About 27.3 million US residents have been victims of identity theft during the past five years, according to a survey by the US Federal Trade Commission (FTC), but the agency is unsure how many of those crimes happened through technological means such as the internet.
The FTC estimated that 9.9 million US residents have been victims of identify theft during the past year, with businesses and financial institutions losing $48bn (£31bn), and consumer victims reporting $5bn (£3.2bn) in out-of-pocket expenses.
The survey, of more than 4,000 adults in March and April, is the first comprehensive attempt by the US government to get a handle on the number of victims and the cost of identity theft.
"It [the results] was considerably higher than I expected," said Howard Beales, director of the FTC's Bureau of Consumer Protection.
"In planning this survey, we did the sample as large as we did because we thought we were going to have a hard time finding victims. Unfortunately, that's not the case."
The FTC's numbers are higher than most previous estimates of identity theft. A Gartner survey released in July found seven million victims of identity theft in the previous year, while the FTC received about 380,000 complaints about identity theft in 2002.
An internet survey by Privacy and American Business, released in July, found 33.4 million US victims of identity theft since 1990.
Nearly half of those who said they had been a victim of identity theft during the past five years did not know how the thief obtained their information.
Twenty-three per cent said the thief gained their information through a theft of some kind, but that could range from a credit card statement stolen from a dustbin to a hacker stealing credit card numbers from an e-commerce site. Another 13% said the thief obtained the personal information through a transaction of some kind, which could include some web transactions.
Although the survey does not break down the causes of identity theft, Beales said there was nothing in the report to suggest that transactions on the internet with trusted websites were dangerous.
"We don't know of any problems that have resulted from consumers who shared information with a secure website that uses SSL (Secure Sockets Layer) encryption to transmit information," he said.
"There clearly are hazards on the internet, because consumers can end up at a site that is not what they think it is."
Consumers should be careful when they get e-mails asking them to click on a link to update their data at a website. In many cases, those e-mails are part of a scam sometimes called "phishing". If a consumer thinks he has a legitimate billing issue that needs to be fixed, he should go to a site directly instead of clicking on a link in an e-mail from an unknown sender, Beales recommended.
The FTC defined identity theft as everything from someone trying to gain government benefits under another person's name to someone opening a credit card account in another person's name.
About 4.6% of those surveyed said they had been a victim of some kind of identity theft in the past year, with 3.1% of those surveyed saying the thieves had got access to existing credit cards or other accounts.
Another 1.5% of the people surveyed said they had fallen victim to someone trying to open new accounts in their name.
The average out-of-pocket expense per victim was $500. On average, the theft netted $4,800 per victim.
When the thieves gained access to existing accounts, 67% of those accounts were credit cards. Another 19% were current or savings accounts, 9% were telephone service and 3% were internet service.
Grant Gross writes for IDG News Service