Identity Theft Resource Center

Data breaches cause immediate anxiety for 60 percent of affected consumers and immediate frustration for 59 percent of affected consumers (2025)

The Identity Theft Resource Center tracks 3,322 data compromises in 2025 (2025)

The number of victim notices in 2025 is 278,827,933, a decrease of 79 percentage points from 2024 (1,367,117,021) (2025)

Fifty percent of affected consumers cite immediate financial fraud as their primary fear, and 54 percent of consumers report an increase in targeted phishing attempts after a breach (2025)

The number of data compromises in 2025 (3,322) increases by five percentage points compared to 2024 (3,152) (2025)

Data compromises in 2025 represent a 79 percent jump over five years (2025)

Seventy percent (2,324) of data breach notices in 2025 do not include attack information, compared to 65 percent (2,049) in 2024 and 45 percent (1,449) in 2023 (2023–2025)

The number of victim notices in 2025 (278,827,933) is the lowest number of victim notices since 2014 and the lowest number since the last U.S. state and territories adopted data breach laws in 2018 (2025)

The Identity Theft Resource Center sets a new record with 3,322 data compromises in 2025, up four percentage points from the previous all-time high in 2023 (3,202) (2025)

In 2025, Financial Services had 739 compromises; Healthcare had 534 compromises; Professional Services had 478 compromises; Manufacturing had 299 compromises; Education had 188 compromises (2025)

Eighty-eight percent of consumers who received a data breach notice experience at least one negative consequence after a breach; 40 percent experience an increase in phishing or scam attempts; 49 percent experience an increase in spam emails or robocalls; 40 percent experience attempted takeover of an existing account (2025)

Eighty percent of the 1,040 consumers surveyed by the Identity Theft Resource Center report having received a data breach notice in the last 12 months (2025)

Nearly 40 percent of the 1,040 consumers surveyed received three to five separate data breach notices in the past 12 months (2025)

AI-powered attacks were identified as a root cause in more than 40% of small business cyber events.

In 2025, more than 80% of small businesses reported being victims of cybercrime.

In 2025, only 38.4% of small business leaders felt 'very prepared' for a cyberattack, down from 56.5% in 2024.

62.5% of small businesses that suffered a breach reported a total financial impact of more than $250,000 in 2025.

36.7% of victims among breached small businesses faced costs exceeding $500,000.

81% of small businesses reported suffering a security breach, a data breach, or both in the past year.

38.3% of small business leaders reported raising prices to address the financial impacts of a cyber incident.

The implementation of critical security measures among small businesses declined from 33.6% in 2024 to 27.2% in 2025.

19.6 percent of self-identified victims in the general population reported losses under $500 in 2025.

From August 2024 to July 2025, the ITRC responded to requests for direct assistance from 4,122 individuals seeking help with identity theft, fraud, and scams.

25 percent of general consumers reported seriously considering self-harm as a way of dealing with identity theft, fraud, or scams in 2025.

More than 20 percent of ITRC victims reported losses exceeding $100,000 in 2025.

24.6 percent of general population victims reported being victimized three times within the past year in 2025.

31.5 percent of general population victims reported being victimized twice within the past year in 2025.

67.8 percent of self-identified victims reported seriously considering self-harm as a way of dealing with identity theft, fraud, or scams in 2025.

36.9 percent of self-identified victims in the general population reported losses exceeding $10,000 in 2025.

4 percent of individuals who self-identified as victims responded to an online survey in August 2025.

More than 10 percent of ITRC victims reported losses of at least $1 million in 2025.

1,033 general consumers completed a survey regarding identity crimes.

14.4 percent of ITRC victims reported seriously considering self-harm as a way of dealing with identity theft, fraud, or scams in 2025, which is a more than two percentage point increase from 2024.

15.2 percent of ITRC victims reported being victimized four or more times in 2025.

69% of 2025's breach notices did not include an attack vector. This is an increase from 65% for the full year 2024.

About 0.5% of all security breaches in the first half of 2025 were supply‑chain incidents, but these incidents generated nearly half of all breach notifications, affecting almost 700 companies.

1,732 data compromises were reported in the first half of 2025. This is about 5% ahead of H1 2024 in terms of compromises. It is also more reported compromises than at the halfway point in 2023, which was the previous high-water mark for data compromises.

78% of compromises reported in the first half of 2025 were true data breaches. These accounted for 69% of the breach notices issued in the first half of 2025.

H1 2025 compromises resulted in a little more than 165.7 million breach notices.

The number of victim notices through June 2025 is only 12% of the total for 2024. This is because there haven't been the same level of mega-breaches affecting hundreds of millions of people as seen last year.

Of attempted misuse attempts that involved financial accounts, 14% involved checking accounts.

New types of scams reported included toll road scams, which accounted for 3% of all reported scams.

For attempted misuse, thieves tried to open a new account (69%) more often than attempting to take over an existing account (31%).

Google Voice scams decreased by 84 percentage points and made up 9% of all scam reports.

There was a 754-percentage-point increase in reports of account takeover involving tech accounts.

The top methods of identity compromise reported were due to PII being shared in a scam, stolen documents with personal information, and unauthorized access to a computer or mobile device.

Individuals who reported stolen documents with personal information primarily reported stolen driver’s licenses, Social Security cards, payment cards, birth certificates, and phones or tablets.

Of those who contacted the ITRC, 35% reported personal information compromise.

Attempted misuse largely involved financial accounts (85%).

The ITRC saw a 31-percentage-point decrease in reported identity crimes (compromise, theft, and misuse) compared to the previous year.