Sixteen (16) percent of respondents didn’t act after a data breach notice, leaving them and their employers vulnerable to identity crimes 

SAN DIEGO, November 18, 2021 – Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, published research conducted by DIG.Works that explored several issues related to data and account compromises, as well as data breach notices.  

The ITRC and DIG.Works surveyed 1,050 U.S. adult consumers about the issues and discovered that, overall, consumers reported a high level of awareness of data compromises and the range of actions they can take to protect themselves before and after a data breach. However, there is a significant gap between consumers’ level of awareness and actions that leave most people open to additional attacks and identity crimes.  

  • A shockingly high number of respondents (16 percent) took no action after receiving a notice of data breach; less than half (48 percent) changed the password only on the breached account; only 22 percent changed all of their passwords.  
  • Just three (3) percent of respondents said they placed a credit freeze to block new accounts from being created. 
  • Only 15 percent of respondents say they use unique passwords for each of their accounts; the other 85 percent admit to reusing passwords on multiple accounts. 
  • Thirty-three (33) percent of the respondents who do not follow suggested password practices answered that their practices are good enough; 13 percent say they don’t think strong and unique passphrases are important. 

Download the Data Breach Notice Research  

“Most people know what they should do, but choose not to in the areas of data protection and password practices,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “Organizations need to review how they notify consumers of data breaches to reduce the level of inaction and improve the credit freeze adoption rates. Also, businesses should recommend to consumers that they reset any passwords that are not unique and offer multi-factor authentication with an app.” 

Other findings include: 

  • Seventy-three (73) percent of respondents believe their personal information has been impacted by a data breach; 72 percent have received a notice of data breach letter. 
  • Fifty-five (55) percent of social media accounts have been compromised, including 42 percent of Facebook users and 32 percent of Instagram users. 
  • When asked why they didn’t act after receiving a breach notice, 26 percent said “my data is already out there;” 29 percent believed organizations responsible for protecting their data would address the issue; 17 percent did not know what to do; 14 percent thought the notice was a scam. 

Consumers can receive free live victim support or guidance from a knowledgeable advisor by calling 888.400.5530 or visiting www.idtheftcenter.org to live-chat. 

About this Survey 

The ITRC thanks Jonathon Sasse and Anders Steele for their donation of this research project on behalf of the ITRC and identity crime victims. Please visit DIG.Works to learn more. 

About the Identity Theft Resource Center   

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a national nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org and toll-free phone number 888.400.5530. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified. The ITRC offers help to specific populations, including the deaf/hard of hearing and blind/low vision communities.    

Media Contact       

Identity Theft Resource Center       
Alex Achten       
Head of Earned & Owned Media Relations        
888.400.5530 Ext. 3611       
media@idtheftcenter.org   

Kratovil brings experience as a legislative and regulatory expert in identity crimes, data security and consumer privacy to the ITRC Board of Directors

SAN DIEGO, November 11, 2021 – Jason Kratovil of SentiLink has joined the Board of Directors of the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime.

“I am happy to welcome Jason Kratovil to the ITRC’s Board of Directors,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “Jason is an industry leader with valuable experience and skill sets that will help our organization better serve victims of identity crimes. Our mission is to empower and guide consumers, victims, businesses, and government agencies to minimize risk and mitigate the impact of identity crimes. Jason will strengthen our ability to do that.”

Kratovil is the Head of Public Policy & Industry Relations at SentiLink, a leader in identity verification technology, with solutions to stop synthetic fraud and identity theft in real-time at account opening. He is a recognized legislative and regulatory expert in identity crimes and synthetic identity fraud, payments, data security, and consumer privacy. Kratovil also serves on the Fairfax County (VA) Consumer Protection Commission.

He was previously a principal at the Washington, D.C. law firm of Sivon, Natter & Wechsler, P.C. While at the firm, he founded the Consumer First Coalition, through which he led efforts on behalf of the financial industry to implement the Electronic Consent-Based Social Security number (SSN) Verification system (eCBSV). Kratovil holds a Master of Public Policy degree, two B.A. degrees, and a Certified Information Privacy Professional (CIPP/US) certification.

To view a full list of the ITRC’s Board of Directors, click here.

About the Identity Theft Resource Center  

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a national nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org and toll-free phone number 888.400.5530. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified. The ITRC offers help to specific populations, including the deaf/hard of hearing and blind/low vision communities.  

Media Contact     

Identity Theft Resource Center     
Alex Achten     
Head of Earned & Owned Media Relations      
888.400.5530 Ext. 3611     
media@idtheftcenter.org    

The ITRC’s 2021 Business Aftermath Report reveals that more than half of small businesses have suffered a data or security breach; one-third of companies have been breached at least three times 

SAN DIEGO, October 27, 2021 – The Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, has published its first-ever report on the impacts of identity crimes and cyberattacks on small businesses – the ITRC’s 2021 Business Aftermath Report.  

Image of ITRC 2021 Business Aftermath Report Infographic with key findings

There are 42 million solopreneurs, according to a 2019 report from the brand strategy group Spencer Brenneman. Yet, there is little information about how small businesses are impacted by the rise in identity crimes and cyberattacks. The ITRC solicited impact information directly from the small business owners and leaders affected by security and data breaches. For the 2021 Business Aftermath Report, 417 small business leaders and 1,050 general consumers responded to questions in two separate surveys about the impacts of cybercrimes on small businesses as defined by the U.S. Small Business Administration (SBA). The findings include: 

  • Fifty-eight (58) percent of small businesses have experienced a data breach, security breach or both. Of those businesses, three-fourths have experienced at least two breaches and one-third at least three breaches. 
  • Forty-four (44) percent of small businesses spent between $250,000-$500,000 to cover the costs of the breach. Sixteen (16) percent of small businesses spent between $500,000-$1 million.  
  • Thirty-six (36) percent of small businesses incurred debt to cover the breach costs, and 34 percent dipped into cash reserves.  
  • Fifteen (15) percent reduced their headcount to cut expenses.  
  • External threat actors were responsible for 40 percent of attacks. Malicious employees and contractors were responsible for 35 percent of the attacks. 

Download the ITRC’s 2021 Business Aftermath Report

“Behind all of these statistics are people,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “The resources stolen by cybercriminals are the same resources needed to sustain or grow a business to keep families safe, healthy and financially secure. It is critical we share these eye-opening findings so everyone can better understand the impacts of identity crimes, particularly on people just trying to support their families and the families of their employees.” 

Another important finding discovered in the 2021 Business Aftermath Report is that 42 percent of small businesses needed one to two years to return to normal. Twenty-eight (28) percent of respondents say it took their business three to five years to recover fully.  

“These identity crimes are not just costing small businesses and solopreneurs a lot of money,” Velasquez said. “It is also taking them a long time to put their business back on a path to growth. Now that we have data on the impacts of data and security breaches on small businesses, we must use it to help support the broad range of identity crime victims.” 

The ITRC offers a range of low and no-cost tools to help small businesses. Consumers can receive free live victim support or guidance from a knowledgeable advisor by calling 888.400.5530 or visiting www.idtheftcenter.org to live-chat.  

About the Identity Theft Resource Center  

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a national nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org and toll-free phone number 888.400.5530. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified. The ITRC offers help to specific populations, including the deaf/hard of hearing and blind/low vision communities.   

Media Contact      

Identity Theft Resource Center      
Alex Achten      
Head of Earned & Owned Media Relations       
888.400.5530 Ext. 3611      
media@idtheftcenter.org  

The number of data breach victims dramatically increased in Q3 2021 due to a series of data exposures during the quarter 

SAN DIEGO, October 6, 2021 – Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, released its U.S. data breach findings for the third quarter (Q3) of 2021. According to the data breach analysis, the number of data breaches publicly-reported in the U.S. decreased nine (9) percent in Q3 2021 (446 breaches) compared to Q2 2021 (491 breaches). However, the number of data breaches through September 30, 2021 has exceeded the total number of events in Full-Year (FY) 2020 by 17 percent (1,291 breaches in 2021 compared to 1,108 breaches in 2020). The trendline continues to point to a record-breaking year for data compromises (the all-time high of 1,529 breaches was set in 2017). 

For Q3 2021, the number of data compromise victims (160 million) is higher than Q1 and Q2 2021 combined (121 million). The dramatic rise in victims is primarily due to a series of unsecured cloud databases, not data breaches. Also, the total number of cyberattack-related data compromises year-to-date (YTD) is up 27 percent compared to FY 2020. Phishing and Ransomware continue to be, far and away, the primary attack vectors. 

Download the ITRC’s 2021 Q3 Data Breach Analysis and Key Takeaways 

“While the total number of data breaches dropped slightly in Q3, we are only 238 data breaches away from tying the all-time record for data compromises in a single year,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “It’s also interesting to note that the 1,111 data breaches from cyberattacks so far this year exceeds the total number of data compromises from all causes in 2020. Everyone needs to continue to practice good cyber-hygiene to protect themselves and their loved ones as these crimes continue to increase.” 

Other findings in the analysis include: 

  • There have been no publicly-reported data breaches to date in 2021 attributed to payment card skimming services.  
  • Some organizations and state agencies are not including specifics about data compromises or reporting them on a timely basis. One state has not posted a data breach notice since September 2020. 

Enhancing Data Security – U.S. Senate Committee Hearing – Oct. 6, 2021

The ITRC will testify before the U.S. Senate Committee on Commerce, Science & Transportation today to present the findings from our Q3 Data Breach Analysis. Watch the hearing on enhancing data security live at 10 a.m. EST/7 a.m. PST.  ITRC COO, James E. Lee, issued a written statement for the record as part of a hearing with the U.S. Senate Committee. 

For more information about recent data breaches, or the increase in the number of data breaches discussed in the latest trend analysis, consumers and businesses should visit the ITRC’s data breach tracking tool, notified.    

Anyone can receive free support and guidance from a knowledgeable live-advisor by calling 888.400.5530 or visiting  www.idtheftcenter.org to live-chat.   

About the Identity Theft Resource Center  

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a national nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org and toll-free phone number 888.400.5530. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified. The ITRC offers help to specific populations, including the deaf/hard of hearing and blind/low vision communities.  

Media Contact     

Identity Theft Resource Center     
Alex Achten     
Head of Earned & Owned Media Relations      
888.400.5530 Ext. 3611     
media@idtheftcenter.org    

This year’s Cybersecurity Awareness Month initiative highlights the importance of cybersecurity by encouraging individuals & organizations to take measures to ensure they stay safe online  

SAN DIEGO, September 22, 2021 – Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, announced its commitment to Cybersecurity Awareness Month (CSAM), held annually in October. The ITRC joins the growing global effort to promote the awareness of staying safe online. CSAM 2021 is a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations, and individuals committed to the CSAM theme of ‘Do Your Part. #BeCyberSmart.’ 

“The importance of good cybersecurity and its link to identity protection is reinforced every day,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “Cybersecurity is a critical issue that affects everyone, whether you are a business owner, company employee, or a consumer. Online safety, identity protection and data privacy is important for everyone. The ITRC continues to stay committed to our mission, to help consumers and businesses with best practices, and to help everyone #BeCyberSmart.” 

The ITRC will lead or participate in the following activities during CSAM 2021: 

  • Sept 29, 2021 – “How to Secure Your Online Life” Webinar 

On September 29, the ITRC will take part in a webinar with Verity-IT, National Institute of Standards and Technology (NIST), and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security on how to secure your online life. The one-hour session will give an overview of the cyber basics. 

  • Oct 6, 2021 – Release of Q3 2021 Data Breach Trend Analysis 

On October 6, the ITRC will release its data breach information for the third quarter of 2021. In the ITRC’s H1 2021 Data Breach Trend Analysis, the ITRC reported a 38 percent increase in data breaches quarter-over-quarter and predicted an all-time high number of data breaches by year’s end if breaches continued at the first half of the year’s pace. Sign up for the Monthly Data Breach Newsletter to get alerts and this report directly to your inbox. 

Save The Date – ITRC 2021 Business Aftermath Report to be released October 2021
  • Oct 27, 2021 – Release of Inaugural Business Aftermath Report 

On October 27, the ITRC will release its first-ever report on the impacts of identity crimes and cyberattacks on small businesses. Cyberattacks and the resulting security and data breaches can have a devastating effect on any business. However, small organizations and solopreneurs often lack the resources to prevent or defend against cybercrimes. The 2021 Business Aftermath Report is the first major independent, publicly-reported research into what happens specifically to small businesses following a data or security breach. Sign up to get this report directly to your inbox and more highlights from the ITRC. 

  • Oct 27, 2021 – Nasdaq Cybersecurity Summit 

On October 27 at 10 a.m. EST/7 a.m. PST, the National Cyber Security Alliance (NCSA) will host its annual Nasdaq Cybersecurity Summit virtually and at the Nasdaq MarketSite in Times Square, New York. The ITRC will participate as a partner in this event that looks at research and best practices for designing security products and processes that are usable by those who need them. 

  • The ITRC’s Weekly Breach Breakdown and Fraudian Slip Podcast Episodes  

Check out the ITRC’s latest podcasts, “The Fraudian Slip” (monthly), where we talk about all-things identity compromise, crime and fraud that impact people and businesses, as well as “The Weekly Breach Breakdown” (weekly), covering the most recent events and trends related to data security and privacy.  

More on CSAM 2021 

Technology plays a part in almost everything we do in life. Mobile and connected smart devices are woven into society as an integral part of how people communicate and access services essential to their well-being. Despite these great advances in technology and the conveniences this provides, recent events have shown us how quickly our lives and businesses can be disrupted when cybercriminals and adversaries use technology to do harm. Now in its 18th year, CSAM continues to build momentum and impact with the ultimate goal of providing everyone with the information they need to stay safe online.  

The ITRC is proud to support this far-reaching online safety awareness and education initiative co-led by CISA the NCSA. 

For more information about CSAM 2021, staying safe online and how to participate in a wide variety of activities, visit staysafeonline.org/cybersecurity-awareness-month/. You can also follow and use the official hashtag #BeCyberSmart on social media throughout the month.  

About the Identity Theft Resource Center 

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a national nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org and toll-free phone number 888.400.5530. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified. The ITRC offers help to specific populations, including the deaf/hard of hearing and blind/low vision communities.  

About Cybersecurity Awareness Month 

Cybersecurity Awareness Month is designed to engage and educate public and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the nation in the event of a cyber incident. Since the Presidential proclamation establishing Cybersecurity Awareness Month in 2004, the initiative has been formally recognized by Congress, federal, state and local governments and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come. For more information, visit staysafeonline.org/cybersecurity-awareness-month/.  

About National Cyber Security Alliance  

The National Cyber Security Alliance is a nonprofit alliance on a mission to create a more secure connected world. We enable powerful, public-private partnerships in our mission to educate and inspire individuals to protect themselves, their families and their organizations for the collective good. For more information on the National Cyber Security Alliance, please visit https://staysafeonline.org

Media Contact     

Identity Theft Resource Center     
Alex Achten     
Head of Earned & Owned Media Relations      
888.400.5530 Ext. 3611     
media@idtheftcenter.org 

The number of individuals impacted by a data compromise is down 20 percent quarter-over-quarter 

SAN DIEGO, July 8, 2021 – Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, released its U.S. data breach findings for the first half (H1) of 2021. According to the data breach analysis, publicly-reported U.S. data breaches are up 38 percent in the second quarter (Q2) of 2021 (491 compromises) compared to the first quarter (Q1). However, the number of individuals impacted (52.8 million) is down 20 percent over that same timespan.  

For H1 2021, the number of compromises (846) makes up 76 percent of 2020’s total compromises. If the current attack pace continues, the increase in data breaches in 2021 will end with a record-setting number of compromises, exceeding the current highwater mark of 1,632 set in 2017.  

However, the number of victims (118.6 million) only makes up 38 percent of 2020’s total number of people impacted by data breaches, data exposures and data leaks. If the trend continues, 2021 could result in the lowest number of people impacted by data compromises since 2014.  

Phishing and ransomware attacks remain the top two root causes for data compromises, and supply chain attacks continue to increase (32 new attacks in Q2 compared to 27 in Q1 2021). The surge in phishing, ransomware and supply chain attacks is driving the pace of data compromises and the main reason 2021 could see a new record for total data breaches, data exposures and data leaks. 

According to the H1 2021 Data Breach Analysis by the ITRC, publicly-reported U.S. data breaches are up 38 percent in the second quarter (Q2) of 2021.

Download the ITRC’s 2021 First Half Data Breach Analysis and Key Takeaways  

“We are seeing a shift with the increase in data breaches in 2021 compared to 2020, primarily because of the growing number of phishing attacks, ransomware attacks and supply chain attacks,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “While it is discouraging to see the number of compromises up, it is encouraging that we could see the fewest number of people impacted in seven years. Criminals continue to exploit organizations of all sizes through single points-of-attack, making good cyber-hygiene practices more important than ever.” 

Other findings in the analysis include: 

  • Data compromises are rising in half of the sectors tracked by the ITRC. Manufacturing & Utilities and Professional Services are seeing significant increases, while Healthcare and Retail are seeing data compromises drop. This dynamic reflects the broader trend of cybercriminals shifting their attacks to critical infrastructure entities that are too important to remain idle, and targets with less robust cybersecurity protections in hopes of securing larger ransomware payments.  
  • The 58 supply chain attacks through June 30, 2021, a 19 percent increase in Q2, compares to 70 malware-related compromises, which indicates that third-party risks are poised to surpass malware as the third most common root cause of data events by the end of the year. 
  • The July 2, 2021 supply chain attack on Kaseya, a security software provider, also indicates that the scope and complexity of supplier attacks are increasing. 

For more information about recent data breaches, or the increase in data breaches discussed in the latest trend analysis, consumers and businesses should visit the ITRC’s data breach tracking tool, notified.   

For consumers who have been victims of a data breach, the ITRC recommends downloading its free ID Theft Help app to manage the various aspects of an individual’s data breach case.  

Anyone can receive free support and guidance from a knowledgeable live-advisor by calling 888.400.5530 or visiting www.idtheftcenter.org to live-chat.  

About the Identity Theft Resource Center     

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org, toll-free phone number 888.400.5530 and ID Theft Help app. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified.      

Media Contact    

Identity Theft Resource Center    
Alex Achten    
Earned & Owned Media Specialist    
888.400.5530 Ext. 3611    
media@idtheftcenter.org   

On June 28, 2021, the Identity Theft Resource Center (ITRC) discovered a particular form of a phishing attack (also known as a brand spoofing attack) imitating our non-profit organization. The spoofed email, which was determined to be an identity monitoring services scam, sent offers of an “elite search account” with monitoring services to “track your social security, name, address, phone, and any other pertinent information that may be compromised over the web.”

The ITRC Never Charges Consumers or Collects Sensitive Information

The ITRC never charges consumers for assistance and any communication you receive claiming to offer an ITRC service for a fee is a scam. The ITRC only provides no-cost identity theft victim remediation services for individuals that does not include a monitoring service.

The ITRC also does not request or collect sensitive personal information like Social Security numbers, driver’s license numbers or physical addresses. The ITRC may ask for your email or phone number to send you free identity theft resources and educational advice. The limited information you share is never sold to anyone and only to be shared with our research partners with your permission.

What is a Brand Spoofing Attack?

For Consumers:

With this attack style, a cybercriminal imitates a well-known brand to offer a product or service. The attack may also include a live operator acting as a contact center service representative.  Consumers need to follow the best practices for avoiding phishing attacks:

  • Be suspicious of emails that claim you must pay, click for your offer or open an attachment immediately.
  • Think about if you have ever interacted with the company before. If this is a new company or account, go directly to their website or call to ask them if the offer is legitimate.
  • If you think you clicked on a malicious attachment, be sure to run an update on your computer and consider anti-virus software.
  • If you gave away your personal or financial information, place a credit freeze on your credit reports and monitor your accounts regularly.

For Businesses:

If your business email, website, social media accounts, or text services were used in a brand spoofing attack, notify your customers or visitors of the spoof and the steps they should take if they have given their account password or financial information to a criminal. You may direct victims to the ITRC’s contact center or website for free assistance.

Read more about business email imposter recovery steps to take with advice from the Federal Trade Commission.

What You Need to Know About Identity Monitoring Services Scams

In an identity monitoring services scam, an identity thief poses as a well-known brand or government agency and contacts you to say your identity has been compromised. They have discovered your personal information on the dark web and insist you should pay for services to monitor your identity.

The identity monitoring services scam is similar to the IT support scam where the cybercriminal poses as Microsoft, Apple, etc. to say your computer has been infected with malware and is alerting you. They then urge you to clean it up as soon as possible and will take your credit card information or payment through gift card to clean up the infection for you.

Report to the ITRC

If you receive an email, phone call or other communication that asks for your personal or financial information to pay for a service, report it directly to the ITRC to receive our free remediation services to help protect your identity and help prevent additional identity crimes. The ITRC’s expert advisors will help you take additional steps if required, to secure your identity.

Contact the ITRC for Free Identity Theft Information

If you accidentally click on a link of a brand phishing attack or provide information to what you discover later was a fake website form, contact the ITRC toll-free at 888.400.5530 or live-chat with an expert advisor on the company website www.idtheftcenter.org. An advisor will walk you through the steps to take to protect yourself from any possible identity misuse. 


The ITRC is a non-profit organization established in 1999 to empower and guide consumers, victims, business, and government to minimize risk and mitigate the impact of identity compromise and crime. Read more about our mission.

The ITRC’s three-year study shows nearly 30 percent of victims have been the victim of a previous identity crime; an all-time high number of victims say they have contemplated suicide

SAN DIEGO, May 26, 2021- The Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, has published research that shows nearly 30 percent of people who contact the ITRC are victims of more than one identity crime. The study – the 2021 Consumer Aftermath Report – released today covers the 36 months from 2018-2020 and goes beyond the known financial implications of identity crimes and explores the emotional, physical and psychological impacts experienced by victims.

For the report, 427 identity crime victims who contacted the organization between January 2018 and December 2020 responded to questions about the impact of identity compromises. The survey, which the ITRC has conducted since 2003, discovered that many of the respondents experienced impacts that resulted in definable emotional impacts, physical consequences and lost opportunities. For example, the report shows the highest level of victims who say they have considered suicide – 10 percent – in the 18-year history of the Consumer Aftermath Report.

The ITRC study includes a special focus on victims of pandemic-related identity fraud, including:

  • Thirty-three (33) percent who did not have enough money to buy food or pay for utilities.
  • Forty (40) percent who were unable to pay their routine bills.
  • Fourteen (14) percent who were evicted for non-payment of rent or mortgage.
  • Fifty-four (54) percent who said they felt violated as a result of their identity being misused

Download the ITRC’s 2021 Consumer Aftermath Report

“The 2021 Consumer Aftermath Report shows that the effects of identity theft, particularly during COVID-19, are far-reaching and accelerating,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “Even pre-pandemic, for roughly 30 percent of these individuals, this is the second identity crime committed against them. Generally, these victims cannot pay their rent or mortgage, put food on the table, gas in their cars or afford to pay for internet access or childcare needed to look for new employment. In the report, you see the range of emotions – anger, frustration, fear, hopelessness – in their own words. It is crucial we share these findings so others can better understand the ramifications of identity crimes, as well as help force change to better support these victims.”

“While we have all adjusted to masks and social distancing during the COVID-19 pandemic, for victims of identity fraud, the pandemic has created an entirely new set of risks,” said John Breyault, National Consumers League Vice President of Public Policy, Telecommunications and Fraud and an ITRC Board Member. “It might be tempting to focus only on the considerable harm that identity fraud does to consumers. However, we shouldn’t lose sight of the costs to businesses due to lost productivity and lower morale as employees manage their recovery and to taxpayers as fraudsters raid unemployment insurance funds.”

Another critical finding discovered in the 2021 Consumer Aftermath Report is pre-pandemic, identity crime victims struggled with the financial, emotional and physical impacts of having their identities misused. Eighty-three (83) percent of victims could not rent an apartment or find housing and 67 percent incurred debt to meet financial obligations. Also, 84 percent reported being anxious or worried and 76 percent feeling violated.

“The risk of having one’s identity stolen and used to perpetuate fraud may be the least studied, most common, criminal experience that individuals can encounter,” said Brandn Green, Research Scientist at Development Services Group. “The work done by the ITRC in their report to quantify and demonstrate the experiences of victims is invaluable.”

Consumers and victims can receive free support and guidance from a knowledgeable live advisor by calling 888.400.5530 or visiting www.idtheftcenter.org to live-chat. 

About the Identity Theft Resource Center   

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org, toll-free phone number 888.400.5530 and ID Theft Help app. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified.    

Media Contact  

Identity Theft Resource Center  
Alex Achten  
Earned & Owned Media Specialist  
888.400.5530 Ext. 3611  
media@idtheftcenter.org   

While the number of data compromises is only up slightly (12 percent increase in Q1 2021), individuals impacted is on a steep rise due to more supply chain attacks in 2021 

SAN DIEGO, April 7, 2021 – Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, released its U.S. data breach findings for the first quarter of 2021. 

According to the ITRC’s analysis, publicly-reported U.S. data compromises in Q1 2021 are up 12 percent (363) from Q4 2020. The number of individuals impacted is up 564 percent (51 million in Q1 2021 versus eight million in Q4 2020). A primary reason for the gap in compromises and impacts is a 42 percent rise in the number of supply chain attacks compared to Q4 2020, a trend discussed in the ITRC’s 2020 Data Breach Report.  

One hundred and thirty-seven (137) organizations reported being impacted by supply chain attacks in Q1 2021 at 27 different third-party vendors, including IT provider Accellion. The publicly-reported supply chain attacks affected seven million people. Nineteen supply chain attack-related compromises were reported in Q4 2020. Other conclusions from the Q1 2021 report include

  • Phishing and ransomware attacks continue to be the primary root causes of data compromises.  
  • The increase in data compromises and impacted individuals was also influenced by 59 data events reported in early Q1 2021 that occurred in late December 2020.  
  • The 2020 supply chain and ransomware attack against IT provider Blackbaud continues to result in new data breach notices; 62 new notices in Q1 2021 that impacted approximately 146,000 additional individuals. More than 12.8 million people at 555 organizations have now been affected by the attack first reported in mid-2020. 
  • The report reinforces the trends highlighted by the ITRC, the FBI, and various security vendors that point to a rise in cybercrimes focused on stealing company resources using personal information.  

Download the ITRC’s 2021 Q1 Data Breach Analysis and Key Takeaways  

“While the number of data compromises is only up slightly, the rise in supply chain attacks is troubling,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “Supply chain, phishing, and ransomware attacks reflect a broader trend that cybercriminals want to exploit multiple organizations through a single point-of-attack. The most important action people can take to help protect themselves is to exercise good cyber-hygiene habits.”  

The FBI’s most recent Internet Crime Complaint Center (IC3) Report shows phishing as the number one complaint for individuals and businesses in 2020. According to the report, $1.8 billion in business losses was directly attributed to Business Email Compromise, a form of phishing.  

For more information about recent data breaches, or any of the data breaches discussed in the Q1 2021 Date Breach Report, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified.  

For consumers who have been victims of a data breach, the ITRC recommends downloading its free ID Theft Help app to manage the various aspects of an individual’s data breach case.  

Anyone can receive free support and guidance from a knowledgeable live-advisor by calling 888.400.5530 or visiting www.idtheftcenter.org to live-chat.  

About the Identity Theft Resource Center   

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org, toll-free phone number 888.400.5530, and ID Theft Help app. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified.    

Media Contact  

Identity Theft Resource Center  
Alex Achten  
Earned & Owned Media Specialist  
888.400.5530 Ext. 3611  
media@idtheftcenter.org   


The Identity, Authentication and the Road Ahead event, February 4-5 from 11 a.m. – 3 p.m. EST, will bring together leaders from government, industry and the nonprofit sector to tackle critical identity issues 

SAN DIEGO, February 2, 2021- On February 4-5, 2021, the Better Identity Coalition, FIDO Alliance, and Identity Theft Resource Center will be hosting an online event, “Identity, Authentication and the Road Ahead”.  

The event will bring together leaders from government, industry and the nonprofit sector to tackle how the government plans to modernize identity and authentication, how COVID-19 has affected the identity landscape, ways the government can help address pain points in our identity infrastructure, standards updates and more. Our keynote speakers include Congressman Bill Foster [D-IL], Financial Crimes Enforcement Network (FinCEN) Deputy Director and Digital Innovation Officer Michael Mosier, Congressman John Katko [R-NY] and Partner Director of Identity Security for Microsoft Alex Weinert. 

“The COVID-19 pandemic has laid bare our challenges in digital identity and authentication – not just from a security perspective, but also a human one,” said Jeremy Grant, Coordinator of the Better Identity Coalition. “We’re thrilled to partner with the FIDO Alliance and the Identity Theft Resource Center on this two-day event to highlight different facets of the challenges in identity and authentication – and discuss ways the government and industry can partner together to spur new solutions that can help all Americans.” 

“The FIDO Alliance is pleased to be working with the Better Identity Coalition and the Identity Theft Resource Center to advance awareness of and inspire action for simpler and stronger authentication and improved identity verification processes,” said Andrew Shikiar, Executive Director & CMO of the FIDO Alliance. “Jarring events of late, such as the global COVID pandemic and threats to the U.S. election, have accelerated the urgency to move forward with digital transformation plans and enable secure and phish-proof access to remote systems and applications. We’re looking forward to sessions that will uncover the critical role that FIDO Authentication has played this past year and will play in the future of identity and authentication.” 

“The Identity Theft Resource Center is honored to co-host the 2021 Policy Forum with the Better Identity Coalition and the FIDO Alliance to bring awareness to digital security, privacy and convenience for everyone,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “It is critically important we take a look at identity crimes and their impacts on individuals, businesses and policies, particularly when it comes to equity and inclusion. We hope that the two-day event highlights how government and decision-makers can address the pain points in our identity infrastructure and leads to discussions on how to improve identity use and protection in America.” 

Our hashtag for the event is #IDPolicyForum. You can find the full schedule here and RSVP here. This event is on the record and open to the public.  

About the Identity Theft Resource Center   

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org, toll-free phone number 888.400.5530, and ID Theft Help app. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified.    

About the Better Identity Coalition 

Launched in 2018, the Better Identity Coalition is an organization focused on bringing together leading firms from different sectors to develop a set of consensus, cross-sector policy recommendations that promote the adoption of better solutions for identity verification and authentication. The Coalition’s founding members include recognized leaders from diverse sectors of the economy, including financial services, health care, technology, FinTech, payments, and security. More on the Coalition is available at https://www.betteridentity.org/ 

About the FIDO Alliance 

The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.