Identity theft involves obtaining somebody else's identifying information and using it for a criminal purpose. Most often that purpose is to commit financial fraud, such as by obtaining loans or credits in the name of the person whose identity has been stolen. Stolen identifying information might also be used for other reasons, such as to obtain identification cards or for purposes of employment by somebody not legally authorized to work in the United States.
According to a United States Department of Justice study, in 2012 the direct and indirect cost of identity theft was estimated to be responsible for financial losses of $24.7 billion, approximately twice the $14 billion total cost of other property crimes. By 2014, losses to identity theft decreased to $15.4 billion, mostly due to a reduction in the number of high-value losses (the top 10% of cases). By 2016, the estimated cost of identity theft increased to $16 billion.
In 2012, identity theft affected approximately 16.6 million people, approximately 7% of the U.S. population aged 16 or older. In 2014, identity theft affected approximately 17.6 million people, again approximately 7% of the U.S. adult population. It was estimated that approximately one third of Americans affected by a data breach ended up becoming a victim of financial fraud in 2013, an increase from one ninth in 2010. When an existing credit card is exposed and then used for fraud, the average estimated loss is $1,251. When a Social Security number is exposed and then used to open new accounts, the average estimated loss increases to $2,330. In 2015, a private study performed by Javelin suggested that incidents of identity theft remained steady from 2014, and that the losses associated with each instance of identity theft had decreased slightly.
In 2012, identity theft was blamed for $4 billion of fraudulent tax refunds by the Internal Revenue Service (IRS) and 770,000 taxpayers have been the victims of tax identity theft by 2013. A public-private initiative by the IRS and employers in 2016 resulted in a 50% drop in incidents of taxpayer identity theft reports.
In calendar year 2016, the IRS stopped 883,000 confirmed identity theft returns. In 2022, the IRS indicted a man for identity theft and other crimes related to 76 fake charities registered to the same mailing address.
Medical identity theft
Medical identity theft involves the use of somebody else's identity or insurance information to obtain healthcare, or to bill for healthcare services that are not actually provided. It is estimated that medical identify theft can be more lucrative than credit card theft. At one black-market auction, a patient's medical record sold for $251, while credit card records sold for 33 cents.
Due to the ability of hackers to access customer data from large health insurance companies, concerns have been raised that health care companies are not doing enough to protect customer's financial and health data.
For purposes of identity theft, data breaches involve the unauthorized access of consumer data contained on computer systems, with the data being potentially subject to use for purposes of identity theft. The Identity Theft Resource Center said there were 662 data breaches in the United States in 2010, almost a 33% increase from the previous year. Between January, 2015 and September, 2017, the Identity Theft Resource Center estimates that there were 7,920 breaches affecting more than one billion records that could lead to identity theft.
On May 5, 2011, Michaels, a craft store chain, sent an email alert to its customers revealing that its debit card terminals in 20 states had been compromised. Customers who made PIN-based purchases between February 8 and May 6, 2011 may have had their data exposed. A class action lawsuit was filed against Michaels in the county court of Passaic, New Jersey over the incident. On April 17, 2014, Michaels confirmed a security breach at some of Michaels' stores and subsidiary Aaron Brothers from May 8, 2013 to February 27, 2014.
Between July and September 2011, a $13 million scam resulted in the arrest of 111 people. The scammers used skimming devices to swipe consumer credit card information at retail or food establishments. According to the Federal Trade Commission losses from identity theft in the United States cost about $1.52 billion in 2011. It is estimated that the IRS gave identity thieves $5 billion in refunds. 
On February 15, 2013, Rep. Debbie Wasserman Schultz (D, FL-23) introduced the Stopping Tax Offenders and Prosecuting Identity Theft Act of 2013 (H.R. 744; 113th Congress) into the United States House of Representatives. The bill would increase the penalties on identity thieves in the United States and change the definition of identity theft to include businesses and organizations instead of just individuals.
Large U.S. corporations, such as Target Corporation, Home Depot, Neiman Marcus and Barnes & Noble, have been in the news after their credit card system was hacked. In 2014, a malware intrusion at Staples resulted in a credit card breach. 119 stores were impacted between April and September 2014, and 1.16 million customer credit and debit cards may have been stolen.
In October 2014, President Barack Obama announced that debit cards that transmit federal benefits like Social Security to Americans will be equipped with a security chip replacing the magnetic strip. The U.S. government will also apply the security chips and personal identification numbers (PIN), to replace signatures of all government credit cards. The measure is expected to reduce fraud. USA Today reported that an estimated 100 million people having been affected by breaches in 2014.
In November 2014, Sony Pictures Entertainment suffered a data breach. On December 18, 2014, employees of Sony filed a class action lawsuit against their employer claiming that Sony failed to take necessary actions to secure its employees personal information. The lawsuit was filed in U.S. District Court for the Central District of California .
In 2015, there were 781 recorded data breaches in the United States, which compromised the security of over 169 million records. The frequency and severity of data breaches has led forty-seven states to pass security breach notification laws, to ensure that citizens are notified in a timely manner when their records have been exposed.
- List of data breaches
- 2017 Equifax data breach
- Adobe Systems security breach
- Anthem data breach
- Barnes & Noble data breach
- Home Depot system breach
- 2010 Medicaid fraud
- 2014 JPMorgan Chase data breach
- Michaels Data compromise
- Neiman Marcus data breach
- Sony Pictures Entertainment hack
- Target Security Breach
- Identity theft of Keith Alexander
- Identity theft of Ben Bernanke
- Identity theft of Robert Mueller
- Data privacy on HealthCare.gov
- Gene theft
- North Carolina Identity Theft Protection Act of 2005
- 2016 Yahoo Hack
- United States Postal Inspection Service
- United States Secret Service
- "What is Loan Fraud and How Does it Occur?". www.lifelock.com. Retrieved 2020-12-13.
- Guzzardi, Joe (3 July 2017). "Identity theft an overlooked wrinkle of illegal immigration". USA Today. Retrieved 25 September 2017.
- Harrell, Erika; Langton, Lynn (December 2013). "Victims of Identity Theft, 2012" (PDF). Bureau of Justice Statistics. U.S. Department of Justice. Retrieved 25 September 2017.
- Harrell, Erika (September 2015). "Victims of Identity Theft, 2014" (PDF). Bureau of Justice Statistics. U.S. Department of Justice. Retrieved 25 September 2017.
- Sullivan, Bob (6 February 2017). "Identity theft hit an all-time high in 2016". USA Today. Retrieved 25 September 2017.
- Bailey, Brandon (22 December 2014). "Pain of identity theft on victim is palpable". Detroit Free Press. Associated Press. Retrieved 25 September 2017.
- Pascual, Al; Marchini, Kyle; Miller, Sarah (2 February 2016). "2016 Identity Fraud: Fraud Hits an Inflection Point". Javelin. Retrieved 25 September 2017.
- "IRS refunded $4 billion to identity thieves last year, inspector general's report says". CBS News. Associated Press. 7 November 2013. Retrieved 25 September 2017.
- "IRS Combats Identity Theft and Refund Fraud on Many Fronts". Irs.gov. Retrieved 23 September 2016.
- McCoy, Kevin (3 November 2016). "IRS says 2016 crackdown helped slow identity theft, tax refund fraud". USA Today. Retrieved 25 September 2017.
- "Prepared Remarks of Commissioner John Koskinen at the Security Summit Press Briefing October 17, 2017 | Internal Revenue Service".
- Fahrenthold, David A.; Closson, Troy; Tate, Julie (2022-07-03). "76 Fake Charities Shared a Mailbox. The I.R.S. Approved Them All". The New York Times. ISSN 0362-4331. Retrieved 2022-08-10.
- Ollove, Michael (7 February 2014). "The Rise Of Medical Identity Theft In Healthcare". Kaiser Health News. Retrieved 25 September 2017.
- "Anthem Hacking Points to Security Vulnerability of Health Care Industry". The New York Times. 6 February 2015. Retrieved 23 September 2016.
- "Data Breach at Anthem May Forecast a Trend". The New York Times. 7 February 2015. Retrieved 23 September 2016.
- "Massive breach at health care company Anthem Inc". Usatoday.com. Retrieved 23 September 2016.
- Abelson, Reed; Goldstein, Matthew (5 February 2015). "Anthem Hacking Points to Security Vulnerability of Health Care Industry". Retrieved 25 September 2017.
- "Data Breaches". Identity Theft Resource Center. Retrieved 25 September 2017.
- "ID theft, data breaches jumped 33 percent in 2010". NBC News. 5 January 2011. Retrieved 23 September 2016.
- McClatchy News Service (May 14, 2011). "Michaels investigates customer data breach, replaces debit pads". Mail Tribune. Retrieved August 7, 2011.
- Fry, Chris (July 14, 2011). "Class Slams Michaels for Data Breach". Courthouse News Service. Retrieved August 7, 2011.
- "AG - Security Breaches - Target, Neiman Marcus, and Michaels". Michigan.gov. Retrieved 23 September 2016.
- "Couple Of Thieves: Man And Wife Duo Plead Guilty To Largest Identity Theft Case In U.S. History". Huffington Post. August 7, 2012.
- Skimming Off the Top; Why America has such a hiugh rate of payment-card fraud, 15 February 2014, The Economist
- "H.R. 744 - All Actions". United States Congress. Retrieved 8 September 2014.
- "South Florida Reps File Bills To Crackdown On Identity Theft". CBS Local - Miami. 15 April 2013. Retrieved 8 September 2014.
- Harris, Andrew M (December 11, 2014). "Target Hack Victims May Have U.S. to Blame For Losing Out". Bloomberg.
- "Staples: 6-Month Breach, 1.16 Million Cards — Krebs on Security". Krebsonsecurity.com. 2014-12-19. Retrieved 2016-09-25.
- Gordon, Marcy; Lederman, Josh (October 17, 2014). "Obama announces plan to tighten card security". USA Today.
- "Sony Pictures Hack: How to Avoid Identity Theft". Tomsguide.com. 3 December 2014. Retrieved 23 September 2016.
- Peterson, Andrea (December 19, 2014). "Lawsuits against Sony Pictures could test employer responsibility for data breaches". The Washington Post.
- "Sony Faces Employee Data Breach Class Action Lawsuit". Bigclassaction.com. Retrieved 23 September 2016.
- "P2PE: Point to Point Encryption for PCI Compliant Payments". Bluefin Payment Systems. Retrieved 2016-02-02.
- "Security Breach Notification Laws". Ncsl.org. Retrieved 2016-02-02.
- "Identity Theft | Consumer Information". Consumer.ftc.gov. 24 August 2012. Retrieved 25 September 2017.
- "Identity Theft | CRIMINAL-FRAUD | Department of Justice". Justice.gov. 2015-11-02. Retrieved 25 September 2017.