Nearly half of identity theft victims have experienced it more than once
25 Jun 2026 · 3 min read · Comments
This article contains affiliate links. If you buy through them, we may earn a commission — at no extra cost to you.
According to the Identity Theft Resource Center's 2024 Consumer Impact Report, 47% of identity theft victims have been targeted more than once. Once your information is in the wrong hands, it doesn't disappear — it gets sold, shared, and reused.
The ITRC's survey of verified identity theft victims found that repeat victimization is not an edge case — it's the norm for nearly half of all people who experience it. The reason is structural: when a data breach exposes your Social Security number, address, and date of birth, that data doesn't expire. It circulates on criminal marketplaces for years, available to multiple buyers who each attempt to exploit it independently.
Why once is rarely the end
Resolving one incident doesn't protect you from the next. The data that enabled the first attack is still out there. This is why reactive protection — dealing with fraud after it's been detected — is fundamentally insufficient on its own. The goal is to reduce the amount of personal information in circulation before it can be used.
Breaking the cycle
- Remove yourself from data brokers: Data brokers aggregate and sell your information openly — name, address, phone, relatives, employment. This is where social engineers buy their raw material. Incogni sends opt-out requests to hundreds of brokers and monitors for re-addition — cutting off the legal data supply chain that feeds criminal use.
- Freeze your credit at all three bureaus: Even if your details are in circulation, a credit freeze prevents new accounts from being opened in your name. It's the single highest-impact protective step and it's free.
- Use breach monitoring: Have I Been Pwned's free monitoring emails you when your address appears in any new breach — so you can rotate credentials before the data is exploited.
- Unique passwords on every account: Reused passwords mean a single breach can cascade to every account you have. A password manager eliminates the reuse risk.
The 47% repeat rate tells you that resolving fraud and moving on isn't enough. The breach data persists. The brokers keep selling. The only way to reduce repeat risk is to reduce the amount of personal information available — not just to respond to each incident as it happens.
Frequently asked questions
What is a data broker and why does it matter for identity theft?+
Data brokers legally aggregate and sell personal information — your name, address, phone, relatives, and more. This data is the raw material for social engineering attacks and targeted phishing, which are primary pathways to identity theft.
How do I remove myself from data broker databases?+
You can manually opt out of each broker individually, which takes many hours and requires re-submission as brokers re-add your data. Services like Incogni automate this process — sending removal requests to hundreds of brokers and monitoring for re-addition.
How common is identity theft in the US?+
Approximately 33% of US adults have experienced identity theft, per research from IPX1031 and Demandsage. The FTC received over 1.13 million identity theft reports in 2024. Losses totalled $12.7 billion that year, according to Experian.
