8.3 million in US victims of ID theft in 2005

About 8.3 million U.S. residents — nearly 4% of the nation's population — were victims of identity theft in 2005, but few victims identified computer-related crime as the culprit, according to a US Federal Trade Commission report released Tuesday.

The FTC data, obtained through telephone surveys, found that 56% of ID theft victims didn't know how their personal information was stolen. Only 1% of victims identified computer hacking as the cause of the ID theft, and another 1% identified a computer-based phishing attack, where ID thieves typically send out bogus emails that look like they come from banks or retailers and ask for log-in information.

Sixteen percent of the victims knew the ID thieves personally, and 7% said the data loss came from a purchase or financial transaction, including online, in-person and mail purchases. Five percent of victims said their data was taken from a company that held their personal information, according to the FTC report.

"Whether you're from Malibu or Manhattan, Tacoma or Tallahassee, no one is immune to identity theft," Lydia Parnes, director of the FTC's Bureau of Consumer Protection, said in a statement. "The important thing is that people learn how to deter identity thieves, detect suspicious activity on their financial records, and defend against the crime, should it happen."

The FTC, in a similar study, estimated there were about 10 million ID theft victims in the US in 2003. The average amount of money obtained per theft fell as well, from US$4,789 (NZ$6,314) in 2003 to US$1,882 in 2005.

The costs of ID theft varied significantly in the new survey. In more than half of the incidents, the thieves got away with US$500 or less, but in 10% of the cases, the thieves netted US$6,000 or more, the FTC said.

In more than half of the cases, the victims incurred no out-of-pocket expenses, but in 10% of cases, the victims reported out-of-pocket costs of US$1,200 or more.

The survey also asked victims to estimate the time they spent clearing up the problems caused by the ID theft. The average was four hours, but about 10% of victims spent 55 hours or more, and about 5% spent at least 130 hours.

Thirty-seven percent of victims reported experiencing problems beyond the time they spent recovering out-of-pocket expenses. The problems included being harassed by debt collectors, being denied new credit, being unable to use existing credit cards, being unable to get loans, having their utilities cut off, being subject to a criminal investigation or civil suit, being arrested, and having difficulties obtaining or accessing bank accounts.

Seventeen percent of all ID theft victims said that their personal information was used to open at least one new account. The two most common types of accounts thieves opened were telephone service accounts, reported by 8% of victims; and credit card accounts, reported by 7% of victims.

While 85% of the victims reported that one or more of their existing accounts had been misused, 12% reported that their information was misused in other ways. Five percent said that their personal information was given to the police when the thief was stopped or charged with a crime. Three percent of victims said that the thief had obtained medical treatment, services or supplies.

The study was conducted through interviews using a random-digit-dialing sampling methodology. More than 4,900 telephone interviews were conducted between March 27 and June 11, 2006.

NZ ID theft figures

According to Statistics NZ's "Information and Communications Technology in New Zealand" report, released last month, the proportion of individuals who had been a victim of fraudulent ICT activity that resulted in some loss was 1.6%, well below US figures.

The 35- to 39-year age group had the highest proportion of those who experienced loss (2.3%), followed by the 50- to 54-year age group (2.2%), and the 55- to 59-year age group (2.2%).