In recent years, many Americans’ personal information has become compromised by big data breaches. In 2022, the average data breach in the U.S. cost $9.44 million and took 277 days to identify and contain. Several big companies and organizations were impacted, including Microsoft, Cash App and the Red Cross.
Each new year brings new strategies taken by identity thieves and fraudsters, but older schemes, such as tech support scams and fake IRS calls, still abound. Some Americans are more susceptible than others to such crimes, though. In order to determine who is most likely to be exposed to and affected by identity theft and fraud, WalletHub compared the 50 states and the District of Columbia across 14 key metrics. Our data set ranges from identity-theft complaints per capita to the average loss amount due to fraud.
Main Findings
States With the Most Identity Theft & Fraud
Overall Rank* |
State |
Total Score |
Identity Theft |
Fraud |
Policy |
---|---|---|---|---|---|
1 | District of Columbia | 65.07 | 10 | 2 | 1 |
2 | Delaware | 64.84 | 14 | 1 | 32 |
3 | Louisiana | 64.11 | 2 | 8 | 41 |
4 | Rhode Island | 61.36 | 1 | 25 | 32 |
5 | Colorado | 59.89 | 3 | 15 | 19 |
6 | Pennsylvania | 59.68 | 8 | 12 | 3 |
7 | Georgia | 57.80 | 11 | 7 | 41 |
8 | Alabama | 56.42 | 28 | 3 | 13 |
9 | Florida | 56.26 | 18 | 6 | 32 |
10 | New York | 56.07 | 4 | 19 | 41 |
11 | Maryland | 55.89 | 7 | 14 | 37 |
12 | Texas | 55.74 | 5 | 17 | 41 |
13 | California | 54.76 | 6 | 18 | 41 |
14 | Nevada | 52.15 | 33 | 4 | 19 |
15 | Nebraska | 51.57 | 12 | 30 | 11 |
16 | Minnesota | 51.08 | 17 | 21 | 26 |
17 | Tennessee | 50.76 | 29 | 11 | 19 |
18 | Illinois | 50.33 | 16 | 24 | 48 |
19 | South Carolina | 50.24 | 31 | 10 | 13 |
20 | Ohio | 49.84 | 9 | 39 | 13 |
21 | Mississippi | 49.80 | 22 | 22 | 13 |
22 | New Jersey | 49.66 | 20 | 27 | 3 |
23 | Virginia | 48.31 | 19 | 16 | 51 |
24 | Vermont | 47.95 | 15 | 40 | 19 |
25 | Oregon | 47.17 | 37 | 9 | 37 |
26 | Massachusetts | 47.02 | 23 | 33 | 3 |
27 | Kansas | 46.60 | 13 | 45 | 26 |
28 | Missouri | 46.24 | 21 | 41 | 3 |
29 | Arizona | 46.17 | 24 | 26 | 48 |
30 | Alaska | 45.90 | 45 | 5 | 26 |
31 | Michigan | 45.01 | 25 | 34 | 26 |
32 | North Carolina | 44.96 | 32 | 23 | 19 |
33 | South Dakota | 44.20 | 41 | 20 | 3 |
34 | North Dakota | 43.21 | 44 | 13 | 3 |
35 | New Hampshire | 42.55 | 39 | 28 | 13 |
36 | Hawaii | 42.40 | 34 | 29 | 26 |
37 | Kentucky | 42.25 | 26 | 48 | 19 |
38 | Connecticut | 41.29 | 27 | 46 | 32 |
39 | Idaho | 40.83 | 38 | 36 | 3 |
40 | Wisconsin | 40.55 | 35 | 43 | 11 |
41 | New Mexico | 39.25 | 36 | 42 | 19 |
42 | Iowa | 38.24 | 30 | 50 | 37 |
43 | West Virginia | 37.53 | 40 | 49 | 1 |
44 | Utah | 37.49 | 42 | 32 | 41 |
45 | Washington | 36.97 | 43 | 35 | 37 |
46 | Oklahoma | 34.50 | 48 | 31 | 26 |
47 | Wyoming | 34.19 | 47 | 44 | 3 |
48 | Maine | 33.51 | 50 | 38 | 13 |
49 | Indiana | 32.47 | 49 | 37 | 32 |
50 | Arkansas | 29.37 | 46 | 51 | 48 |
51 | Montana | 26.58 | 51 | 47 | 41 |
*No. 1 = Most Vulnerable
With the exception of “Total Score,” all of the columns in the table above depict the relative rank of that state, where a rank of 1 represents the worst conditions for that metric category.

- Most
- T-1. Rhode Island
- T-1. Kansas
- T-1. Illinois
- 4. Louisiana
- 5. Georgia

- Fewest
- 47. Alaska
- 48. Iowa
- 49. Wyoming
- 50. Montana
- 51. South Dakota

- Highest
- T-1. Vermont
- T-1. Nebraska
- T-1. California
- 4. Massachusetts
- 5. Minnesota

- Lowest
- 47. Alaska
- 48. Rhode Island
- 49. Indiana
- 50. Montana
- 51. Nevada

- Most
- 1. District of Columbia
- 2. Georgia
- 3. Maryland
- 4. Delaware
- 5. Nevada

- Fewest
- 47. Wyoming
- 48. Nebraska
- 49. Iowa
- 50. North Dakota
- 51. South Dakota

- Highest
- 1. Hawaii
- 2. Nevada
- T-3. Alaska
- T-3. California
- 5. Florida

- Lowest
- 47. Ohio
- 48. Missouri
- T-49. Kentucky
- T-49. West Virginia
- 51. Vermont
Quick Tips for Avoiding Identity Theft & Fraud
- Emphasize Email Security: It’s obviously important to use strong passwords for all financial accounts, but you may not realize how essential it is to focus on email. Your primary email address will likely serve as your username and means of resetting your password on other websites. If it’s vulnerable, all of your other accounts will be, too. As a result, make sure to use an especially secure password and establish two-step verification for this account.
- Sign up for Credit Monitoring: Credit monitoring is the best way to keep tabs on your credit report. It provides peace of mind in the form of alerts about important changes to your file, including potential signs of identity theft. WalletHub offers free monitoring of your TransUnion credit report.
- Leverage Account Alerts & Update Contact Info: Setting up online management for all of your financial accounts (e.g., credit cards, loans, Social Security), and keeping your phone number, email address and street address up to date will make them harder for identity thieves to hijack. Establishing alerts for changes to your contact info and other suspicious account activity will serve as a safeguard.
- Use Common Sense Online: Don’t open emails you don’t recognize. Don’t download files from untrustworthy sources. Don’t send account numbers and passwords via email or messenger applications. And don’t enter financial or personal information into websites that lack the “https” prefix in their URLs.
For more tips and information, check out WalletHub’s Identity Theft Guide.
Ask the Experts
As an internet-oriented culture, it’s natural to wonder whether and how our daily habits assist hackers in stealing our personal information. We consulted a panel of experts for answers to such questions and advice on how to safeguard our data against cybercriminals. Click on the experts’ profiles to read their bios and thoughts on the following key questions:
- What can individuals do to guard against identity theft?
- Should victims of identity theft be able to change their Social Security number? How can we make this number more difficult to steal and use (e.g., add more digits)?
- What are some common scams and fraud attempts people should be vigilant about?
- Is the expansion of social media facilitating more identity thefts?
- Should the Federal government intervene to establish a clear process for victims of identity theft looking to clear their name?
Ask the Experts
Ph.D. – Distinguished Teaching Professor (Tenured), Director – Cyber Security Laboratory, Computer Science and Engineering – J.B. Speed School of Engineering, University of Louisville
Read More
Assistant Professor of Technology and Cybersecurity; Director, USM Cybersecurity Awareness, Research, and Education Support (CARES) Center; Coordinator: Cybersecurity Graduate Studies; Trustee for the Beta Xi Chapter, Epsilon Pi Tau Technology Honor Society; Department of Technology – University of Southern Maine
Read More
Professor, School for the Future of Innovation in Society and Professor, School of Computing and Augmented Intelligence – Arizona State University
Read More
Methodology
In order to determine where American consumers are most vulnerable to identity theft and fraud, WalletHub compared the 50 states and the District of Columbia across three key dimensions: 1) Identity Theft, 2) Fraud and 3) Policy.
We evaluated those dimensions using 14 key metrics, which are listed below with their corresponding weights. Each metric was graded on a 100-point scale, with a score of 100 representing the most vulnerable.
Finally, we determined each state and the District’s weighted average across all metrics to calculate its overall score and used the resulting scores to rank-order our sample.
Identity Theft – Total Points: 47.5
- Identity-Theft Complaints per Capita: Full Weight (~15.83 Points)
- Change in Identity-Theft Complaints per Capita (2021 vs 2020): Full Weight (~15.83 Points)
- Average Loss Amount Due to Online Identity Theft: Full Weight (~15.83 Points)
Note: This metric was calculated using the following formula: Total Loss Amount / Total Number of Online Identity-Theft Complaints.
Fraud – Total Points: 47.5
- Fraud & Other Complaints per Capita: Full Weight (~9.50 Points)
- Change in Fraud & Other Complaints per Capita (2021 vs 2020): Full Weight (~9.50 Points)
- Median Loss Amount Due to Fraud: Full Weight (~9.50 Points)
Note: “Total reported amount paid” is based on the total number of fraud complaints for which the amount paid was reported by the victims. The amount paid ranges from $1 to $999,999. - Persons Arrested for Fraud per Capita: Full Weight (~9.50 Points)
- E-Commerce Attack Rates: Full Weight (~9.50 Points)
Policy – Total Points: 5.0
- Availability of Security-Freeze Law for Minors’ Credit Reports: Full Weight (~0.83 Points)
Note: This binary metric considers the presence or absence of legislation allowing parents, legal guardians or other representatives of minors to place a security freeze on the minor’s credit report. - Availability of Identity-Theft Passport Program: Full Weight (~0.83 Points)
Note: This binary metric considers the presence or absence of Identity-Theft Passport programs that help victims of identity theft reclaim their identity. When presented to a law-enforcement agency, an “identity-theft passport” allows a victim to prevent his or her arrest for offenses committed by an identity thief. - Data Disposal Laws by State: Full Weight (~0.83 Points)
Note: This is a binary metric that measures the presence or absence of data disposal laws in each state. Businesses and government collect personal information and store it in various formats-digital and paper. Several states have enacted laws that require entities to destroy, dispose or otherwise make personal information unreadable or undecipherable. - Presence of State Laws Addressing "Phishing": Full Weight (~0.83 Points)
Note: This is a binary metric that measures the presence or absence of laws addressing “phishing” in a state. “Phishing” is a cybercrime in which a target is contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. - Presence of State Spyware Laws: Full Weight (~0.83 Points)
Note: This is a binary metric that measures the presence or absence of laws addressing “spyware” in a state. “Spyware” is classified as a type of malware, malicious software designed to gain access to or damage your computer, track your online activities or collect confidential information. - Presence of Statewide Cybersecurity Task Forces: Full Weight (~0.83 Points)
Note: This is a binary metric that measures the presence or absence of cybersecurity task forces in a state.
Sources: Data used to create this ranking were collected from the Federal Trade Commission, Internet Crime Complaint Center, Federal Bureau of Investigation, Experian Information Solutions and National Conference of State Legislatures.