Surveys reveal widespread concern, misgivings over digital privacy gaps

The FBI recently issued a stark warning to the public in which it highlighted how criminal actors are exploiting U.S. taxpayer identities to file false tax returns and fraudulently claim refunds. These stolen refunds often get funneled into accounts or addresses controlled by criminals, such as prepaid debit cards, fake mail drops, or third-party financial accounts.

The FBI’s Internet Crime Complaint Center reported over 1,000 complaints in the past year related to this type of identity theft – an alarming 26 percent increase from the previous year. This surge illustrates just how vulnerable the average American is to identity-related crime.

An important defense against such threats is the IRS’s Identity Protection Personal Identification Number (IP PIN), a six-digit code designed to prevent the misuse of a taxpayer’s Social Security number. Taxpayers can voluntarily enroll in the program and victims of identity theft are automatically enrolled. Once registered, the IRS assigns a new IP PIN each year, creating a barrier for criminals attempting to file fraudulent tax returns.

Despite efforts like the IP PIN program, however, identity theft continues to escalate. In 2024, over 1.1 million identity theft cases were reported to the Federal Trade Commission, marking a 9 percent increase from the previous year.

The public is not unaware of the dangers. According to the U.S. News and World Report survey of 2,000 U.S. adults, Digital Privacy: 2025 Survey Report, nearly three-quarters (71 percent) said they plan to take more serious measures to protect their digital privacy in 2025. The survey, which aimed to understand the concerns surrounding online safety, revealed a strong desire for proactive security steps, but it also highlighted the existing gap in digital literacy and action.

“Only half (53 percent) of American adults feel they have sufficient knowledge about how to protect their personal data online,” the survey found, noting that “digital literacy is crucial to Internet and data safety, and 90 percent of U.S. adults feel that it should be taught in schools. Educating young people about online safety and privacy is key. This vital knowledge can then be carried with them throughout life, especially in their transition to adulthood.”

When asked about password management, the respondents painted a concerning picture. About 24 percent of adults reported rarely or never changing the passwords to their personal accounts, while 21 percent only did so annually. Updated guidelines from the National Institute of Standards and Technology emphasize the importance of long, unique passwords over frequent changes. Although regular password changes are no longer considered necessary unless a breach is suspected, the lack of password hygiene still leaves many Americans exposed.

Even as technology becomes more integral to life, digital security tools remain underutilized. Nearly 27 percent of respondents admitted to never having used tools such as VPNs, ad blockers, or privacy-focused browsers. Cost is likely one factor, as many of these tools require paid subscriptions. But accessibility and education also play a role. While paid services offer comprehensive protection, many users are unaware of free or affordable alternatives that can also safeguard their personal data.

The rise in cybercrime is reflected not only in personal anecdotes and surveys but in national data. In 2023, data breaches reached a record high, with over 3,200 incidents. Although 2024 saw a slight dip in the number of breaches, it brought a 211 percent increase in the number of individuals affected. Major companies like Ticketmaster, Change Healthcare, and AT&T suffered massive breaches, exposing millions of consumers. These so-called “mega-breaches” underscore the widespread and growing nature of the threat.

Crowdstrike’s 2025 Global Threat Report says its “latest research demonstrates that adversaries are becoming more efficient, focused, and business-like in their approach – in many ways, more like the enterprise organizations they prey upon.”

One major contributor to increased vulnerability is the expanding digital footprint of consumers. Every online purchase, every sign-up form, and every social media interaction leaves traces of personal data scattered across the internet. Unsurprisingly, 91 percent of survey respondents expressed concern about the information available about them online, with one in three feeling “very concerned.” The larger a person’s digital footprint, the greater the number of access points for malicious actors.

But digital exposure doesn’t just invite fraud, it can also lead to more subtle, long-term risks. The more data algorithms collect about a user, the more they curate and filter content, potentially reinforcing confirmation biases. This digital echo chamber limits access to diverse viewpoints and can facilitate the spread of misinformation. Algorithmic bias is another serious concern, particularly when AI is used to make decisions about hiring, promotions, or even insurance.

AI itself introduces a new layer of digital risk. According to the cybersecurity firm Coalfire, the top threats associated with AI include data leakage, bias, and overcollection. Data leakage happens when AI unintentionally accesses sensitive data not meant to be exposed. Overcollection occurs when AI systems gather more information than users realize, expanding digital footprints without consent. And algorithmic bias means AI can reflect – and reinforce – prejudices found in its training data.

“Along with legitimate organizations, easy access to commercial large language models is making adversaries more productive” and is “shortening their learning curve and development cycles … allowing them to increase the scale and pace of their activities,” the Crowdstrike report says. Though its “report indicates that malicious use of AI is growing, it remains largely iterative and evolutionary at this point in time. Only occasionally does it manifest as an entirely novel use case.”

The U.S. News and World Report found that 90 percent of U.S. adults are worried about AI’s privacy implications, with 40 percent stating they are very concerned. These concerns are compounded by insecure Internet practices. More than one in five Americans regularly use public Wi-Fi networks for sensitive transactions like banking or online shopping.

Surveillance is another area where concern is growing. The survey found an overwhelming 87 percent of Americans expressed fear over foreign governments accessing their data, and 82 percent voiced concern about surveillance by the U.S. government. While data protection laws exist, over half of Americans believe these laws are insufficient. More than 30 percent admitted they are unsure whether the current laws adequately protect their data at all.

This uncertainty fuels feelings of helplessness. Thirty-eight percent of Americans believe they have little control over their personal online data, while 9 percent feel they have no control at all. These fears are reinforced by real-world data. In 2024, Americans lost $27.2 billion to identity fraud, a 19 percent increase from 2023. The summer months saw the highest incidence, reflecting a time of increased spending and online activity. Many of these crimes originated from successful cyberattacks on cloud services or data brokers.

The Javelin Strategy & Research 2025 Identity Fraud Study highlighted the need for stronger security protocols, better consumer education, and more robust industry collaboration.

“Although financial services providers have made considerable strides in the past five years, the advancements aren’t happening fast enough, especially regarding fraud prevention, detection, and investigation, the study says. “Fraud professionals must begin breaking the barriers to innovation by collaborating and using these technological advancements to help fight fraud.”

Bad actors now leverage advanced technologies, no-code platforms, and machine learning to execute scams and create deepfakes with alarming realism. Meanwhile, security has often lagged behind and has been treated as a secondary consideration in the race to innovate. Criminals are agile and collaborative, while fraud prevention remains fragmented and hampered by regulatory ambiguity.

The path forward requires a collective shift in how digital privacy is addressed. Financial institutions will have to continue enhancing fraud detection and response systems. Governments will have to update and clarify privacy legislation to better reflect the modern data economy. And, most importantly, individuals will have to become more digitally literate. As it stands, only half of American adults feel confident in their ability to protect their data online, and 90 percent believe digital literacy should be taught in schools.

Even so, digital education must reach those beyond the classroom. Adults aged 30 to 39 are currently the most likely to report identity theft, highlighting the need for accessible tools and resources aimed at the working population.

While digital tools can be powerful allies in the fight for privacy, they are not silver bullets. The real key lies in a coordinated effort that blends education, regulation, innovation, and individual responsibility. Americans are becoming more aware, but awareness alone isn’t enough.

Article Topics

cybersecurity  |  data privacy  |  data protection  |  digital identity  |  fraud prevention  |  identity theft