The Identity Theft Resource Center (ITRC) and other advocacy groups have tracked data breaches, identity theft, scams and fraud for years. However, it is difficult to identify the geographic patterns to these crimes.

The Federal Bureau of Investigation (FBI) has released its annual cybercrimes report, which outlines which states saw the largest number of compromised records and the largest financial losses. The report provides statistics on what states are hit the hardest by these crimes. It also breaks down how much financial damage is caused and what mechanism for the crime was used. Interestingly, some of the states with the highest numbers of cybercrime have also been on the top identity theft state lists for several years. California, Florida, Texas, New York and Pennsylvania (in that order) had the highest numbers of cybercrime reports last year. The most financial damage from these attacks occurred in California, Texas, Florida, New York, and Arizona, again, in that order. As for how these cybercrimes manifested, Business Email Compromise (BEC) and ransomware were highly common forms, as were tech support fraud and extortion.

California, Florida, Texas, New York and Pennsylvania (in that order) had the highest numbers of cybercrime reports last year. The most financial damage from these attacks occurred in California, Texas, Florida, New York, and Arizona, again, in that order. As for how these cybercrimes manifested, Business Email Compromise (BEC) and ransomware were highly common forms, as were tech support fraud and extortion.

With such alarming numbers of occurrences around the country, what are individual consumers and businesses supposed to do? The very first answer is to simply understand that the threat even exists. Read up on the findings of the FBI, the ITRC’s annual Aftermath report, the Federal Trade Commission’s data on fraud reports. Once you understand the ways—and the likelihood—that cybercrime can strike, you’ll be better prepared to take as much preventive action as you can.

That action all starts with recognizing a possible cyber attack and refusing to play along. BECs and ransomware are easily ignored if you understand the dynamics that hackers use to trap you, for example. These tactics rely on the person receiving the communication not realizing the danger, so it’s important to set solid policies in place (for yourself and your workplace) about how to recognize, respond, and even recover from a cyber attack.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.