“It is not just about the number of crimes, but also the pattern they follow,” said Mona Terry, chief operating and programs officer at the Identity Theft Resource Center (ITRC), as experts warned of a growing “multi-layered crisis” in identity crime.
ITRC data: scope and rising recurrence
The ITRC analyzed more than 6,000 reports submitted between April 1, 2025 and March 31, 2026 for its 2026 Trends in Identity Report. The nonprofit found that nearly 26% of victims experienced two or more concurrent identity crime incidents during that period, up from 24% the previous year. The organization and its experts framed that rise as evidence that single compromises are increasingly cascading into additional incidents across accounts and institutions.
Unauthorized device/PC access surges
One of the clearest drivers identified in the report is a sharp increase in unauthorized device and PC access. That category accounted for 27% of identity compromise incidents during the reporting window and rose 78% year over year. The ITRC flagged this vector as the primary threat for adults aged 35–64.
AttackIQ field CISO Pete Luban described the mechanics at work: “Once an attacker controls a phone or laptop, they are not just stealing data. They can intercept recovery codes, approve login prompts, read work email and use trusted sessions to bypass controls that look strong on paper.” Luban urged organizations to test controls under real attack conditions so stolen sessions or compromised devices cannot “move freely.”
Account takeovers and misuse breakdown
Account takeovers represented the largest single share of identity misuse cases logged by the ITRC during the period, accounting for 50% of misuse incidents. New account fraud was tracked at 38%, while fraudulent employment accounted for 5%, criminal acts committed using personally identifiable information (PII) made up 4%, and “IRS misuse” comprised 3%.
The report also highlighted a troubling use case for child identities: fraudulent employment represented 40% of misuse cases for children, indicating minors’ PII is frequently repurposed to secure illegal jobs.
Recovery outcomes and institutional frictions
The ITRC’s figures show recovery outcomes vary sharply depending on whether victims suffered financial loss. About 53% of victims who experienced no direct monetary loss were able to reach a resolution; that success rate fell to just 9% for victims who did lose money.
Joshua Roback, principal security solution architect at Swimlane, linked part of that problem to operational structures inside victim-facing organizations. “Identity crime does not stay neatly inside one fraud ticket or one helpdesk request. It touches customer support, IT, legal, finance, and the SOC at the same time,” Roback said. He warned that when those teams operate in separate systems, responses slow and victims repeat their stories. Roback suggested AI-driven automation can help connect workflows, surface relevant evidence, and advance response steps before delays accumulate.
What this means for technologists, financial institutions, and consumers
- Technologists and security teams: The combination of rising device compromises and Luban’s recommendation places a premium on testing whether session controls and recovery paths hold up under realistic attack scenarios. The report signals a need to validate that approvals, recovery codes, and trusted sessions cannot be abused once a device is compromised.
- Financial institutions: Attempted misuse detected by banks and other financial actors rose nearly 27% in the reporting period. That trend, together with low resolution rates when money is lost, underscores the operational importance of faster, coordinated incident handling across fraud, legal, and support teams.
- Consumers (particularly adults aged 35–64 and families with children): With device compromise now the leading vector for mid-life adults and fraudulent employment a major misuse for children’s identities, the report highlights heightened exposure and difficult recovery prospects for those who suffer financial loss.
The ITRC’s data and its experts’ warnings converge on a clear observation: identity incidents are no longer isolated events but often the opening move in a staged chain of misuse. Whether organizations will subject session and device controls to the real‑world testing Pete Luban calls for, and whether back‑office fragmentation will be addressed in the way Joshua Roback recommends, will determine whether that chain reaction becomes easier to stop—or simply harder for victims to escape.
https://www.infosecurity-magazine.com/news/quarter-identity-crime-victims/
