In recent years, many Americans’ personal information has become compromised by big data breaches. While the number of breaches is down in 2020, several big companies have been impacted, including Marriott and Nintendo. According to the Identity Theft Resource Center’s most recent Data Breach Report, between January 1, 2005 and May 31, 2020, there have been 11,762 breaches. That accounts for over 1.6 billion records compromised.
Each new year brings new strategies taken by identity thieves and fraudsters. For example, this year, there has been a lot of identity theft and scamming related to federal stimulus payments during the COVID-19 pandemic. Plenty of other schemes, such as tech support scams and fake IRS calls, also abound.
Some Americans are more susceptible than others to such crimes, though. In order to determine who is most likely to be exposed to and affected by identity theft and fraud, WalletHub compared the 50 states and the District of Columbia across 14 key metrics. Our data set ranges from identity-theft complaints per capita to the average loss amount due to fraud. Read on for our findings, tips for protecting your personal information and a full description of our methodology.
Main Findings
States With the Most Identity Theft & Fraud
|
Overall Rank* |
State |
Total Score |
‘Identity Theft’ Rank |
‘Fraud’ Rank |
‘Policy’ Rank |
|---|---|---|---|---|---|
| 1 | Florida | 72.33 | 1 | 8 | 32 |
| 2 | South Carolina | 70.43 | 2 | 15 | 16 |
| 3 | Delaware | 70.02 | 15 | 1 | 32 |
| 4 | Nevada | 67.15 | 13 | 2 | 22 |
| 5 | New Jersey | 65.34 | 6 | 23 | 3 |
| 6 | California | 65.02 | 5 | 19 | 41 |
| 7 | New York | 65.00 | 9 | 5 | 41 |
| 8 | Georgia | 63.17 | 4 | 30 | 41 |
| 9 | Arkansas | 60.77 | 3 | 47 | 48 |
| 10 | District of Columbia | 60.64 | 22 | 4 | 1 |
| 11 | Pennsylvania | 60.02 | 12 | 22 | 3 |
| 12 | Maryland | 59.15 | 11 | 16 | 37 |
| 13 | Utah | 58.84 | 10 | 21 | 41 |
| 14 | North Carolina | 58.66 | 14 | 17 | 14 |
| 15 | Louisiana | 57.60 | 7 | 48 | 41 |
| 16 | Texas | 57.57 | 8 | 44 | 41 |
| 17 | Nebraska | 57.42 | 21 | 13 | 3 |
| 18 | Mississippi | 56.76 | 16 | 26 | 3 |
| 19 | Alabama | 56.25 | 19 | 25 | 16 |
| 20 | Iowa | 53.00 | 17 | 32 | 37 |
| 21 | Tennessee | 52.55 | 20 | 35 | 22 |
| 22 | Illinois | 52.14 | 18 | 33 | 48 |
| 23 | Massachusetts | 51.93 | 23 | 36 | 3 |
| 24 | South Dakota | 51.20 | 27 | 20 | 3 |
| 25 | Minnesota | 50.99 | 31 | 6 | 16 |
| 26 | Virginia | 50.32 | 26 | 12 | 51 |
| 27 | Oregon | 50.13 | 44 | 3 | 37 |
| 28 | Missouri | 49.88 | 25 | 34 | 3 |
| 29 | Ohio | 48.76 | 24 | 45 | 16 |
| 30 | Vermont | 48.32 | 37 | 10 | 22 |
| 31 | Arizona | 47.40 | 28 | 18 | 48 |
| 32 | Colorado | 46.89 | 40 | 11 | 22 |
| 33 | Hawaii | 46.30 | 33 | 24 | 28 |
| 34 | Wisconsin | 45.60 | 35 | 28 | 14 |
| 35 | Washington | 45.05 | 39 | 14 | 37 |
| 36 | Connecticut | 44.37 | 32 | 29 | 32 |
| 37 | Indiana | 43.70 | 29 | 40 | 32 |
| 38 | Rhode Island | 43.65 | 30 | 38 | 32 |
| 39 | Oklahoma | 41.93 | 34 | 50 | 16 |
| 40 | North Dakota | 41.76 | 51 | 7 | 3 |
| 41 | New Hampshire | 41.55 | 49 | 9 | 16 |
| 42 | Montana | 41.49 | 36 | 37 | 41 |
| 43 | West Virginia | 40.77 | 41 | 46 | 1 |
| 44 | Maine | 40.52 | 47 | 27 | 3 |
| 45 | New Mexico | 39.06 | 43 | 39 | 22 |
| 46 | Alaska | 38.81 | 46 | 31 | 28 |
| 47 | Kentucky | 38.69 | 42 | 41 | 22 |
| 48 | Idaho | 37.72 | 48 | 42 | 3 |
| 49 | Kansas | 36.94 | 45 | 43 | 28 |
| 50 | Michigan | 36.62 | 38 | 51 | 28 |
| 51 | Wyoming | 34.73 | 50 | 49 | 3 |
*No. 1 = Most Vulnerable
Quick Tips for Avoiding Identity Theft & Fraud
- Emphasize Email Security: It’s obviously important to use strong passwords for all financial accounts, but you may not realize how essential it is to focus on email. Your primary email address will likely serve as your username and means of resetting your password on other websites. If it’s vulnerable, all of your other accounts will be, too. As a result, make sure to use an especially secure password and establish two-step verification for this account.
- Sign Up for Credit Monitoring: Credit monitoring is the best way to keep tabs on your credit report. It provides peace of mind in the form of alerts about important changes to your file, including potential signs of identity theft. WalletHub offers free monitoring of your TransUnion credit report.
- Leverage Account Alerts & Update Contact Info: Setting up online management for all of your financial accounts (e.g., credit cards, loans, Social Security), and keeping your phone number, email address and street address up to date will make them harder for identity thieves to hijack. Establishing alerts for changes to your contact info and other suspicious account activity will serve as a safeguard.
- Use Common Sense Online: Don’t open emails you don’t recognize. Don’t download files from untrustworthy sources. Don’t send account numbers and passwords via email or messenger applications. And don’t enter financial or personal information into websites that lack the “https” prefix in their URLs.
For more tips and information, check out WalletHub’s Identity Theft Guide.
Ask the Experts
As a cyber-oriented culture, it’s natural to wonder whether and how our daily habits assist hackers in stealing our personal information. We consulted a panel of experts for answers to such questions and advice on how to safeguard our data against cybercriminals. Click on the experts’ profiles to read their bios and thoughts on the following key questions:
- What can individuals do to guard against identity theft?
- How should consumers choose among third-party providers offering services to protect their identity and personal data?
- Should victims of identity theft be able to change their Social Security number? How can we make this number more difficult to steal and use (e.g., add more digits)?
- What are some common COVID-19 related scams and fraud attempts people should be vigilant about?
- Is the expansion of social media facilitating more identity thefts?
- Should the Federal government intervene to establish a clear process for victims of identity theft looking to clear their name?
- Should credit bureaus be tested for security breaches by authorities on a regular basis? If so, would the CFPB play a larger role in regulation and enforcement of bureaus?
Ask the Experts
- Eugene Y. Vasserman
Ph.D. – Associate Professor and Keystone Research Scholar, Department of Computer Science; Director, Center for Information and Systems Assurance – Kansas State University
Read More
- Steven Michael Bellovin
Percy K. and Vida L. W. Hudson Professor of Computer Science – Columbia University
Read More
- Tony Coulson
Ph.D. – Executive Director of the Cybersecurity Center and Full Professor of Information and Decision Science – Jack H. Brown College at California State University, San Bernardino
Read More
- Salvatore J. Stolfo
Professor of Computer Science – Columbia University
Read More
- Ken Dewey
Director / Professor Cyber Security / Digital Forensics – MS, MA, BS – CISSP, CCFE, CEH, CHFI, EnCE, ACE, VEP, Cloud Essentials, MCSE, Security+, A+, Net+, iNet+, CNA, CNSS 4011-4016 – Rose State College
Read More
- Eugene H. Spafford
Professor of Computer Science; Executive Director Emeritus, Purdue CERIAS – Purdue University
Read More
Methodology
In order to determine where American consumers are most vulnerable to identity theft and fraud, WalletHub compared the 50 states and the District of Columbia across three key dimensions: 1) Identity Theft, 2) Fraud and 3) Policy.
We evaluated those dimensions using 14 key metrics, which are listed below with their corresponding weights. Each metric was graded on a 100-point scale, with a score of 100 representing the most vulnerable.
Finally, we determined each state and the District’s weighted average across all metrics to calculate its overall score and used the resulting scores to rank-order our sample.
Identity Theft – Total Points: 47.5
- Identity-Theft Complaints per Capita: Full Weight (~15.83 Points)
- Change in Identity-Theft Complaints per Capita (2019 vs 2018): Full Weight (~15.83 Points)
- Average Loss Amount Due to Online Identity Theft: Full Weight (~15.83 Points)
Note: This metric was calculated using the following formula: Total Loss Amount / Total Number of Online Identity-Theft Complaints.
Fraud – Total Points: 47.5
- Fraud & Other Complaints per Capita: Full Weight (~9.50 Points)
- Change in Fraud & Other Complaints per Capita (2019 vs 2018): Full Weight (~9.50 Points)
- Median Loss Amount Due to Fraud: Full Weight (~9.50 Points)
Note: “Total reported amount paid” is based on the total number of fraud complaints for which the amount paid was reported by the victims. The amount paid ranges from $1 to $999,999. - Persons Arrested for Fraud per Capita: Full Weight (~9.50 Points)
- E-Commerce Attack Rates: Full Weight (~9.50 Points)
Policy – Total Points: 5.0
- Availability of Security-Freeze Law for Minors’ Credit Reports: Full Weight (~0.83 Points)
Note: This binary metric considers the presence or absence of legislation allowing parents, legal guardians or other representatives of minors to place a security freeze on the minor’s credit report. - Availability of Identity-Theft Passport Program : Full Weight (~0.83 Points)
Note: This binary metric considers the presence or absence of Identity-Theft Passport programs that help victims of identity theft reclaim their identity. When presented to a law-enforcement agency, an “identity-theft passport” allows a victim to prevent his or her arrest for offenses committed by an identity thief. - Data Disposal Laws by State: Full Weight (~0.83 Points)
Note: This is a binary metric that measures the presence or absence of data disposal laws in each state. Businesses and government collect personal information and store it in various formats-digital and paper. Several states have enacted laws that require entities to destroy, dispose or otherwise make personal information unreadable or undecipherable. - Presence of State Laws Addressing "Phishing": Full Weight (~0.83 Points)
Note: This is a binary metric that measures the presence or absence of laws addressing “phishing” in a state. “Phishing” is a cybercrime in which a target is contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. - Presence of State Spyware Laws: Full Weight (~0.83 Points)
Note: This is a binary metric that measures the presence or absence of laws addressing “spyware” in a state. “Spyware” is classified as a type of malware, malicious software designed to gain access to or damage your computer, track your online activities or collect confidential information. - Presence of Statewide Cybersecurity Task Forces: Full Weight (~0.83 Points)
Note: This is a binary metric that measures the presence or absence of cybersecurity task forces in a state.
Sources: Data used to create this ranking were collected from the Federal Trade Commission, Internet Crime Complaint Center, Federal Bureau of Investigation, Experian Information Solutions and National Conference of State Legislatures.