In 2017, there were nearly 1,600 data breaches in the U.S. alone — a 44.7 percent increase from the previous year. Sadly, this wasn’t the only record set in 2017. The number of identity theft cases hit record highs as well. In total, 16.7 million Americans had their identities stolen. That same year, identity thieves made off with nearly $17 billion.

With numbers that big, it’s easy to think that identity theft only affects the rich and powerful. However, nothing could be further from the truth. This is just one of the many misconceptions surrounding identity theft.

Here are a few other facts that might surprise you.

Identity theft often begins at a victim’s workplace 

The tactics identity thieves use have changed significantly in recent years — especially when it comes to choosing targets. While crooks certainly still target private individuals, they are increasingly focusing their efforts on employers. In fact, as much as 50 percent of identity theft now begins at a victim’s workplace.

Federal, state, and local governments require businesses to obtain and store a tremendous amount of personal data on their employees — including Social Security numbers, addresses, and other personal details thieves want. Increasingly, employers are recording this information in digital formats that can be accessed via the internet, making it easy for cybercriminals to steal troves of data in one swoop.

This isn’t the only way businesses unintentionally make it easier for crooks. Often, many managers have access to HR’s employee files. If a hacker can access just one of these user accounts, they can steal the personal details of every employee.

While cybercriminals use a wide array of tactics, one of the most effective is phishing. Phishing attacks occur when a criminal sends a cleverly-disguised email to a victim in the hopes of getting them to submit confidential data, whether their own or their company’s.

Back in 2016, AlienVault looked into how successful these kinds of attacks are by surveying more than 300 security professionals. A shocking 37 percent of respondents said executives within their business had fallen victim to targeted phishing scams, including those where a phishing email appeared to come from their CEO.

Here are five things to know about who identity thieves are 

Identity thieves target more than the rich

One of the most common misconceptions is that identity thieves only target the most powerful executives within an organization. This resoundingly false assumption has cost organizations and their employees billions.

In reality, identity thieves don’t care if you’re the CEO of a Fortune 500 company or a summer intern at a small business. In 2016, nearly 40 percent of all victims had a household income less than $25,000. Many live below the national poverty level, and just 23 percent of all victims made more than $75,000.

Age is just a number 

Identity thieves don’t discriminate when it comes to age either.

Most cases of identity theft occur when a victim is between 18 and 49, and it’s nearly equally divided between age groups 18-29, 30-39, and 40-49. Even children are at risk. Of the nearly 17 million Americans who had their identity stolen in 2017, more than one million of them were children.

Location isn’t everything

Identity theft isn’t isolated to major metropolitans like Manhattan. In fact, New York isn’t even on the top 10 list of states with the highest levels of identity theft. As of 2016, they are:

  1. Michigan

  2. Florida

  3. Delaware

  4. California

  5. Illinois

  6. Connecticut

  7. Maryland

  8. Missouri

  9. Nevada

  10. Arizona

Of course, this doesn’t mean you’re out of the woods if you live in a state that isn’t listed. This just illustrates that the problem isn’t limited to one geographical area.

Identity theft jeopardizes more than a victim’s finances 

Identity theft doesn’t just jeopardize a victim’s finances. It can wreak havoc in many other areas of a victim’s life. Here are just a few of the ways this can occur.

  • Identity thieves can use an employee’s identity to obtain medical services, including checkups, pharmacy purchases, and even costly surgery. When this fraud happens, a thief's medical records often becomes intertwined with those of their victim.

  • During natural disasters and times of crisis, victims can be denied essential services because identity thieves used their personal data to file a claim first — a problem that many Hurricane Harvey victims faced.

  • Identity thieves can use a victim’s identity when they get in trouble with authorities. This can lead to an employee being arrested for a crime they didn’t commit.

What can we do about it? 

Luckily, there are actions we can take to minimize the risk of employee identity theft. Here are three steps you can take today to help protect your company’s greatest asset — your employees.

Educate yourself

The first step to protecting your employees begins with educating yourself — along with your co-workers and management — about the risks identity theft poses to both your employees and your company.

Inform your employees

Many employees aren’t as aware of identity theft as they should be, and even fewer of them are taking the necessary steps to safeguard their privacy. Consider having an ongoing discussion with your employees about the many risks of identity theft and how they can help protect themselves by making better decisions.

Protect your employees’ privacy

In addition to educating your employees about identity theft, there are other steps you can take to help them protect their privacy. Consider providing a comprehensive identity protection benefit. Just be sure to select a quality employee identity protection service, as plans can vary greatly.