworks

SOC 2ISO 27001HIPAANIS 2

Integrations

SlackZoomGoogle workspaceDeelAzure ADVantaDrataThoropassSprintoDelveSecureFrame

Compare

vs Ripplingvs Jumpcloudvs Iruvs Jamfvs Addigyvs Mosylevs FleetDMvs Microsoft Intunevs Hexnodevs Google DM
vs Push Securityvs LayerX Securityvs Nudge Security

Company

AboutCareersPricingProduct roadmap
TermsPrivacy PolicySecurityEU Data Residency

Resources

BlogCase StudyNewsletterPartnersShadow IT ReportCybersecurity Health Checker tool
Release notesFAQStatus (Global)Status (EU)Help CenterTrust Center

Product

PlatformMobile Device ManagementUnified MDMMDM for EducationApple MDMWindows MDMLinux MDMAndroid MDMNVIDIA Drive OSSmart GroupMSP PortalTrustClawShadow ITSwif browser extensionDevice CVE ReportRust DeskLive TerminalSelf-service software portalCompliance BenchmarkCompliance DashboardOnboard / OffboardIT dispositionAccess ManagementOnboard / Offboard

Solutions

EnterpriseFinTechHealthTechvCISO

Frameworks

SOC 2ISO 27001HIPAANIS 2Access ManagementOnboard / Offboard

Integrations

SlackZoomGoogle workspaceDeelAzure ADVantaDrataThoropassSprintoDelveOktaComply JetWorkbrewSecureFrame

Compare

vs Ripplingvs Jumpcloudvs Iruvs Jamfvs Addigyvs Mosylevs FleetDMvs Microsoft Intunevs Hexnodevs Google DMvs Push Securityvs LayerX Securityvs Nudge Security
Contact Us

Resources

BlogCase StudyPodcastsNewsletterPartnersShadow IT ReportRelease notesFAQStatus (Global)Status (EU)Help CenterCybersecurity Health Checker toolTrust Center

Company

AboutCareersPricingProduct roadmapTermsPrivacy PolicySecurityEU Data Residency

© 2026 Swif, Inc. All rights reserved