In recent years, many Americans’ personal information has become compromised by big data breaches. In 2019 alone, prominent companies like WhatsApp, Quest Diagnostics, Microsoft, ASUS and Capital One have fallen victim to cybercriminals. According to the Identity Theft Resource Center’s most recent Data Breach Report, between January 1, 2005 and August 31, 2019, there have been 10,818 breaches. That accounts for over 1.6 billion records compromised.
The federal government and various businesses in recent years have taken more aggressive measures to build up our defenses. One big concern is not just hacking on the individual level, but cyberattacks by foreign governments to gain leverage. The United States recently signed a new cybersecurity agreement at the U.N., which condemns cyberattacks on civilian targets. Despite this, criminal strategies continue to evolve and grow in sophistication, keeping consumers vulnerable to identity theft and fraud.
But some Americans are more susceptible than others to such crimes. In order to determine who is most likely to be exposed to and affected by identity theft and fraud, WalletHub compared the 50 states and the District of Columbia across 15 key metrics. Our data set ranges from identity-theft complaints per capita to average loss amount due to fraud. Read on for our findings, tips for protecting your personal information and a full description of our methodology.
Main Findings
States With the Most Identity Theft & Fraud
|
Overall Rank* |
State |
Total Score |
‘Identity Theft’ Rank |
‘Fraud’ Rank |
‘Policy’ Rank |
|---|---|---|---|---|---|
| 1 | District of Columbia | 70.30 | 6 | 5 | 1 |
| 2 | California | 67.72 | 1 | 19 | 42 |
| 3 | Nevada | 65.41 | 13 | 2 | 22 |
| 4 | New Hampshire | 63.82 | 4 | 24 | 17 |
| 5 | South Carolina | 63.43 | 9 | 8 | 17 |
| 6 | Delaware | 63.26 | 24 | 1 | 33 |
| 7 | Louisiana | 62.45 | 2 | 38 | 42 |
| 8 | Texas | 62.43 | 3 | 28 | 42 |
| 9 | New York | 62.12 | 8 | 11 | 42 |
| 10 | Florida | 61.57 | 12 | 6 | 33 |
| 11 | Georgia | 61.05 | 5 | 27 | 42 |
| 12 | South Dakota | 60.66 | 14 | 10 | 5 |
| 13 | North Carolina | 60.12 | 15 | 9 | 15 |
| 14 | Tennessee | 58.71 | 27 | 4 | 22 |
| 15 | Montana | 58.28 | 10 | 20 | 42 |
| 16 | Minnesota | 57.13 | 17 | 13 | 17 |
| 17 | Oregon | 56.70 | 30 | 3 | 28 |
| 18 | Illinois | 55.87 | 7 | 42 | 49 |
| 19 | New Jersey | 55.73 | 19 | 21 | 1 |
| 20 | Connecticut | 53.40 | 11 | 45 | 33 |
| 21 | Alabama | 52.60 | 22 | 25 | 17 |
| 22 | Pennsylvania | 52.57 | 23 | 26 | 5 |
| 23 | Arizona | 52.56 | 26 | 12 | 49 |
| 24 | Colorado | 52.49 | 31 | 7 | 22 |
| 25 | Maryland | 52.45 | 16 | 29 | 38 |
| 26 | Rhode Island | 50.94 | 18 | 35 | 33 |
| 27 | Massachusetts | 50.13 | 20 | 44 | 5 |
| 28 | Mississippi | 49.96 | 28 | 31 | 5 |
| 29 | Idaho | 49.63 | 32 | 22 | 5 |
| 30 | Utah | 47.97 | 33 | 17 | 42 |
| 31 | Ohio | 47.89 | 25 | 47 | 17 |
| 32 | Indiana | 47.58 | 21 | 49 | 33 |
| 33 | Virginia | 46.70 | 34 | 18 | 51 |
| 34 | Michigan | 45.18 | 29 | 46 | 28 |
| 35 | Wisconsin | 43.87 | 36 | 41 | 15 |
| 36 | Alaska | 43.87 | 45 | 16 | 28 |
| 37 | Washington | 43.78 | 35 | 33 | 38 |
| 38 | New Mexico | 43.67 | 41 | 23 | 22 |
| 39 | Nebraska | 43.49 | 42 | 30 | 5 |
| 40 | Iowa | 43.39 | 44 | 15 | 38 |
| 41 | North Dakota | 42.97 | 48 | 14 | 5 |
| 42 | Missouri | 42.86 | 38 | 43 | 5 |
| 43 | Maine | 41.50 | 46 | 36 | 1 |
| 44 | Arkansas | 41.00 | 40 | 34 | 38 |
| 45 | Hawaii | 40.57 | 37 | 50 | 28 |
| 46 | Kansas | 40.33 | 43 | 37 | 28 |
| 47 | Oklahoma | 39.90 | 39 | 51 | 5 |
| 48 | West Virginia | 39.39 | 47 | 39 | 1 |
| 49 | Vermont | 37.45 | 49 | 32 | 22 |
| 50 | Wyoming | 34.80 | 50 | 40 | 5 |
| 51 | Kentucky | 31.86 | 51 | 48 | 22 |
*No. 1 = Most Vulnerable
Quick Tips for Avoiding Identity Theft & Fraud
- Emphasize Email Security: It’s obviously important to use strong passwords for all financial accounts, but you may not realize how essential it is to focus on email. Your primary email address will likely serve as your username and means of resetting your password on other websites. If it’s vulnerable, all of your other accounts will be, too. As a result, make sure to use an especially secure password and establish two-step verification for this account.
- Sign Up for Credit Monitoring: Credit monitoring is the best way to keep tabs on your credit report. It provides peace of mind in the form of alerts about important changes to your file, including potential signs of identity theft. WalletHub offers free monitoring of your TransUnion credit report.
- Leverage Account Alerts & Update Contact Info: Setting up online management for all of your financial accounts (e.g., credit cards, loans, Social Security), and keeping your phone number, email address and street address up to date will make them harder for identity thieves to hijack. Establishing alerts for changes to your contact info and other suspicious account activity will serve as a safeguard.
- Use Common Sense Online: Don’t open emails you don’t recognize. Don’t download files from untrustworthy sources. Don’t send account numbers and passwords via email or messenger applications. And don’t enter financial or personal information into websites that lack the “https” prefix in their URLs.
For more tips and information, check out WalletHub’s Identity Theft Guide.
Ask the Experts
As a cyber-oriented culture, it’s natural to wonder whether and how our daily habits assist hackers in stealing our personal information. We consulted a panel of experts for answers to such questions and advice on how to safeguard our data against cybercriminals. Click on the experts’ profiles to read their bios and thoughts on the following key questions:
- What can individuals do to guard against identity theft?
- How should consumers choose among third-party providers offering services to protect their identity and personal data?
- Should victims of identity theft be able to change their Social Security number? How can we make this number more difficult to steal and use (e.g., add more digits)?
- Is the recent expansion of social media facilitating identity thefts?
- Should the federal government intervene to establish a clear process for victims of identity theft looking to clear their name?
- What measures can authorities undertake in order to avoid cases like the recent Equifax leaks? Should credit bureaus be tested for security breaches by authorities on a regular basis? If so, would the Consumer Financial Protection Bureau play a larger role in regulation and enforcement of bureaus?
Ask the Experts
- Margaret McCoey
Assistant Professor and CIS/ITL Graduate Director, La Salle University
Read More
- Frederick Scholl
Director of Cybersecurity Program, Associate Teaching Professor of Cybersecurity, Quinnipiac University
Read More
- Bo Chen
Ph.D. – Assistant Professor, Department of Computer Science/College of Computing, Michigan Technological University
Read More
- Hossein Sarrafzadeh
Professor and Chair, Cybersecurity Department, Director, Western New York Cybersecurity Center, St. Bonaventure University
Read More
Methodology
In order to determine where American consumers are most vulnerable to identity theft and fraud, WalletHub compared the 50 states and the District of Columbia across three key dimensions: 1) Identity Theft, 2) Fraud and 3) Policy.
We evaluated those dimensions using 15 key metrics, which are listed below with their corresponding weights. Each metric was graded on a 100-point scale, with a score of 100 representing the most vulnerable.
Finally, we determined each state and the District’s weighted average across all metrics to calculate its overall score and used the resulting scores to rank-order our sample.
Identity Theft – Total Points: 47.5
- Identity-Theft Complaints per Capita: Full Weight (~15.83 Points)
- Change in Identity-Theft Complaints per Capita (2018 vs 2017): Full Weight (~15.83 Points)
- Average Loss Amount Due to Online Identity Theft: Full Weight (~15.83 Points)
Note: This metric was calculated using the following formula: Total Loss Amount / Total Number of Online Identity-Theft Complaints.
Fraud – Total Points: 47.5
- Fraud & Other Complaints per Capita: Full Weight (~9.50 Points)
- Change in Fraud & Other Complaints per Capita (2018 vs 2017): Full Weight (~9.50 Points)
- Median Loss Amount Due to Fraud: Full Weight (~9.50 Points)
Note: “Total reported amount paid” is based on the total number of fraud complaints for which the amount paid was reported by the victims. The amount paid ranges from $0 to $999,999. - Persons Arrested for Fraud per Capita: Full Weight (~9.50 Points)
- E-Commerce Attack Rates: Full Weight (~9.50 Points)
Policy – Total Points: 5.0
- Availability of Security-Freeze Law for Minors’ Credit Reports: Full Weight (~0.71 Points)
Note: This binary metric considers the presence or absence of legislation allowing parents, legal guardians or other representatives of minors to place a security freeze on the minor’s credit report. - Availability of Identity-Theft Passport Program : Full Weight (~0.71 Points)
Note: This binary metric considers the presence or absence of Identity-Theft Passport programs that help victims of identity theft reclaim their identity. When presented to a law-enforcement agency, an “identity-theft passport” allows a victim to prevent his or her arrest for offenses committed by an identity thief. - Compliance with REAL ID Act : Full Weight (~0.71 Points)
Note: According to the Department of Homeland Security, the REAL ID Act “establishes minimum security standards for license issuance and production and prohibits Federal agencies from accepting for certain purposes driver’s licenses and identification cards from states not meeting the Act’s minimum standards. The purposes covered by the Act are: accessing Federal facilities, entering nuclear power plants, and, boarding federally regulated commercial aircraft.”This binary metric considers a state’s compliance, noncompliance or extension of time to comply with the ACT. An extension allows a state to accept driver’s licenses and identification cards issued by that jurisdiction to accept those forms of identification for official purposes, under the condition that the state has provided adequate justification for noncompliance.
- Data Disposal Laws by State : Full Weight (~0.71 Points)
Note: This is a binary metric that measures the presence or absence of data disposal laws in each state. Businesses and government collect personal information and store it in various formats-digital and paper. Several states have enacted laws that require entities to destroy, dispose or otherwise make personal information unreadable or undecipherable. - Presence of State Laws Addressing "Phishing": Full Weight (~0.71 Points)
Note: This is a binary metric that measures the presence or absence of laws addressing “phishing” in a state. “Phishing” is a cybercrime in which a target is contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. - Presence of State Spyware Laws: Full Weight (~0.71 Points)
Note: This is a binary metric that measures the presence or absence of laws addressing “spyware” in a state. “Spyware” is classified as a type of malware, malicious software designed to gain access to or damage your computer, track your online activities or collect confidential information. - Presence of Statewide Cybersecurity Task Forces: Full Weight (~0.71 Points)
Note: This is a binary metric that measures the presence or absence of cybersecurity task forces in a state.
Sources: Data used to create this ranking were collected from the Federal Trade Commission, Internet Crime Complaint Center, Federal Bureau of Investigation, Department of Homeland Security, Experian Information Solutions and National Conference of State Legislatures.
Image: alexskopje / Shutterstock.com