This chimes with the UK experience that online fraud is now the largest category of crime…:
A third of Americans have been a victim of information fraud or identity theft. Despite notable data breaches in 2019, when asked if they update or change passwords/PINs after a company they do business with suffers a data breach, more than a quarter (28%) say only sometimes and nearly one in 10 (9%) say they don’t update their passwords at all, according to a Shred-it survey.
Safeguarding sensitive data
Four in ten (41%) Americans who have been a victim of information fraud or identity theft became one because their credit card number was stolen or used, another 22% reported someone stole their information from physical paper documents (e.g., W-2, mail, paper files at work, etc.) – highlighting a need for improved digital and physical information security – and 20% reported a company they do business with was hacked.
However, nearly half (43%) of Americans still have their credit card/financial information stored on a company/brand website for easier or faster checkout and more than a third (35%) store paper documents containing sensitive personal information in an unlocked box, desk drawer or cabinet at home or work, leaving another method of fraud open to occur.