US Identity Fraud Losses Hit $27.3 Billion in 2025 Amid Record Data Breaches

Identity fraud losses in the United States reached $27.3 billion in 2025, according to Javelin Strategy & Research's 2026 Identity Fraud Study. The figure marked a 19 percent increase from $27.2 billion in 2024.

Reports of identity theft to the Federal Trade Commission also rose in 2025. Through the first nine months of the year, those reports exceeded the full-year total of more than 1.1 million from 2024, based on the agency's Consumer Sentinel data.

The Identity Theft Resource Center recorded 3,322 data compromises in the United States in 2025, a record high. An ITRC consumer survey found that 80 percent of respondents received at least one breach notice in the prior 12 months. Of those, 88 percent faced negative consequences afterward, such as account takeover attempts.

Stolen data from breaches often takes time to fuel fraud. Criminals sell it to brokers, who combine it with other leaks and resell it to fraud rings for complete profiles. A Social Security number stolen in 2024 might not appear in fraud until 2026 or later, after free credit monitoring expires.

Several major breaches could drive future fraud. UnitedHealth confirmed in January 2025 that a Change Healthcare incident affected about 190 million people, exposing personal and health information in the largest known U.S. healthcare breach. Affected individuals received two years of free credit monitoring and identity theft protection, with an enrollment deadline of Aug. 26, 2025.

National Public Data, a background-check broker, suffered a 2024 breach that reportedly exposed up to 2.9 billion records, including Social Security numbers, addresses and relatives' information, though not all were unique or verified.

AT&T disclosed in July 2024 that hackers stole call and text records for about 109 million customer accounts from a third-party cloud platform. The data included numbers contacted and call times but not message contents. The breach tied into a broader Snowflake-linked campaign affecting other companies.

Thieves use stolen identities for synthetic fraud by pairing real Social Security numbers with fake names and birth dates to open credit lines. They also file fake tax returns, submit bogus medical claims, open new accounts or take over existing ones with stolen logins.

Standard protections have gaps. Credit freezes block new accounts but not tax or medical fraud. Free monitoring lasts one or two years, often expiring as fraud emerges. Dark web scans capture a single moment.

To reduce risks after a breach, consumers can freeze credit at Equifax, Experian and TransUnion, change reused passwords, enable multifactor authentication, monitor financial and medical accounts, and check free credit reports at AnnualCreditReport.com.

After free monitoring ends, paid services offer ongoing checks of credit bureaus, the dark web, data brokers and accounts to detect issues early.