Research shows identity crimes are increasingly leading to multiple fraud instances rather than creating isolated events. The identity Theft Resource Center’s 2026 Trends in Identity Report reveals approximately a quarter of victims (25.6%) deal with two or more concurrent events, which represents a 23.5% increase from the year prior. 

Key Findings

• Computers and mobile devices saw an increase in unauthorized access (78% year-over-year). These instances rose from 15.3% of identity compromises to 27.2%. 
• Year-over-year, scams prompting victims to share personal information decreased from 43.1% to 36.1% of instances. 
• Among victims with no financial loss, 53% were able to find a resolution. Conversely, among those with a financial loss, only 9% found resolution. 0% of those who experienced three or more financial repercussions found a resolution. 
• The most common crime against minors is fraudulent employment, accounting for 40% of misuse cases. 
• Financial institutions detected more attempted misuse cases (28.6%). 

Security Leaders Weigh In

Patrick Harr, CEO at DataVisor:

Identity crimes are becoming multi-layered because one successful compromise now gives criminals reusable access across multiple systems. A stolen credential set, a compromised device, or an account-problem scam can cascade into account takeover, new-account fraud, employment misuse, and other downstream abuse, especially when attackers harvest high-value PII and reuse it across channels. AI is accelerating that trend by helping criminals create more convincing, personalized outreach at scale and by making fake identities, fake profiles, and impersonation cheaper to operate.

Unauthorized device access is growing because the phone or laptop is now the control center for a person’s digital identity. If a fraudster gets onto the device, or into the cloud account tied to it, they may gain access to logged-in apps, stored credentials, messages, MFA flows, and recovery paths, which is far more valuable than tricking a victim one account at a time. AI-enhanced phishing, malware delivery, voice cloning, and account-takeover techniques are making it easier to get that foothold and use it quickly. 

Cases with financial loss are much harder to resolve because the crime has already moved from compromise to monetization. At that point, victims and institutions are no longer dealing with a simple access issue; they are trying to trace and recover money that may already have moved through multiple accounts or fast payment rails, often across institutions. That is why reactive response models break down so badly once money has left the account, and why prevention at the moment of authorization matters more than remediation afterward.

Another finding: fraudulent employment is the most common crime against minors. Minors are attractive targets because they often have clean identities, little or no credit history, and less active monitoring, which makes their information useful for both synthetic identity fraud and employment-related misuse. Children’s SSNs are especially attractive because they can be paired with fabricated details to build a believable synthetic profile. 

James Maude, Field CTO at BeyondTrust:

We live in an age where identity compromise is so common that only the most noteworthy losses are worth reporting. Many customer facing organizations will quickly write off losses associated with compromised customer identities as they have accepted that adding additional security that would protect customers’ accounts would only increase friction and lower the likelihood of future purchases. In the age of online shopping and instant gratification, any security mechanisms to challenge a user and verify their identity can be seen as a competitive disadvantage.

Identity has become the new perimeter as businesses and individuals move their entire lives into cloud applications and service meaning that a compromised identity can provide access to large amounts of data and systems. Within the business world we are seeing lines between personal and professional accounts blur meaning that a user’s personal accounts or devices being compromised can impact their business identity as well.

It is so common place now that almost everyone knows someone who has been the victim of identity compromise and there is often a social stigma or element of shame that leads to reduced reporting. If you have heard about scams constantly and then fall victim you might be more likely to try and ignore it and move on than report it and explain why you clicked the link.

To reiterate, identity is the new perimeter. Organizations, as well as individuals, are beginning to realize this and better understand and protect their identity attack surface. At a basic level having robust MFA controls on all high value personal accounts is absolutely essential. At the organization level being able to understand all the paths to privilege an identity has in your environment and proactively reduce those risks is key to success.