With the recent AT&T data breach impacting nearly 86 million customer accounts, including over 44 million Social Security numbers, the personal-finance company WalletHub today released its report on 2025’s States Most Vulnerable to Identity Theft & Fraud.
To determine where Americans are most susceptible to fraud and identity theft, WalletHub compared the 50 states and the District of Columbia across 15 key metrics. The data set ranges from identity theft complaints per capita to the average loss amount due to fraud.
| Most Vulnerable States | Least Vulnerable States | |
| 1. Florida | 42. Washington | |
| 2. California | 43. Minnesota | |
| 3. Georgia | 44. Alaska | |
| 4. New Jersey | 45. Kansas | |
| 5. District of Columbia | 46. Ohio | |
| 6. Nevada | 47. Maine | |
| 7. Delaware | 48. West Virginia | |
| 8. New York | 49. Connecticut | |
| 9. Texas | 50. Montana | |
| 10. North Carolina | 51. Vermont | |
Key Stats
- South Dakota has the fewest identity-theft complaints (per 100,000 residents), 5.6 times fewer than in Florida, the state with the most.
- The District of Columbia has the fewest people arrested for fraud per capita, 26.6 times fewer than in Delaware, the state with the most.
- South Dakota has the fewest fraud complaints (per 100,000 residents), 3.7 times fewer than in the District of Columbia, which has the most.
- Vermont has the lowest median loss amount due to fraud, 2.1 times lower than in Arizona, Hawaii, and Wyoming, the states with the highest.
To view the full report and your state or the District’s rank, please visit:
https://wallethub.com/edu/
“In an age where we have sensitive data online in a multitude of places, we risk falling victim to identity theft and fraud whenever there’s a data breach. Living in a state with robust legal protections against identity theft and fraud, such as identity theft passports and cybersecurity task forces, can decrease your risk of falling victim to these crimes, though staying vigilant and protecting yourself online is still the most important.”
–
“Florida is notably vulnerable to identity theft and fraud, and one of the big reasons for this is a lack of suitable laws protecting against these crimes. For example, Florida doesn’t have an identity theft passport program or laws against spyware on computers. Plus, Florida had 528 identity theft complaints and 2,163 fraud complaints for every 100,000 residents last year, the highest and second-highest rates in the nation, respectively. It also had the fifth-highest median loss due to fraud, at over $500.”
- Chip Lupo, WalletHub Analyst
Expert Commentary
What can individuals do to guard against identity theft?
“Perpetrators of identity theft have various motives. The most common motive is to use someone else’s identity to apply for loans/mortgage, credit cards, etc. One of the most effective ways to protect yourself against this type of identity theft is to freeze your credit with all three major credit bureaus. This service is free, and you can easily temporarily unfreeze (or ‘thaw’) your credit online whenever you need to apply for new credit. Freezing your credit will prevent anyone from accessing your credit report, so it will effectively block anyone, including identity thieves, from opening new accounts in your name. I began doing this practice a few years ago after one of my email accounts was hacked. In addition, regularly monitoring your credit reports and purchasing identity theft insurance can provide extra layers of protection.”
Chih-Chen Lee, Ph.D., CPA, CFE – Professor, Northern Illinois University
“The biggest thing people can do is to pay attention. Check your bank and credit cards regularly. Pay attention to your spending habits. Thieves may try to ‘test’ your awareness by making a few small purchases. So be diligent in monitoring your financial activity online. Once you do believe you've been compromised, you should start by putting a hold on your accounts. You don't have to close them immediately, most financial service providers will offer a lock down until you clear things up. Some other basic strategies for protection are using multi-factor authentication, avoiding repeat passwords.”
Dr. Philip Kim, D.Sc., CISSP, CISA – Associate Professor, Walsh University
What are some common scams and fraud attempts people should be vigilant about?
“There are so many scams and fraud attempts today. Be especially aware of social engineering, which refer to techniques that criminals use to manipulate or deceive people into giving away confidential information. Criminals may send phishing emails or make vishing (voice phishing) calls trying to obtain your personal information or financial details. They often rely on psychological tactics such as creating urgency (You must act immediately), impersonating authority figures (e.g., IRS, Immigration officials), or posing as tech support claiming that your computer has a virus or your account needs immediate attention.”
Chih-Chen Lee, Ph.D., CPA, CFE – Professor, Northern Illinois University
“Unfortunately, people still fall for Phishing. It is still the most common trap. Fake emails or texts pretending to be from your bank, a delivery service, or even your workplace. I’m also seeing more tech-support scams, fake ‘your account is locked’ notices, and investment scams promising unrealistic returns. A good rule of thumb: if a message creates a sense of urgency or asks for money or personal info, slow down and verify.”
Dr. Philip Kim, D.Sc., CISSP, CISA – Associate Professor, Walsh University
Is the expansion of social media facilitating more identity theft?
“Definitely! The widespread use of social media has made it easier for criminals to gather personal information. Be cautious about what you share online, especially details like your date of birth, address, or place of work. For example, when you post birthday photos on Facebook, identity thieves can easily collect that information and use it to steal your identity.”
Chih-Chen Lee, Ph.D., CPA, CFE – Professor, Northern Illinois University
“Unfortunately, yes. Social media gives attackers a gold mine of personal details – birthdays, schools, family names, travel patterns – all of which can be used to guess passwords or craft convincing scams. Even small bits of info, when pieced together, can give fraudsters enough to impersonate someone.”
Dr. Philip Kim, D.Sc., CISSP, CISA – Associate Professor, Walsh University
More From WalletHub
No comments:
Post a Comment