Rise in Identity Theft Driven by Hacked Devices and Multi-Layered Attacks
Severity: Medium (Score: 57.0)
Sources: Infosecurity-Magazine, Wrtv
Published: · Updated:
Keywords: identity, victims, over, crime, incidents, theft, quarter
Summary
The Identity Theft Resource Center (ITRC) reports a significant shift in identity theft methods, with 26% of victims experiencing multiple concurrent incidents, up from 24% the previous year. Unauthorized device access has overtaken scams as the primary threat for adults aged 35-64. The report analyzed over 6,000 cases from April 2025 to March 2026, revealing that account takeovers comprise 50% of identity misuse cases. The complexity of these crimes is increasing, with a single compromise potentially triggering multiple issues across various accounts. Victims face challenges in recovery, especially when financial loss occurs, with only 9% able to resolve cases after losing money. Experts emphasize the need for organizations to enhance their defenses against these evolving threats. Key Points: • 26% of identity crime victims faced multiple incidents, highlighting increased complexity. • Unauthorized device access is now the leading cause of identity theft for adults aged 35-64. • Only 9% of victims who experienced financial loss were able to resolve their identity theft cases.
Detailed Analysis
**Impact** Over 6,000 identity crime victims in the US were analyzed between April 2025 and March 2026, with 26% experiencing two or more concurrent identity crime incidents, up from 24% the previous year. Adults aged 35–64 are primarily targeted through unauthorized device access, which accounts for 27% of identity compromises and has increased 78% year-over-year. Account takeovers represent 50% of identity misuse cases, with new account fraud at 38%, and fraudulent employment notably affecting children at 40% of misuse cases. Financial institutions reported a 27% rise in attempted misuse, with only 9% of victims suffering financial loss able to resolve their cases. **Technical Details** Attackers gain unauthorized access to devices such as phones and laptops, enabling interception of recovery codes, approval of login prompts, and exploitation of trusted sessions to bypass security controls. AI-generated malware, facilitated by advances since 2023, is used to exploit software vulnerabilities, lowering the skill barrier for attackers. Specific malware names, CVEs, or infrastructure details were not provided. The attack chain includes initial device compromise leading to lateral movement across multiple accounts and institutions. **Recommended Response** Organizations should conduct real-world attack simulations to validate the effectiveness of session and device-based controls, focusing on preventing unauthorized device access and session hijacking. Security operations should integrate AI-driven automation to connect workflows across customer support, IT, legal, finance, and SOC teams to accelerate incident response. Monitoring for unusual device access patterns and multi-account compromises is critical. No specific patches or IOCs were detailed in the reports.
Source articles (2)
- Hacked devices overtake scams for how most adults become identity theft victims — Wrtv · 2026-06-09
INDIANAPOLIS (WRTV) — A new report reveals a shift in how cybercriminals are stealing your personal information. The Identity Theft Resource, a national nonprofit, released its Trends in Identity Repo… - Over a Quarter of Identity Crime Victims Hit by Multiple Incidents, ITRC Data Shows — Infosecurity-Magazine · 2026-06-10
Identity crime experts have warned of “multi-layered crises” after revealing that many victims dealt with two or more incidents over the past year. The findings come from US non-profit the Identity Th…
Timeline
- 2025-04-01 — ITRC data collection period begins: ITRC starts analyzing over 6,000 identity theft reports for the Trends in Identity Report.
- 2026-03-31 — ITRC data collection period ends: The analysis period for the ITRC's Trends in Identity Report concludes, capturing a year's worth of identity theft incidents.
- 2026-06-09 — ITRC Trends in Identity Report published: The report reveals a shift in identity theft methods, with hacked devices surpassing scams as the primary threat.
- 2026-06-10 — ITRC report highlights recovery challenges: Only 9% of identity theft victims who experienced financial loss were able to resolve their cases, indicating severe recovery difficulties.