Identity Theft Statistics: UK & Worldwide Cyber Crime by the Numbers

by - Last Updated on May 16, 2019

There are very few people nowadays that don’t have some kind of online presence. And this means that any one of us could be the victim of identity theft. Identity theft is far from being a new crime, but with more of us conducting personal business and storing data online, it’s a crime that’s becoming increasingly easy to pull off. What exactly is identity theft? How prevalent is it? How can you protect yourself? That’s what we’re here to find out.

What Is Identity Theft?

Identity theft is a very broad crime. In basic terms, it means getting hold of personal identifying data that allows a thief to assume the identity of someone else. This might be as simple as finding an email password that allows someone to send an email in your name, or as serious as stealing addresses, credit card numbers, and other data in order to take out loans, credit cards, and even mortgages in the name of another person. Identity theft is a real risk, and it’s something that happens every day.

According to CIFAS (the Credit Industry Fraud Avoidance Scheme) and their annual Fraudster report on fraud in the UK, there were 174,523 incidents of identity fraud in the UK in 2017. Eight out of ten of these cases occurred online. This is a 1% rise over 2016 and a massive 125% rise over 2007. Identity theft is a growing problem.

Identity Theft: A Serious Problem

The numbers are pretty frightening, and identity theft is not something that we’re overestimating here. Just take a look at some of these figures:

  • In 2016 in the US, a whopping 791 million identities were stolen.
  • In 2015, 4 million accounts were taken over (where thieves gain access to accounts and change passwords so owners can no longer access them), leading to losses of over $2 billion.
  • In the US, identity theft represents 13% of criminal complaints recorded by the Consumer Sentinal Network.
  • CIFAS reports that almost 500 identities are stolen every day in the UK.

Who Is At Risk?

The truth is that anyone is at risk, as the statistics clearly show. No one is safe from identity fraud, no matter your demographic:

  • People with social media accounts (Facebook, Instagram, Twitter) face a 46% higher risk than those without
  • The identities of 3 million children were stolen in the last year
  • 61% of complaints about identity fraud come from those aged 30 to 59
  • A 2017 report from the Australian Payment Network found that over 55s, who traditionally have been more at risk from phone and email scams, are now experiencing a growing rate of identity theft
  • CIFAS found that men were more at risk than women (62% of men versus 38% of women)M

More Worrying Identity Theft Statistics for 2019

  • Americans are the most likely targets of identity theft (791 million cases in 2016), with the French being second most likely (85 million cases)
  • The Consumer Sentinel Network dealt with 1.1 million cases of fraud including identity theft in 2017, with a total loss of $905 million
  • Younger people reported more identity thefts than older people (40% of cases came from those aged 20 to 29), but older people reported losing more money (an average of $1080 per case in those aged over 80, as opposed to an average of $400 in those aged 20 to 29)
  • Account takeovers (when thieves gain access to accounts and change passwords) are the fastest growing sector of identity theft, with a massive 61% increase across 2015
  • Account takeovers resulted in $2 billion of losses in 2015 alone
  • Use of social media increases chances of identity theft, with those using sites like Facebook, Snapchat, and Instagram 46% more likely to have their identity stolen
  • The number of identity theft reports increased by 37% between 2014 and 2016
  • But 13% of those reporting identity theft did NOT want an official police report taken
  • 65% of consumers were victims of identity theft in 2017
  • Though using a VPN is a proven way of protecting online activities and defending against identity theft, 75% of people do NOT use VPNs
  • 87% of people have left their personal information exposed at some point when using online bank accounts, emails, or other important apps
  • 60% of people believe that their information is safe when they connect to public WiFi in restaurants, train stations, hotels and other places
  • In the US identity theft makes up 13% of all recorded criminal complaints
  • 52% of small business don’t invest anything in cyber theft security, and 31% don’t take any active precautions at all against cyber theft
  • Half of all Americans think that identity thieves will not be interested in them because they have poor credit
  • In the last year, a massive 978 million adults across the world have been victims of cybercrime
  • In the UK, 500 identity fraud cases are reported every day
  • Credit and debit card related fraud rose 6% in the last year
  • Credit card fraud represents 33% of identity theft cases in the US
  • $96 million was lost in the US last year through credit card fraud alone
  • 43% of Americans admit to shopping online using public WiFi
  • 33% of Americans admit to sharing login information and passwords with others
  • 25% of identity theft cases relate to newly opened accounts, whilst only 7% relate to existing credit card accounts
  • 40% of data taken during data breaches in 2016 was personal financial data
  • 13% of British consumers think it’s okay to use someone else’s credit card

What Exactly is Happening?

Identity theft occurs when a thief gains information about you that can then be used for financial gain. The truly terrifying thing about identity theft is that the smallest piece of your data can be used against you. This might be your credit card number, your home address, even your phone number. It could be passwords to your email accounts, or online banking. Once a thief has collected the information he needs about you, he can then use it in a variety of ways. He may use it to take out a credit card or loan in your name, for example. He could use it to get a driving licence or even a passport. The possibilities are truly endless. According to ActionFraud, the UK police fraud division, identity theft is used to:

  • open bank accounts
  • get credit cards, loans, and state benefits
  • take over existing accounts
  • order goods in your name
  • get passports, driving licenses and personal documents
  • take out mobile phone contracts

To illustrate how easily this can happen: think about how often you’re asked to create a security question involving, say, your mother’s maiden name. Now think how easy it would be for someone to find your mother’s maiden name using only public records. Once a thief has the information he needs to successfully answer that security question that protects your online banking site, for example, he’s able to get into your finances. One small piece of seemingly unimportant information could be enough to empty your bank account. We’re not talking super hackers here, we’re talking about patient researchers who are simply looking for information.

However, CIFAS has found that the most common use for data stolen in the UK is telecoms, online retail, and insurance. This means that in the UK your identity is most likely to be used to get a mobile phone contract, for example, or to open an online account with a retailer like Amazon, or to take out short-term loans. This is simply because these things are easier to do, and checks are less stringent than when taking out a major credit card, for instance.

CIFAS also reports that a growing trend is for thieves to access emails or bank statements, and then pose as someone you have already had contact with to get more information. Perhaps they pose as a builder you have recently hired and ask for your credit card number, for example. This is a form of phishing and is an effective way to get personal data.

What Are the Consequences of Identity Theft?

The most obvious consequence of identity theft is financial. You may find your bank accounts drained, your credit cards run up, or even with massive debts in your name. As part of this, you may find that your credit score has been ruined, making it difficult to apply for contracts, loans, mortgages, and new credit cards.

However, there can be other consequences. In some cases, particularly in the US, thieves have taken on the identity of an innocent person and gone on to commit crimes that the innocent person has then been arrested for. Consequences may also be a question of reputation, particularly if someone has taken over your email accounts or social media accounts and posted things in your name.

The consequences of identity theft can take months or even years to uncover and sort through, and clearing your name (and credit report) completely may not be possible.

Why Does This Happen?

The basic reason that identity theft happens is that we are not always as vigilant about protecting our data as we should be. Take a look at some of these statistics:

  • A study by Experian found that 33% of adults shared account names and passwords with other people
  • The same Experian study found that 43% of people had shopped online using public WiFi
  • 75% of people don’t use a VPN (virtual private network) when on WiFi, despite the fact that this is a proven security measure to prevent data leaking
  • A study by cybersecurity firm Semantic found that a massive 87% of people have at some time left their personal data exposed (perhaps leaving an open website on the screen when stepping away) when accessing their emails, bank accounts, or other financial information

Without the knowledge to protect yourself, and the willingness to follow through with basic online security, you too could be a victim of identity theft.

How to Protect Yourself from Online Identity Theft

There are several things you can do to protect yourself from identity theft:

  • Always choose strong, secure passwords for your online accounts, you can find more information on how to do this here
  • When shopping or using sites that require payment information look for a padlock symbol next to the address bar of your browser and a web address that starts with “https:” Both these things indicate a secure payment page
  • Never share your passwords with anyone
  • Be sure that no one is looking at your screen when you enter passwords, and that you never leave sensitive information on the screen when you leave your computer or mobile
  • Ensure you have solid, up to date anti-virus, firewall, and security software on your computer, and that you have the appropriate privacy setting enabled
  • Never give out personal information, even something as simple as your address, without first verifying the identity of the person you’re given the data too
  • Avoid using public or open WiFi spots to access any personal information (such as banking apps) and considering using a VPN to encrypt and keep your internet browsing anonymous
  • Consider using a dual SIM phone and using one sim as a burner number for use when shopping, account creation etc, rather than using your primary phone number. We recommend a pay as you go SIM for this as they are geared toward light usage.

In addition, ActionFraud, the UK anti-fraud police department, also recommend that you:

  • Never trust emails with links that pretend to be from banks, retail services asking for credit card information, or credit card companies. Always call the company involved directly to ensure that you’re not being scammed
  • Destroy or shred any papers that may have passwords, credit card information, or any other personal details on them
  • Wherever possible increase credit card security by signing up for Verified by Visa or Mastercard Secure Code to add an extra layer of security to online shopping
  • Regularly check your credit report to ensure that there are no unauthorised entries (you can do this easily through Experian, Equifax, or TransUnion)
  • If you receive bills, receipts, calls, or other information about goods or services you have not purchased, be sure to follow up by calling the company involved to find out whether someone has purchased things in your name

If you need further advice about protecting yourself from fraud you can call ActionFraud at 0300 123 2040 to talk to a specialist fraud adviser.

How Do I Know If My Identity Has Been Stolen?

In all honesty, it can be very difficult to know if your identity has been stolen, right up until the consequences get very bad indeed. But if you’re especially vigilant, you might be able to nip things in the bud. Here are some things to look out for:

  • You find entries on your bank statements or credit reports that you had no knowledge of
  • You are called by debt collectors, or even have the bailiff knocking at the door when you have no debt
  • You don’t receive bills that you’ve been expecting
  • You receive bills for accounts that you didn’t open
  • You receive goods that you didn’t order (meaning the thieves ordered goods but failed to intercept them before they got to you)
  • You are denied for a credit card, loan, mobile contract, or another service when you know that you have good credit
  • You are refused access to online accounts because your password is not recognised (and you have not changed it)
  • You are refused benefits (such as child allowance) due to a “double claim” (meaning the thief has already applied for and accepted those benefits in your name)
  • You get alerts/emails from accounts such as Gmail saying that someone has logged into your account and you know it wasn’t you
  • You get an increased amount of junk mail, particularly for luxury items or things that you wouldn’t necessarily buy

Again, identity theft can be difficult to diagnose, and none of the above definitely mean that you have had your data stolen. Be aware, check your statements and bills, and regularly order a credit report to ensure that your financial status is as it should be.

What Should I Do If I Think My Identity Has Been Stolen?

If you suspect that your identity has been stolen, then there are several steps that you should take:

  • Report the theft or illicit use of any accounts or cards to the institution that issued them (your bank, your credit card company, etc.)
  • Contact your bank or other financial institution and tell them you’re the victim of identity fraud, they will begin their own investigations
  • Contact ActionFraud either using their online form or by calling 0300 123 2040, who will advise you on which specific institutions to contact, and what your next steps should be
  • Request a copy of your credit report from any of the credit reporting agencies, then contact the relevant reporting agencies with any entries that you want to dispute to help improve your credit score again
  • You can also contact CIFAS to ask for “protective registration.” This means that extra checks will be made when anyone using your identity (including you) applies for financial services
  • Do NOT ignore any court summons, debt collector calls, or bailiff visits. Should you receive any of these, contact ActionFraud on the number above for advice on what to do.

Do not panic. This process may seem overwhelming, but ActionFraud, in particular, will lead you through all the specific steps that you need to take in your personal situation. Should fraud be proved you are unlikely to be responsible for any debts incurred in your name.

Big Companies and Data Breaches

Identity fraud isn’t only a personal matter. Occasionally, big companies have data breaches, meaning customer or consumer data is leaked or stolen. Identity theft can occur using information gained from one of these breaches.

There is no real way that you can protect yourself from this happening (since the fault is on the side of the company that is breached, rather than on you). Sticking with reputable, well-known companies for financial matters, however, should help avoid more serious consequences. However, even large, reputable companies do get breaches from time to time.

If a data breach does occur the company in question should inform you either by mail or email. It is then your job to ensure that any data leaked about you cannot be used against you. This could mean changing a password for an account or keeping a close eye on your bank statements or credit reports for a while to ensure nothing is going wrong. It all depends on the situation and what kind of data was leaked. If you are in any doubt about what to do, simply call the company in question and ask for advice. Any communication they sent you regarding the data breach should include contact information.

Identity Theft: The Bottom Line

With over 500 identities being compromised every day in the UK alone, identity theft is a rapidly growing problem. There is no 100% guarantee that this will not happen to you. But being aware of the problem, potential solutions, and signs of your identity being compromised should all help minimise the consequences. Stay alert, and remember, online data is never completely secure.