Subscribe To Our Newsletter

This field is for validation purposes and should be left unchanged.

The States Most Affected by Data Breaches

Hand placing a “data breach” block next to a wooden lock icon, representing cybersecurity risks and exposed personal information.

Across the United States, millions of people have their personal information exposed or compromised in data breaches each year. Some states are more affected than others, though available rankings often reflect reported complaints, losses, breach notices, or population-adjusted rates rather than the total number of actual breaches. The impact of data breaches can be measured in several ways, including total victims, per-capita reports, identity theft complaints, cybercrime losses, and major breach events.

Across the United States, millions of people’s personal information is compromised each year through data breaches, and some states experience more breaches than others. This is typically due to differences in state data protection laws. The most affected states can be measured in several ways: total victims, per capita reports, identity theft complaints, cybercrime losses, and major breach events.

Why Data Breach Risk Varies by State

A state’s population size, business concentration, healthcare systems, public agencies, and state reporting laws can all affect how often breaches are reported. Additionally, because there is no comprehensive federal data protection law, state-level privacy laws vary widely, and some states offer stronger protections and higher data security standards than others.

Top States for Cybercrime Data Breach Complaints

According to the FBI Internet Crime Complaint Center’s 2024 annual report, consumers report the most internet crime and data breach-related harm in California, Texas, Florida, New York, Georgia, and several other states.

1. California

California consistently ranks among the states most affected by data breaches due to its large population, major technology sector, and high level of cybercrime. In 2024, the FBI reported that California had the highest number of cybercrime complaints and the highest reported cybercrime losses anywhere in the U.S.

4. New York

New York is particularly exposed to data breaches and other cybercrimes due to its significant financial, healthcare, retail, and corporate sectors. FBI data ranked New York fourth for cybercrime complaints and fourth for losses in 2024.

2. Texas

Texas is another high-impact state for data breaches due to its large population, robust business presence, healthcare systems, and high number of reported cyber incidents. FBI data placed Texas second for both cybercrime complaints and reported losses in 2024.

5. Georgia

Georgia has an especially high per-capita rate of identity theft and fraud reporting, according to FTC Consumer Sentinel data. The FTC’s 2024 Data Book identifies Florida and Georgia among the states with the highest per-capita rates of reported fraud and identity theft.

3. Florida

Florida is heavily affected by cybercrime, fraud, and identity theft, with the FBI ranking it third for cybercrime complaints in 2024.

Other States

Pennsylvania, Illinois, Ohio, Arizona, Delaware, Nevada, and Massachusetts rank among the top states for cybercrime complaints and losses, driven by population, business density, healthcare infrastructure, and consumer reporting volume. Data breach impact is not limited to the largest states – even smaller states frequently appear at the forefront of discussions about identity theft or fraud.

States With Highest Identity Theft Risk (Reports per 100,000)

Source: Consumer Sentinel Network Data Book 2024

RankState
1Florida
2Georgia
3Nevada
4Texas
5Delaware

Major Types of Identity Theft Reported

The top types of identity theft reported in 2024 were credit card fraud, other identity theft, and loan or lease fraud. The FTC received nearly 450,000 reports from people who said their information was misused with an existing credit card or when applying for a new credit card.

Summary of Types of Identity Theft Reported

States With High Fraud Risk in the US

According to the FTC Consumer Sentinel Network Data Book 2024, the states with the highest fraud risk (measured by fraud reports per 100,000 population) were Florida and Georgia.

Top 5 States with Highest Fraud Risk (Reports per 100,000)

Source: Consumer Sentinel Network Data Book 2024

RankState
1Florida
2Georgia
3Delaware
4Nevada
5Maryland

Why Identity Theft Often Follows Data Breaches

Identity theft often follows data breaches due to the volume of exposed Social Security numbers, birth dates, addresses, medical data, banking information, and login credentials. This personal information can be used for account takeover, credit fraud, tax fraud, and medical identity theft.

Top 10 States for Fraud and Identity Theft Risks

According to the FTC Consumer Sentinel Network Data, the states with the highest fraud and identity theft risks were Florida and Georgia. Several other states were also among the top ten for both identity theft and fraud reports, including Delaware, Nevada, Texas, Maryland, Louisiana, and Illinois. Source: Consumer Sentinel Network Data Book 2024

Why Some States Are Hit Harder by Data Breaches

Certain states experience more reported breach activity and consumer harm. This is largely due to larger populations, a higher business presence, and less strict data protection guidelines outlined in state law.

Large Populations Mean More Potential Victims

States with more residents, such as California, Texas, and Florida, naturally have more consumers, employees, patients, students, and account holders whose data may be stored by companies.

More Businesses and Vendors Mean More Attack Surfaces

States with major employers, tech companies, healthcare networks, retailers, banks, and government contractors, such as California and New York, often have more systems for hackers to target.

Healthcare, Finance, and Government Data Are Frequent Targets

Industries that store sensitive personal information are common targets for ransomware groups, phishing attacks, vendor breaches, and insider misuse. Because Delaware is home to many large corporate headquarters, it sees a high number of identity theft and fraud reports stemming from data breaches.

Major Types of Data Breaches Affecting Consumers by State

Consumers may experience several types of data breaches, each causing unique harm. Some types of breaches are more common in some states than others.

Healthcare Data Breaches

When breached, hospitals, clinics, insurers, billing vendors, and medical service providers may expose medical and financial information. While healthcare data breaches have declined 10% nationwide year-over-year, the number of affected individuals has increased by more than 44%. In the first two months of 2026, 118 data breaches affecting at least 500 people each were reported to the Department of Health and Human Services Office for Civil Rights, exposing the protected health information of nearly 10 million people.

Financial Services Breaches

Retail and E-Commerce Breaches

Retail and e-commerce brand breaches may expose names, addresses, payment card details, account credentials, and purchase histories. These breaches frequently lead to “smishing,” in which hackers use the information they’ve stolen to convince victims to send them money or to share more personal data over text.

Education Data Breaches

Schools, universities, and education vendors may expose student records, parent information, employee files, and financial aid data in the event of a breach.

Government and Public Benefits Breaches

State agencies and government contractors may store Social Security numbers, benefits data, tax information, and health-related records that can be accessed and compromised in the event of a data breach.

What Consumers in High-Risk States Should Do After a Data Breach

1. Read the Breach Notice Carefully

After receiving a data breach notice or discovering your information was exposed, identify what information was exposed, when the breach occurred and was discovered, and what protection services the breached entity may offer to victims.

4. Change Passwords and Enable Multi-Factor Authentication

Update your passwords, avoid reusing them, and enable multi-factor authentication for email, financial, healthcare, and shopping accounts.

2. Freeze Your Credit

After a data breach, freezing your credit can help prevent new accounts from being opened in your name.

5. Save Evidence of Harm

Keep any data breach letters, emails, fraud alerts, bank notices, credit reports, identity theft reports, and receipts you may have for out-of-pocket losses.

3. Monitor Financial and Medical Accounts

Watch for unauthorized transactions, unfamiliar insurance claims, medical bills, new account alerts, and suspicious login attempts on your financial and medical accounts.

Can You Join a Class Action After a Data Breach?

Consumers affected by data breaches in the U.S. may be eligible to participate in a data breach class action, mass arbitration, or legal investigation.

When Data Breach Lawsuits May Be Filed

Data breach lawsuits may be filed when companies allegedly failed to use reasonable security measures, delayed notice, or exposed sensitive personal information. Speak to an experienced data breach lawyer to learn more about your rights and options after being victimized by a breach.

What Compensation May Cover

Potential compensation for data breach victims may include money for out-of-pocket losses, time spent addressing fraud, credit monitoring, identity theft recovery costs, and, in some cases, statutory damages, depending on the laws involved.