Shostack + Friends Blog Archive

Better ID Theft Statistics: 3% of US households in first half 2004

The 2004 National Criminal Victimization Survey includes ID theft data, for the first time. From a CSOOnline blog post, “DOJ Study: ID Theft Hit 3.6M In US:”

About 3 percent of all households in the U.S., totaling an estimated 3.6 million families, were hit by some sort of ID theft during the first six months of 2004, according to DOJ data set to be released Sunday.

The data comes from the Justice Department’s National Crime Victimization Survey, which interviews members of 42,000 households across the country every six months to better understand the nature, frequency and consequences of crime. Households that participate in the survey are selected at random and then interviewed by DOJ statisticians twice a year for three years.

In comparison, there were two robberies per 1,000 people. It’s not fair to say that you’re thus about 5 times as likely to be victimized by ID theft, because its households versus people, and you can’t just divide by 2.6 or the current average size of household.

I won’t get a chance to read in depth until later, but first blush, I’m very glad to see data in the same format and methodology as other crime data. As I wrote a few days ago in “Security Flaws and The Public Conciousness:”

Getting good statistics about what goes wrong requires a stream of stories about what’s going wrong. Without that knowledge, its hard to make good decisions. Imagine a world without crime statistics, or mortality statistics.

I was talking about the breach end of things, but the exploitation end is no less important.

Photo, illustrating typically effective defenses, from Stockxpert.

Originally published by adam on 3 Apr 2006
Last modified on 11 Jun 2018
Categories:   breach analysis   ID Management