September 04, 2003, 9:22 AM — About 27.3 million U.S. residents have been victims of identity theft during the past five years, according to a survey released Wednesday by the U.S. Federal Trade Commission (FTC), but the agency is unsure how many of those crimes happened through technological means such as the Internet.
After conducting a phone survey, the FTC estimates that 9.9 million U.S. residents have been victims of identify theft during the past year, with businesses and financial institutions losing US$48 billion during that period, and consumer victims reporting $5 billion in out-of-pocket expenses. The survey, of more than 4,000 adults in March and April, is the first comprehensive attempt by the U.S. government to get a handle on the number of victims and the cost of identity theft.
"It was considerably higher than I expected," Howard Beales, director of the FTC's Bureau of Consumer Protection, said of the survey's results. "In planning this survey, we did the sample as large as we did because we thought we were going to have a hard time finding victims. Unfortunately, that's not the case."
The FTC's numbers are higher than most previous estimates of identity theft. A Gartner Inc. survey released in July found 7 million victims of identity theft in the previous year, while the FTC received about 380,000 complaints about identity theft in 2002. An Internet survey by Privacy and American Business, released in July, found 33.4 million U.S. victims of identity theft since 1990.
Nearly half -- 49 percent -- of those who said they'd been a victim of identity theft during the past five years didn't know how the thief obtained their information. Twenty-three percent said the thief gained their information through a theft of some kind, but that could range from a credit card statement stolen from a garbage can to a hacker stealing credit card numbers from an e-commerce site. Another 13 percent said the thief obtained the personal information through a transaction of some kind, which could include some Web transactions.
The FTC's survey doesn't break down the causes of the identity theft into more specific categories, but Beales noted his agency has been involved in several attempts to prevent identity theft online. In July, the FTC settled a civil action against a California 17-year-old who allegedly tricked Internet users into giving him their credit card numbers and other personal information on a bogus Web site meant to look like America Online Inc.'s billing center. [See, "FTC settles with young ID thief," July 21.] In June, the FTC settled a case with clothing and accessory vendor Guess Inc., which was accused of not taking appropriate measures to secure its Guess.com Web site.
Still, Beales didn't pinpoint the Internet as the cause of most identity thefts. There's nothing in the report to suggest that transactions on the Internet with trusted Web sites are dangerous, he said.