Identity Theft by State: FTC Data and Regional Trends Across the US

The Federal Trade Commission's Consumer Sentinel Network tracks identity theft reports filed by consumers across all 50 states, the District of Columbia, and US territories, producing annual rankings that reveal where complaint rates are highest relative to population. This page covers how the FTC structures that data, what the state-level variation reflects about regional fraud patterns, and how professionals and researchers use these figures to assess service demand and regulatory exposure. The identity theft providers on this site reflect the geographic distribution of service providers aligned to these documented regional concentrations.

Definition and scope

State-level identity theft data, as published by the Federal Trade Commission, measures reported incidents per 100,000 residents. The FTC's Consumer Sentinel Network aggregates reports directly submitted by consumers through IdentityTheft.gov, as well as data shared by law enforcement partners, the Social Security Administration's Office of the Inspector General, and state attorneys general offices.

The FTC categorizes identity theft into discrete types for reporting purposes:

  1. Government documents or benefits fraud — misuse of a consumer's identity to claim government benefits, including unemployment insurance or tax refunds
  2. Credit card fraud — unauthorized opening of new accounts or misuse of existing accounts
  3. Loan or lease fraud — fraudulent applications for personal loans, auto loans, or rental agreements
  4. Phone or utilities fraud — opening of service accounts using stolen identity credentials
  5. Bank fraud — unauthorized access to or creation of deposit accounts
  6. Employment or tax-related fraud — use of a stolen Social Security number for employment or to file fraudulent tax returns

The scope of the FTC dataset is bounded by what consumers actually report. The FTC's Consumer Sentinel Network Data Book, published annually, is the primary reference source for state rankings and category breakdowns. Because reporting rates vary by population demographics, digital literacy, and access to reporting infrastructure, raw complaint totals understate actual incidence in underserved communities.

How it works

The FTC assigns each identity theft report a primary category and a geographic identifier based on the consumer's reported address. State rankings are then calculated by dividing total reports by the state's population estimate, producing a per-100,000 rate that allows cross-state comparison independent of population size.

Historically, Florida, Georgia, and Nevada have appeared in the top five states by per-capita identity theft reports in multiple consecutive FTC annual reports. States with large retirement populations and high tourism activity — both of which correlate with higher volumes of financial transactions and temporary address changes — tend to generate elevated complaint rates in government benefits and credit card fraud subcategories.

The process by which a state's ranking shifts year over year typically reflects three structural factors:

  1. Changes in fraud vector prevalence — a spike in employment-related fraud following an unemployment insurance program expansion, for example, elevates states that administered those programs at higher volumes
  2. Shifts in reporting infrastructure — states that actively promote IdentityTheft.gov through public agency channels see higher report-to-incident ratios
  3. Enforcement and press activity — high-profile prosecutions or data breach notifications in a specific state temporarily elevate consumer reporting in that jurisdiction

Understanding the structure of the provider network of identity theft service providers requires mapping these regional signals, since service provider density is not uniformly distributed across the US.

Common scenarios

Regional variation in identity theft type is not random. The FTC data consistently shows distinct subcategory concentrations by geography:

Government benefits fraud concentration tends to be highest in states that administered large federal relief programs. During the COVID-19 pandemic period, the Department of Labor's Office of Inspector General identified unemployment insurance fraud as the dominant fraud category nationally, with losses exceeding $45 billion in fraudulent claims according to the DOL OIG.

Tax-related identity theft concentrates in Sun Belt states. Georgia and Florida have ranked first and second in tax fraud identity theft per capita in multiple FTC annual reports, driven partly by the density of professional tax preparation services and the volume of non-resident filers with complex address histories.

Medical identity theft — the fraudulent use of another person's insurance credentials or provider identity — is tracked separately by the Health and Human Services Office of Inspector General and is disproportionately concentrated in states with large uninsured populations, where the economic incentive to use stolen coverage is highest.

Synthetic identity fraud, in which a fabricated identity is constructed from real and fictitious data elements, is addressed in the Federal Reserve's research publications and is difficult to capture in consumer-report-based datasets because no real individual files a complaint. This represents a structural gap in the FTC's state-level measurement framework.

Decision boundaries

State-level FTC data serves different analytical purposes depending on the professional context. Three key distinctions govern how the data should be applied:

Complaint rate vs. incidence rate — the per-100,000 FTC figure measures reports, not verified incidents. States with better consumer education infrastructure will appear to have higher fraud rates even if actual incidence is lower than in states with poor reporting penetration.

Primary category vs. total category distribution — the FTC assigns one primary category per report, but a single incident often spans multiple fraud types. A researcher analyzing only primary-category totals will miss cross-category overlap that affects service demand estimation.

State jurisdiction vs. perpetrator location — identity theft is almost always a cross-jurisdictional crime. A consumer in Georgia whose data was compromised in a breach of a California-based company, with proceeds accessed by a criminal network operating in another country, generates a Georgia report. The report reflects victim geography, not fraud origin geography.

Professionals accessing resources through this site should treat FTC state rankings as a demand-side indicator for recovery services, not as a law enforcement jurisdiction map or a measure of local criminal activity.

References

Read Next

Identity Theft Types and Categories: A Complete Reference ANA › Professional Services Authority › National Cyber › National Identity Theft Identity Theft Types and Categories: A Complete... Identity Theft Warning Signs: How to Recognize You Have Been Targeted ANA › Professional Services Authority › National Cyber › National Identity Theft Identity Theft Warning Signs: How to Recognize You Have... US Identity Theft Statistics: Prevalence, Trends, and Reported Losses ANA › Professional Services Authority › National Cyber › National Identity Theft US Identity Theft Statistics: Prevalence, Trends, and...