About 8.3 million US residents -- nearly 4 percent of the nation's population -- were victims of identity theft in 2005, but few victims identified computer-related crime as the culprit, according to a US Federal Trade Commission report released this week.
The FTC data, obtained through telephone surveys, found that 56 percent of ID theft victims didn't know how their personal information was stolen. Only 1 percent of victims identified computer hacking as the cause of the ID theft, and another 1 percent identified a computer-based phishing attack, where ID thieves typically send out bogus e-mails that look like they come from banks or retailers and ask for log-in information.
Sixteen percent of the victims knew the ID thieves personally, and 7 percent said the data loss came from a purchase or financial transaction, including online, in-person and mail purchases. Five percent of victims said their data was taken from a company that held their personal information, according to the FTC report.
"Whether you're from Malibu or Manhattan, Tacoma or Tallahassee, no one is immune to identity theft," Lydia Parnes, director of the FTC's Bureau of Consumer Protection, said in a statement. "The important thing is that people learn how to deter identity thieves, detect suspicious activity on their financial records, and defend against the crime, should it happen."
The FTC, in a similar study, estimated there were about 10 million ID theft victims in the US in 2003. The average amount of money obtained per theft fell as well, from US$4,789 in 2003 to US$1,882 in 2005.
The costs of ID theft varied significantly in the new survey. In more than half of the incidents, the thieves got away with $500 or less, but in 10 percent of the cases, the thieves netted US$6,000 or more, the FTC said.
In more than half of the cases, the victims incurred no out-of-pocket expenses, but in 10 percent of cases, the victims reported out-of-pocket costs of US$1,200 or more.
The survey also asked victims to estimate the time they spent clearing up the problems caused by the ID theft. The average was four hours, but about 10 percent of victims spent 55 hours or more, and about 5 percent spent at least 130 hours.
Thirty-seven percent of victims reported experiencing problems beyond the time they spent recovering out-of-pocket expenses. The problems included being harassed by debt collectors, being denied new credit, being unable to use existing credit cards, being unable to get loans, having their utilities cut off, being subject to a criminal investigation or civil suit, being arrested, and having difficulties obtaining or accessing bank accounts.
Seventeen percent of all ID theft victims said that their personal information was used to open at least one new account. The two most common types of accounts thieves opened were telephone service accounts, reported by 8 percent of victims; and credit card accounts, reported by 7 percent of victims.
While 85 percent of the victims reported that one or more of their existing accounts had been misused, 12 percent reported that their information was misused in other ways. Five percent said that their personal information was given to the police when the thief was stopped or charged with a crime. Three percent of victims said that the thief had obtained medical treatment, services or supplies.
The FTC has a publication, "To Buy or Not To Buy: Identity Theft Spawns New Products and Services To Help Minimize Risks," to help consumers evaluate whether they should initiate fraud alerts or credit freezes or buy identity theft products and services such as credit monitoring.
The study was conducted through interviews using a random-digit-dialing sampling methodology. More than 4,900 telephone interviews were conducted between March 27 and June 11, 2006.