With the recent AT&T data breach impacting nearly 86 million customer accounts, including over 44 million Social Security numbers, the personal-finance company WalletHub today released its report on 2025’s States Most Vulnerable to Identity Theft & Fraud.
To determine where Americans are most susceptible to fraud and identity theft, WalletHub compared the 50 states and the District of Columbia across 15 key metrics. The data set ranges from identity theft complaints per capita to the average loss amount due to fraud.
New York’s Vulnerability to Identity Theft & Fraud (1=Most Vulnerable; 25=Avg.):
- Overall rank for New York: 8th
- 13th – Identity-Theft Complaints per Capita
- 7th – Avg. Loss Amount Due to Online Identity Theft
- 14th – Fraud & Other Complaints per Capita
- 25th – Median Loss Amount Due to Fraud
- 18th – State Security-Freeze Laws for Minors’ Credit Reports
- 1st – Identity-Theft Passport Program
- 20th – Avg. Loss Amount Through Cryptocurrency Schemes
For the full report, please visit:
https://wallethub.com/edu/states-where-identity-theft-and-fraud-are-worst/17549.
Expert Commentary
What can individuals do to guard against identity theft?
“Perpetrators of identity theft have various motives. The most common motive is to use someone else’s identity to apply for loans/mortgage, credit cards, etc. One of the most effective ways to protect yourself against this type of identity theft is to freeze your credit with all three major credit bureaus. This service is free, and you can easily temporarily unfreeze (or ‘thaw’) your credit online whenever you need to apply for new credit. Freezing your credit will prevent anyone from accessing your credit report, so it will effectively block anyone, including identity thieves, from opening new accounts in your name. I began doing this practice a few years ago after one of my email accounts was hacked. In addition, regularly monitoring your credit reports and purchasing identity theft insurance can provide extra layers of protection.”
Chih-Chen Lee, Ph.D., CPA, CFE – Professor, Northern Illinois University
“The biggest thing people can do is to pay attention. Check your bank and credit cards regularly. Pay attention to your spending habits. Thieves may try to ‘test’ your awareness by making a few small purchases. So be diligent in monitoring your financial activity online. Once you do believe you've been compromised, you should start by putting a hold on your accounts. You don't have to close them immediately, most financial service providers will offer a lock down until you clear things up. Some other basic strategies for protection are using multi-factor authentication, avoiding repeat passwords.”
Dr. Philip Kim, D.Sc., CISSP, CISA – Associate Professor, Walsh University
What are some common scams and fraud attempts people should be vigilant about?
“There are so many scams and fraud attempts today. Be especially aware of social engineering, which refer to techniques that criminals use to manipulate or deceive people into giving away confidential information. Criminals may send phishing emails or make vishing (voice phishing) calls trying to obtain your personal information or financial details. They often rely on psychological tactics such as creating urgency (You must act immediately), impersonating authority figures (e.g., IRS, Immigration officials), or posing as tech support claiming that your computer has a virus or your account needs immediate attention.”
Chih-Chen Lee, Ph.D., CPA, CFE – Professor, Northern Illinois University
“Unfortunately, people still fall for Phishing. It is still the most common trap. Fake emails or texts pretending to be from your bank, a delivery service, or even your workplace. I’m also seeing more tech-support scams, fake ‘your account is locked’ notices, and investment scams promising unrealistic returns. A good rule of thumb: if a message creates a sense of urgency or asks for money or personal info, slow down and verify.”
Dr. Philip Kim, D.Sc., CISSP, CISA – Associate Professor, Walsh University
Is the expansion of social media facilitating more identity theft?
“Definitely! The widespread use of social media has made it easier for criminals to gather personal information. Be cautious about what you share online, especially details like your date of birth, address, or place of work. For example, when you post birthday photos on Facebook, identity thieves can easily collect that information and use it to steal your identity.”
Chih-Chen Lee, Ph.D., CPA, CFE – Professor, Northern Illinois University
“Unfortunately, yes. Social media gives attackers a gold mine of personal details – birthdays, schools, family names, travel patterns – all of which can be used to guess passwords or craft convincing scams. Even small bits of info, when pieced together, can give fraudsters enough to impersonate someone.”
Dr. Philip Kim, D.Sc., CISSP, CISA – Associate Professor, Walsh University