Reports of identity crimes to the Identity Theft Resource Center continued to decline in 2024 from 2023. However, victims who report their crimes are suffering greater financial losses than ever, according to the ITRC’s 2025 Trends in Identity Report, released on Tuesday.
The ITRC’s COO, James E. Lee, told TechNewsWorld that there are a number of factors contributing to the decline in reports and increase in losses. One such factor is that victims are being scammed more than once. The report noted that the number of people experiencing multiple identity-related incidents increased from 15% in 2023 to 24% in 2024. “We believe that is the result of AI being employed by cybercriminals,” Lee said.
As AI-generated content becomes more realistic, it becomes more difficult to identify and block fraudulent attempts, the report explained. These thieves don’t just ask for money. They will work to obtain as many personal identifiers as possible to take over existing accounts, establish new ones, or sell the information to make money.
In addition, AI has allowed digital desperadoes to fine-tune their efforts. “Cybercriminals have become far more surgical in targeting high-value individuals or exploiting large data sets with sophisticated automation,” explained Ensar Seker, chief information security officer of SOCRadar, a threat intelligence company, in Newark, Del.
“Instead of broad, noisy attacks, we now see AI-powered spear phishing and credential stuffing campaigns that quietly drain accounts with minimal detection,” he told TechNewsWorld. “Victims often don’t even realize they’ve been compromised until the financial damage is already done, and by then, some feel reporting won’t help.”
“AI has become a game-changer in identity theft,” he added. “From crafting believable phishing emails to deepfake voice fraud and identity document generation, threat actors now use generative AI tools to scale deception at near-zero cost. These tools dramatically reduce the technical barriers for novice criminals while amplifying the effectiveness of seasoned groups. Identity fraud is no longer a manual process. It’s industrialized.”
Victim Fatigue Hampers Reporting
Rosario Mastrogiacomo, chief strategy officer at Sphere Technology Solutions, a data governance software and services company in Hoboken, N.J., explained that cybercriminals are using breached data, AI-driven reconnaissance, and dark web marketplaces to focus on high-value individuals and credentials. “That leads to fewer overall incidents being reported, but each successful attack has a bigger financial impact,” he told TechNewsWorld.
“There’s also a growing psychological barrier to reporting as the public becomes desensitized to breaches,” he added.
Indeed, another factor cited in the report contributing to the decline in crime reporting is the “victim fatigue” associated with the unrelenting pace of data breaches and cyberattacks, creating a sense of hopelessness and powerlessness. “People are just paralyzed [psychologically], and they don’t know what to do, so they don’t do anything,” the ITRC’s Lee said.
“Depending upon the nature of the crime that they’re a victim of, a lot of times they just suck it up, and they don’t report it at all,” he continued. “They’re embarrassed. They feel shame. They feel guilt. So they don’t turn to anyone for any kind of help.”
“Given the amount of attacks that the typical person experiences — for example, some of the recent and aggressive unpaid toll scams that come in through email or text messages — it’s only natural that people spend less time reporting attacks than before,” added Erich Kron, security awareness advocate at KnowBe4, a security awareness training provider, in Clearwater, Fla.
“Add to the increased frequency, the poor record of arresting the individuals responsible, and you have the perfect formula for apathy,” he told TechNewsWorld.
James Maude, Field CTO of BeyondTrust, a maker of privileged account management and vulnerability management solutions in Carlsbad, Calif., added that organizations also have their reasons for not reporting identity theft. “Many customer-facing organizations, especially in retail, will quickly write off losses associated with compromised customer identities, as they have accepted that adding [more] security that would protect customers’ accounts would only increase friction and lower the likelihood of future purchases,” he told TechNewsWorld.
“In the age of online shopping and instant gratification, any security mechanisms to challenge a user and verify their identity can be seen as a competitive disadvantage,” he said.
Search Engines Obscure Reporting Resources
Another contributor to the decline in reporting is the current state of internet search. “Historically, everybody found out where they could go for help by doing a Google search or using some other search engine,” Lee explained. “Today, because of the way that search returns are being formulated and displayed, the organizations that you would turn to aren’t being displayed in those search engines.”
“So you have to scroll way down to find out the actual source of the information or the actual organization,” he said. “That impacts the FTC. It impacts the ITRC. It impacts the FBI. It impacts local law enforcement. Because we’re not buying ads, and we’re not paying for a search return to come up higher, we’re buried.”
“Our web traffic is down significantly, and we hear anecdotally from people who do contact us that they had a hard time finding us because of the scrolling,” he added. “So we know for a fact, and in talking to other peer groups and other organizations, they’re experiencing the same thing. It’s not unique to the ITRC, but it is a phenomenon that is impacting organizations that have historically depended on organic search returns for people to find them.”
The ITRC report also noted year-over-year increases in document theft. For example, reports of driver’s license theft increased to 22% in 2024 from 20% in 2023; Social Security card theft jumped to 20% from 18%; and birth certificate theft increased to 8% from 1%.
Overall, there was a 71% increase in reports of stolen documents with personal information. Lee explained that kind of criminal activity usually occurs when there’s a large-scale natural disaster, and people lose their foundational documents.
SOCRadar’s Seker added that the increase in stolen foundational documents, such as SSNs and birth certificates, likely stems from targeted breaches of government portals, healthcare providers, and school systems where such records are archived. “These documents are the keys to synthetic identity creation, so they’ve become prime targets for fraud rings building long-term scams,” he said.
“Stolen government IDs are the golden keys for opening new lines of credit, fake employment and even immigration scams,” added Rob Shavell, co-founder and CEO of Boston-based DeleteMe, a privacy service that helps users remove their personal information from data broker websites.
“Criminals don’t need to hack databases,” he told TechNewsWorld. “They can piece together enough of your identity from broker sites, public records, and old breaches to convincingly pose as you or create a synthetic version.”
Lack of Guidance Fuels Identity Risks
Shavell noted that the ITRC report does an important job of spotlighting the growing damage caused by identity crimes, but the report stops short of addressing the full picture. “It focuses heavily on breach events but misses the persistent exposure of personal data that enables modern threats in the first place,” he said.
“Today, attackers don’t need to breach anything to impersonate you,” he continued. “They just scrape your home address, phone number, and family details from broker sites and go. The report also touches on AI but doesn’t fully unpack how it’s accelerating fraud-as-a-service and deepfake-driven scams.”
“Most critically,” he added, “the report lacks practical guidance. Organizations and individuals need clear, proactive steps, not just awareness.”
