The Weekly Breach Breakdown Podcast by ITRC - Facts Are Stubborn Things - S6E13

Show Transcript

Welcome back to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown, supported by Sentilink. I’m James E. Lee, the ITRC’s President, and this is the episode for May 2, 2025. Get ready for the latest statistics on identity crimes. 

Future U.S. President John Adams was defending British soldiers accused of opening fire on protesters in what would become known as the Boston Massacre before the American Revolution. In his defense, which was successful, he wrote: “Facts are stubborn things.” As was true in 1770, it is still true today. 

Each week, we look at the latest news and trends related to data security and privacy. This week, we will review the facts revealed in a series of important reports and what they mean for people, businesses and public policies. 

When it comes to assessing the impacts of identity crimes that range from scams and fraud to data breaches and cyberattacks, there are three seminal reports: the ITRC’s Consumer & Business Impact Report (CIBIR), the Federal Trade Commission’s (FTC) Sentinel Annual Report and the Federal Bureau of Investigation’s (FBI) IC3 Annual Report. Last week, the IC3 report was published, completing the trifecta of impact analysis. 

All three of these reports show the same trends: the financial impact of identity crimes, especially identity scams and fraud, is increasing at a time when the number of crimes reported is dropping. We’ll talk about why in a minute. 

The ITRC’s CIBIR is based on a survey of general consumers and victims who contact us each year. Our CIBIR, last published in October 2024, showed that the number of people losing at least $1,000 to hundreds of thousands of dollars was 46 percent of victims. The FTC report from earlier this year put the dollar figure of all consumer fraud, including identity crimes, at $12.8 billion.  

Last week, the FBI pegged the total losses to consumers and businesses from cyber-related crime at more than $16 billion, the highest amount ever reported by the Bureau’s Internet Crime Complaint Center.  

Yet, all three reports showed the number of people reporting those losses from identity crimes declined. There’s never only one reason why a macro trend like this occurs. In this case, the consensus is that there are two primary and interrelated reasons:  

Professional cyber criminals are using ever more sophisticated artificial intelligence (AI)-driven tools to select people and organizations to attack.  

Victim fatigue. The sheer volume of data breach notices, phishing emails and texts, spoofed websites and scam calls has overwhelmed many people. When they fall victim to these attacks, they feel shame and guilt to the point that they do not seek help or report the crime. 

Two other reports issued in the past two weeks support these conclusions, too. IBM, in its annual threat report, notes that AI is being used to build fake websites, and generative AI is being used to create much more believable phishing campaigns. IBM also found an 84 percent increase in 2024 in information-stealing malware being delivered in phishing emails. 

Verizon noted in its annual data breach report that the number of ransomware attacks leading to data breaches grew 37 percent in 2024 worldwide, but stolen credentials, logins and passwords were the primary cause of most data breaches. That means that the bad actors didn’t have to break into a system – they walked in the front door with a compromised set of credentials.  

Why does this happen? Most people still use the same or similar passwords on most of their accounts at home and work. Unfortunately, many businesses – some big recognizable brands – still don’t offer multifactor authentication or, better yet, passkeys. 

If you want to know more about how to secure your business or personal information or think you have been the victim of one of an identity crime, you can speak with an expert ITRC advisor on the phone, via text message, chat live on the web, or exchange emails during our normal business hours (6 a.m.-5 p.m. PT). Just visit www.idtheftcenter.org to get started. 

Thanks again to Sentilink for supporting this podcast and the ITRC. Please hit the like button for this episode and subscribe where you listen to podcasts. Check out our sister podcast, the Fraudian Slip, and tune in next week for another episode of the Weekly Breach Breakdown. 

Thanks for listening.