The nationally-recognized nonprofit Identity Theft Resource Center recently published its 2026 Trends in Identity Report (TIR), the fifth installment in the annual series exploring the current state of the identity threat landscape. The report outlines the most significant trends and ongoing shifts in identity crime in an effort to offer guidance and information to those seeking advice on or directly impacted by identity theft, fraud, and scams.
Device Access as the Primary Attack Vector
According to the TIR, unauthorized device access experienced a year-over-year surge of 78%, from making up 15.3% of all compromises to 27.2%. In the same time period, compromises via scams involving personal information sharing declined from 43.1% of all compromise incidents to 36.1%, representing a meaningful inversion of historical norms.
This shift in tactics has important implications for those aged 35-64, the core demographic of working-age adults who tend to manage their personal and professional lives through their devices. This age bracket is traditionally considered a lower-risk cohort, often at least nominally aware of the risks of identity theft and taking some steps to prevent it. However, the move away from scams and toward unauthorized device access as a compromise method enables attackers to infiltrate more and more of the systems connected to these individuals’ devices through BYOD arrangements and IoT environments.
Identity Crime Is No Longer a Single Event
While identity theft historically has consisted of a single incident, such as credit card number theft or account compromise, the statistics in this report demonstrate that this is no longer the case in many events. Around a quarter (25.6%) of those included in this year’s data reported two or more identity incidents, an increase from the previous year’s 23.5%. More than one in 20 (almost 6%) were dealing with at least four identity incidents.
Increasing proportions of identity crime are made up of multi-layered incidents that create cascading consequences for targeted individuals. These attacks overwhelm standard recovery pathways, making it more and more difficult for victims to resolve incidents. Colorado serves as a notable case study in this particular trend: almost half (49%) of individuals in Colorado reported managing multiple incidents concurrently, nearly 1.5 times the overall rate of 33%.
Financial Impact as a Point of No Return
One of the most alarming statistical revelations in the TIR is the gap in incident resolution along the lines of measurable financial impact. Of the targeted individuals who experienced no financial losses from identity crime, more than half (53%) were able to resolve their incidents. This number plummets to only 9% for victims experiencing any amount of financial impact, and zero percent for those with three or more financial impacts.
This gap exposes a systemic failure in the post-incident support infrastructure. “Cases with financial loss are much harder to resolve because the crime has already moved from compromise to monetization,” according to Patrick Harr, CEO at DataVisor, a Mountain View, Calif.-based AI-powered fraud and Anti-Money Laundering (AML) platform. “At that point, victims and institutions are no longer dealing with a simple access issue; they are trying to trace and recover money that may already have moved through multiple accounts or fast payment rails, often across institutions.”
Where Automation Is Winning—and Where It Isn't
The data in the report isn’t all bleak: cases of attempted misuse that were caught by financial institutions before damage could be done increased by 26.8% from the previous reporting period. This signals that credit account detection tools are making progress and becoming more effective at preventing fraudulent activity before the damage can be done. Almost two-thirds (62.1%) of attempted misuse cases involved new account applications, led by credit cards with 41% of account-type targets.
However, the instances of attempted misuse that are caught before completion are heavily concentrated in financial accounts, as these are the services that often have mature infrastructure in place for the detection of fraudulent activity. Employment and government benefits systems remain at extreme risk for identity crimes, lagging significantly behind financial institutions in automated detection capabilities.
Fraudulent Employment and the Exploitation of Minor Identities
Certain types of identity crime disproportionately affect different groups of victims. Fraudulent employment, for example, now accounts for 40% of misuse cases against children and dependents in the report. Minor identities are valuable targets for attackers due to their clean records and the fact that guardians rarely think to look for signs of identity crime against their children. The misuse of a minor’s identity often goes undetected for years, leading to compounding long-term damage.
Geographical distinctions also show varying amounts of different types of identity crime. Fraudulent employment, by far the most common identity crime committed against minors, is particularly prevalent in Illinois, making up 9% of reports, nearly three times the national average of 3%.
Sophisticated Scams with Record Extraction Rates
Account-problems scams not only constitute the leading type of identity scam by volume of attacks, but are also notable for the significance of the information that attackers are able to extract. Almost three-quarters (74%) of victims in these incidents shared high-value personally identifiable information (PII), the highest rate out of all scam categories.
Job and employment scams are the second-largest portion of identity scams by frequency, making up 11.4% of scams, but rank first when it comes to the amount of information harvested per incident, with victims of these scams disclosing an average of four types of PII. Elevated rates of PII extraction signal that attackers are launching increasingly targeted, intelligence-driven scam operations.
Rebuilding Identity Defense for a Compounding Threat Era
Individuals and organizations alike should look to the information in this report as an indicator of the most pressing identity crime trends and use this data to inform identity security efforts going forward. Device security must be repositioned as a primary identity protection imperative, rather than a secondary concern. Detection systems for employment and government benefits channels require urgent investment and modernization in order to keep up with modern threat trends. The infrastructure for resolution—legal, financial, and institutional—demands restructuring to better serve victims of incidents with financial impacts.