Erika Harrell, PhD
BJS Statistician
January 2024, NCJ 307824
The Bureau of Justice Statistics collects information on types of identity theft, such as misuse of an existing account, misuse of personal information to open a new account, and misuse of personal information for other fraudulent purposes, through the Identity Theft Supplement (ITS), a supplement to the National Crime Victimization Survey. The ITS also captures information on data breach notifications. Data breaches are events in which files or data from an entity (company, government agency, or some other organization) are stolen, lost, or posted on a publicly available website. They represent one way that personal information can be stolen. When a data breach occurs, some entities notify persons whose information was exposed to warn them of potential identity theft.
Key Findings
- In 2021, 12% of all persons age 16 or older were notified that an entity with their personal information experienced a data breach in the prior 12 months (figure 1).
- Victims of identity theft (24%) were twice as likely as nonvictims (11%) to learn that an entity with their personal information experienced a data breach in the past year.1
- Victims of multiple types of identity theft (32%) were more likely than victims of existing credit card (25%), bank (16%), or email or social media account (23%) misuse to learn that an entity with their personal information experienced a data breach.
Figure 1. Persons age 16 or older who learned that an entity with their personal information experienced a data breach in the past 12 months, by whether or not they were victimized and type of identity theft, 2021
Note: Estimates are based on the most recent incident of identity theft that occurred in the 12 months prior to the interview. A data breach is an incident in which files or data of a company, government agency, or some other organization are stolen, lost, or posted on a publicly available website. In 2021, there were 263 million persons age 16 or older living in noninstitutionalized, residential settings in the United States. See appendix table 1 for estimates and standard errors.
*Comparison group.
†Difference with comparison group is significant at the 95% confidence level.
‡Difference with comparison group is significant at the 90% confidence level.
aIncludes misuse of personal information for fraudulent purposes other than opening a new account or the misuse of an existing account, such as filing a fraudulent income tax return, getting medical treatment, applying for a job, concealing the offender’s identity from police or another government authority (e.g., a Department of Motor Vehicles), applying for government benefits, or carrying out some other fraud.
Source: Bureau of Justice Statistics, National Crime Victimization Survey, Identity Theft Supplement, 2021.
Download CSV (3K)
Identity Theft Measures
Data in this report are from the 2021 Identity Theft Supplement (ITS) to the National Crime Victimization Survey. The 2021 ITS featured a redesigned questionnaire that was administered to persons age 16 or older from July through December 2021. It collected data from persons about their experience with identity theft and data breach notifications during the 12 months prior to the interview. For more information, see Victims of Identity Theft, 2021 (NCJ 306474, BJS, October 2023).
Type of identity theft | Percent of persons age 16 or older |
|
Total | 12.2% | 0.17% |
Nonvictims | 11.1% | 0.17% |
Identity theft victims | 24.0% | 0.63% |
Misuse of only one type of existing account | ||
| Credit card | 25.4%† | 1.10% |
Bank | 16.4† | 1.04 |
Email/social media | 23.1† | 1.43 |
Other | 27.0 | 2.48 |
Opened new account only | 27.6 | 3.31 |
Other misuse of personal informationa | 26.7‡ | 2.26 |
Multiple types of identity theft* | 31.6 | 1.70 |
Note: Estimates are based on the most recent incident of identity theft that occurred in the 12 months prior to the interview. A data breach is an incident in which files or data of a company, government agency, or some other organization are stolen, lost, or posted on a publicly available website. In 2021, there were 263 million persons age 16 or older living in noninstitutionalized, residential settings in the United States. Download CSV (3K) | ||
__________________
1The order of the data breach notification and any identity theft victimization was not collected in the 2021 ITS. It is only known that both occurred in the 12 months prior to the interview.
The Bureau of Justice Statistics of the U.S. Department of Justice is the principal federal agency responsible for measuring crime, criminal victimization, criminal offenders, victims of crime, correlates of crime, and the operation of criminal and civil justice systems at the federal, state, tribal, and local levels. BJS collects, analyzes, and disseminates reliable statistics on crime and justice systems in the United States, supports improvements to state and local criminal justice information systems, and participates with national and international organizations to develop and recommend national standards for justice statistics. Kevin M. Scott, PhD, is the acting director.
This report was written by Erika Harrell, PhD. Emilie Coen, DrPH, verified the report.
Maureen Stuart edited the report. Priscilla Fauntleroy and Tina Dorsey produced this report.
January 2024, NCJ 307824