The States Most Affected by Data Breaches
Across the United States, millions of people have their personal information exposed or compromised in data breaches each year. Some states are more affected than others, though available rankings often reflect reported complaints, losses, breach notices, or population-adjusted rates rather than the total number of actual breaches. The impact of data breaches can be measured in several ways, including total victims, per-capita reports, identity theft complaints, cybercrime losses, and major breach events.
Across the United States, millions of people’s personal information is compromised each year through data breaches, and some states experience more breaches than others. This is typically due to differences in state data protection laws. The most affected states can be measured in several ways: total victims, per capita reports, identity theft complaints, cybercrime losses, and major breach events.
Why Data Breach Risk Varies by State
A state’s population size, business concentration, healthcare systems, public agencies, and state reporting laws can all affect how often breaches are reported. Additionally, because there is no comprehensive federal data protection law, state-level privacy laws vary widely, and some states offer stronger protections and higher data security standards than others.
Top States for Cybercrime Data Breach Complaints
According to the FBI Internet Crime Complaint Center’s 2024 annual report, consumers report the most internet crime and data breach-related harm in California, Texas, Florida, New York, Georgia, and several other states.
1. California
4. New York
2. Texas
5. Georgia
3. Florida
Other States
Pennsylvania, Illinois, Ohio, Arizona, Delaware, Nevada, and Massachusetts rank among the top states for cybercrime complaints and losses, driven by population, business density, healthcare infrastructure, and consumer reporting volume. Data breach impact is not limited to the largest states – even smaller states frequently appear at the forefront of discussions about identity theft or fraud.
States With Highest Identity Theft Risk (Reports per 100,000)
Source: Consumer Sentinel Network Data Book 2024
| Rank | State |
| 1 | Florida |
| 2 | Georgia |
| 3 | Nevada |
| 4 | Texas |
| 5 | Delaware |
Major Types of Identity Theft Reported
The top types of identity theft reported in 2024 were credit card fraud, other identity theft, and loan or lease fraud. The FTC received nearly 450,000 reports from people who said their information was misused with an existing credit card or when applying for a new credit card.
Summary of Types of Identity Theft Reported
States With High Fraud Risk in the US
According to the FTC Consumer Sentinel Network Data Book 2024, the states with the highest fraud risk (measured by fraud reports per 100,000 population) were Florida and Georgia.
Top 5 States with Highest Fraud Risk (Reports per 100,000)
Source: Consumer Sentinel Network Data Book 2024
| Rank | State |
| 1 | Florida |
| 2 | Georgia |
| 3 | Delaware |
| 4 | Nevada |
| 5 | Maryland |
Why Identity Theft Often Follows Data Breaches
Top 10 States for Fraud and Identity Theft Risks
Why Some States Are Hit Harder by Data Breaches
Large Populations Mean More Potential Victims
More Businesses and Vendors Mean More Attack Surfaces
Healthcare, Finance, and Government Data Are Frequent Targets
Industries that store sensitive personal information are common targets for ransomware groups, phishing attacks, vendor breaches, and insider misuse. Because Delaware is home to many large corporate headquarters, it sees a high number of identity theft and fraud reports stemming from data breaches.
Major Types of Data Breaches Affecting Consumers by State
Healthcare Data Breaches
When breached, hospitals, clinics, insurers, billing vendors, and medical service providers may expose medical and financial information. While healthcare data breaches have declined 10% nationwide year-over-year, the number of affected individuals has increased by more than 44%. In the first two months of 2026, 118 data breaches affecting at least 500 people each were reported to the Department of Health and Human Services Office for Civil Rights, exposing the protected health information of nearly 10 million people.
Financial Services Breaches
Banks, lenders, loan servicers, credit unions, payment processors, and fintech companies are common sources of sensitive financial exposure.
Retail and E-Commerce Breaches
Retail and e-commerce brand breaches may expose names, addresses, payment card details, account credentials, and purchase histories. These breaches frequently lead to “smishing,” in which hackers use the information they’ve stolen to convince victims to send them money or to share more personal data over text.
Education Data Breaches
Schools, universities, and education vendors may expose student records, parent information, employee files, and financial aid data in the event of a breach.
Government and Public Benefits Breaches
State agencies and government contractors may store Social Security numbers, benefits data, tax information, and health-related records that can be accessed and compromised in the event of a data breach.
What Consumers in High-Risk States Should Do After a Data Breach
1. Read the Breach Notice Carefully
4. Change Passwords and Enable Multi-Factor Authentication
Update your passwords, avoid reusing them, and enable multi-factor authentication for email, financial, healthcare, and shopping accounts.
2. Freeze Your Credit
5. Save Evidence of Harm
3. Monitor Financial and Medical Accounts
Can You Join a Class Action After a Data Breach?
When Data Breach Lawsuits May Be Filed
Data breach lawsuits may be filed when companies allegedly failed to use reasonable security measures, delayed notice, or exposed sensitive personal information. Speak to an experienced data breach lawyer to learn more about your rights and options after being victimized by a breach.
What Compensation May Cover
Potential compensation for data breach victims may include money for out-of-pocket losses, time spent addressing fraud, credit monitoring, identity theft recovery costs, and, in some cases, statutory damages, depending on the laws involved.