FTC says 8.3 million hit with identity theft

The Federal Trade Commission today released a survey showing that 8.3 million American adults, or almost 4% of all American adults, were victims of identity theft in 2005.  A Gartner study in  2006 said ID theft victims numbered 15 million victims.  

Of the 2005 victims, the FTC said 3.2 million experienced misuse of their existing credit card accounts; 3.3 million experienced misuse of non-credit card accounts; and 1.8 million victims found that new accounts were opened or other frauds were committed using their personal identifying information.

The survey found that the costs associated with identity theft varied widely. In at least half of all incidents, thieves obtained goods or services worth $500 or less. In 10 percent of cases, however, thieves got at least $6,000 worth of goods or services.  

The survey also gathered information about victims’ out-of-pocket expenses resulting from the theft of their identities. In more than half of the incidents, victims incurred no out-of-pocket expenses. Some victims, however, incurred substantial out-of-pocket expenses – 10% of all victims reported out-of-pocket expenses of $1,200 or more.

The survey also found that thieves obtained more goods and services – and victims spent more time and money recovering – in cases where the thief opened new accounts rather than only hijacking existing accounts. Where the theft was limited to the misuse of existing accounts, the median value of goods and services obtained by the thieves was less than $500. Where the thieves opened new accounts or committed other frauds, the median value of goods and services they obtained was $1,350.

According to the ID Theft Resource Center, the top states in terms of victims per capita are: New York, California, Nevada, Arizona, Washington, and Texas. The Id Analytics study 2007 includes Hawaii, Illinois, Oregon, and Michigan. 

Other findings included:

 ·          Seventeen percent of all ID theft victims said that their personal information was used to open at least one new account. The two most common types of accounts thieves opened were landline and wireless telephone service accounts.

·          Eighty-five percent of all ID theft victims reported that one or more of their existing accounts had been misused, including credit card, checking, or savings accounts; telephone service accounts; internet payment accounts; e-mail and other internet accounts; and medical insurance accounts.

·          Five percent said that their name and/or personal information was given to the police when the thief was stopped or charged with a crime. Three percent of victims said that the thief had obtained medical treatment, services, or supplies using their personal information. One percent reported that a thief misused their personal information to rent housing, obtain government benefits, or get a job.

·          Approximately 40 percent of victims whose identity theft was limited to the misuse of existing accounts discovered the misuse within one week of when it began. In contrast, nearly one-quarter of victims of new account and other frauds did not find out about the misuse of their information until at least six months after it started. 

 The U.S. Senate recently passed a bill that would let victims of online identity theft schemes seek restitution from criminals and expands the definition of cyberextortion.  The Senate passed the Identity Theft Enforcement and Restitution Act by unanimous consent Thursday. The bill, introduced a month ago by Senator Patrick Leahy, a Vermont Democrat, lets victims of identity theft seek restitution for the time they spend to fix the problems. T

he bill would allow prosecutors to go after criminals who threaten to take or release information from computers with cyberextortion, and it would allow prosecutors to charge cybercriminals with conspiracy to commit a cybercrime.  

Current law only permits the prosecution of criminals who seek to extort companies or government agencies by explicitly threatening to shut down or damage a computer.  The bill would also make it a felony to use spyware or keystroke loggers to damage 10 or more computers, even if the amount of damage was less than $5,000. In the past, damage of less than $5,000 was a misdemeanor.

Copyright © 2007 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022