The key UK identity fraud statistics in one place — how many identity fraud cases are recorded each year, how account and facility takeover is trending, which sectors are hit hardest, and what fraud costs, drawn from CIFAS, UK Finance and the Office for National Statistics, with the data period stated next to every figure.
The most authoritative UK figures on identity fraud come from three sources. CIFAS, the UK's fraud-prevention service, runs the National Fraud Database and publishes its annual Fraudscape report each spring plus a six-month interim update; UK Finance measures the money actually lost across the banking and card industry; and the Office for National Statistics (ONS) estimates how many people experience fraud through the Crime Survey for England and Wales (CSEW). Together they cover cases, prevalence and losses.
This page brings the headline identity fraud numbers from each of those sources together. It is scoped to identity abuse — identity fraud, facility (account) takeover, SIM-swap and the losses those enable — rather than the broader fraud picture; every figure carries its data period, and every source is linked in full at the end. Identity fraud matters for data protection because it is largely what personal-data breaches are for: stolen names, dates of birth and account details are the raw material of an identity crime.
Key facts and figures
- 242,003 identity fraud cases were recorded in the UK in 2025 — 54% of all National Fraud Database filings and the single most common fraud type.
- 444,000+ total cases were filed to the National Fraud Database in 2025 — more than 1,200 a day and a record high, up 6% on 2024.
- 72% of all 2025 fraud cases were linked to identity fraud or facility (account) takeover combined.
- 78,000+ facility (account) takeover cases were recorded in 2025 — 18% of all filings and up 6% year on year.
- 38% rise in unauthorised SIM swaps in 2025, driven by stolen personal data and automated attacks.
- £2.4 billion in fraud losses were prevented by CIFAS members in 2025.
- 4.4 million fraud incidents were estimated by the Crime Survey for England and Wales in the year ending December 2025.
- £58.7 million was lost to card ID theft in 2024, down 26% year on year, across just over 109,000 cases.
These are the latest figures available as of July 2026, and this page is updated as new data is released — CIFAS refreshes the Fraudscape headline figures each spring and publishes a six-month interim update around August, the ONS updates the Crime Survey quarterly, and UK Finance publishes its Annual Fraud Report each summer with a Half-Year report each autumn.
The headline measures at a glance:
| Measure | Latest figure | Data period | Trend / detail |
|---|---|---|---|
| Identity fraud cases (National Fraud Database) | 242,003 | 2025 full year | 54% of all filings; down 3% year on year |
| Total fraud cases (National Fraud Database) | 444,000+ | 2025 full year | Record high; up 6% on 2024 |
| Facility (account) takeover cases | 78,000+ | 2025 full year | 18% of all filings; up 6% |
| Unauthorised SIM swaps | Up 38% | 2025 full year | Driven by stolen data and automation |
| CSEW fraud incidents (individuals) | 4.4 million | Year ending Dec 2025 | No significant change on 4.1m prior year |
| Card ID theft losses (UK Finance) | £58.7 million | 2024 full year | Down 26%; cases down 23% to ~109,000 |
How common is identity fraud in the UK?
Identity fraud reached a record 242,003 cases in 2025, making up 54% of all filings to the National Fraud Database — comfortably the single most common fraud type CIFAS records. The figures come from CIFAS Fraudscape 2026, published in March 2026, which analyses the full year of 2025 data shared by CIFAS member organisations across banking, telecoms, insurance and other sectors.
Put in context, identity fraud is not a niche crime. More than half of every case logged to the national database in 2025 was an identity fraud, and the total volume of fraud hit a record high in the same year. The scale reflects how routine the crime has become: fraudsters use another person's real details — name, date of birth, address, account numbers — to apply for products or take over existing accounts, and those details are increasingly cheap and plentiful because of large-scale data breaches. That is the direct link to data protection: personal data lost in a breach is the fuel for identity crime, which is why our UK data breach statistics page and this one describe two ends of the same problem.
It is worth being precise about what “identity fraud” means here. In the CIFAS classification it covers the fraudulent use of a genuine person's identity — or a fabricated one — to obtain goods, services or an account. It is distinct from facility takeover, where an existing account is hijacked, and from misuse of facility, where a person abuses an account in their own name. All three are counted separately, and all three feed the wider identity-abuse total.
How many identity theft cases were reported in the UK in 2025?
242,003 identity fraud cases were recorded in 2025, which was actually a 3% fall on the almost 250,000 cases seen in 2024 — even though total fraud across all categories hit a record high in the same year. So the headline is nuanced: identity fraud dipped slightly as a raw count, while the fraud problem overall grew.
Total National Fraud Database filings passed 444,000 in 2025 — more than 1,200 cases a day and a 6% rise on 2024, the highest annual total CIFAS has recorded. Identity fraud shrank as a share of a bigger pie because other categories grew faster, not because identity crime went away.
The pace of the underlying problem is clearer in the interim data. CIFAS recorded more than 118,000 identity fraud cases in the first half of 2025 alone (January to June), according to its Fraudscape six-month update published in August 2025, with the rise fuelled in part by AI-generated synthetic and fake identities. That interim reading is the leading edge of the trend that the full-year 2026 report then confirmed.
A word on how to read these counts. CIFAS numbers are filings to a shared prevention database by member organisations — they measure detected and recorded cases, not every crime that occurred, so they undercount attempts that were never spotted and overcount nothing. They are the closest thing the UK has to an operational census of identity fraud.
What is the most common type of identity fraud in the UK?
Bank accounts are the most-targeted product: identity fraud against bank accounts rose 10% to more than 63,000 cases in 2025. Banking is where fraudsters can move money fastest, so it consistently tops the product breakdown in the CIFAS data.
Other product lines climbed too. Identity fraud against insurance products rose 26% to more than 16,000 cases in 2025, one of the sharpest sector increases in the Fraudscape 2026 report. Insurance fraud of this kind typically involves using a stolen or synthetic identity to take out a policy or make a claim.
Alongside pure identity fraud, two related identity-abuse categories are worth pulling out because they are surging:
- Facility (account) takeover reached more than 78,000 cases in 2025 — 18% of all filings and up 6% on 2024. This is where a criminal seizes control of an account that already belongs to the victim, often after harvesting login details or intercepting security codes.
- Misuse of facility surged 43% to over 106,000 cases in 2025, including more than 22,000 money-mule cases — accounts opened or used to launder the proceeds of fraud.
Combine identity fraud with facility takeover and the concentration is striking: almost three-quarters (72%) of all 2025 fraud cases were linked to identity fraud or account takeover. Identity abuse is not one category among many — it is the centre of gravity of UK fraud.
Phishing is the vector that feeds much of this — stolen credentials are how many takeovers begin — but the phishing numbers themselves are covered on our UK phishing statistics page rather than repeated here.
How fast is account takeover and SIM-swap fraud growing?
Unauthorised SIM swaps rose 38% in 2025, according to Fraudscape 2026, driven by stolen personal data and increasingly automated attacks. A SIM swap lets a fraudster port a victim's mobile number to a handset they control, intercepting the one-time passcodes that protect banking and email accounts — which makes it a powerful enabler of account takeover.
The telecoms sector's role in account takeover jumped sharply in the interim data. In the first half of 2025 the telecoms sector accounted for 69% of all account takeovers, up from 40% in 2024, per the CIFAS six-month update. Mobile and broadband accounts became a primary target precisely because control of a phone number unlocks so much else.
These are the categories to watch, because they show fraudsters shifting from opening new fraudulent accounts to hijacking the genuine ones people already hold — a harder crime to spot, since the account and its history look legitimate right up to the moment money moves. Strong multi-factor authentication that does not rely solely on SMS codes, and prompt reporting of a suddenly dead SIM, are the practical defences.
How much does fraud cost, and how much is prevented?
CIFAS members prevented an estimated £2.4 billion in fraud losses in 2025 by matching new applications and takeover attempts against the National Fraud Database — a figure that captures the value of stopping fraud before money leaves, rather than the losses that got through.
On the losses that do get through, UK Finance is the authoritative source. Card ID theft losses fell 26% to £58.7 million in 2024, with cases down 23% to just over 109,000, according to the UK Finance Annual Fraud Report 2025, published in May 2025. Card ID theft is the card-specific slice of identity fraud — using stolen identity details to obtain or use a card — and both its value and its case count fell year on year, one of the few clearly improving measures in the identity-abuse picture.
Set against the wider backdrop, more than £1.1 billion was stolen through fraud in the UK in 2024 across a record 3.3 million reported cases, per the same UK Finance report. Identity-related fraud is a large part of that total, but the £1.1 billion figure spans every fraud type the banking industry tracks, so it should be read as context rather than an identity-fraud-only number.
| Loss / prevention measure | Figure | Data period | Trend |
|---|---|---|---|
| Fraud prevented by CIFAS members | £2.4 billion | 2025 full year | Value of stopped fraud |
| Card ID theft losses (UK Finance) | £58.7 million | 2024 full year | Down 26% year on year |
| Card ID theft cases (UK Finance) | ~109,000 | 2024 full year | Down 23% year on year |
| Total fraud stolen (all types) | £1.1 billion+ | 2024 full year | Across 3.3 million reported cases |
How many people experience fraud in the UK?
The Crime Survey for England and Wales estimated 4.4 million fraud incidents in the year ending December 2025 — no statistically significant change on the 4.1 million estimated the previous year. The CSEW is the ONS's household survey and measures fraud as experienced by individuals, including incidents that are never reported to anyone, which makes it the best gauge of prevalence across the population.
Bank and credit account fraud accounted for roughly 2.7 million of those CSEW incidents in the year ending December 2025 — up 15% year on year, and the largest single fraud category in the survey. That rise sits alongside the broadly flat overall total, so the mix of fraud that people experience is shifting towards account-based fraud even where the headline count is stable.
The CSEW and the CIFAS figures measure different things and should not be added together. The CSEW estimates what individuals experienced, reported or not; CIFAS counts cases filed to a prevention database by organisations. Read together, they tell a consistent story: fraud against individuals is very common and heavily weighted towards account and identity abuse, and the organisational data confirms identity fraud as the dominant recorded category. The computer-misuse and hacking side of the ONS data — offences under the Computer Misuse Act — is a separate lane and is not covered here.
Frequently asked questions
How common is identity fraud in the UK?
Very common. Identity fraud made up 54% of all cases filed to the UK's National Fraud Database in 2025 — the single most common fraud type — with a record 242,003 cases recorded that year, according to CIFAS Fraudscape 2026. Combined with account takeover, identity abuse accounted for roughly 72% of all fraud cases.
How many identity theft cases were reported in the UK in 2025?
242,003 identity fraud cases were recorded in 2025, per CIFAS Fraudscape 2026. That was a 3% fall on the almost 250,000 cases in 2024, even though total National Fraud Database filings hit a record 444,000-plus — more than 1,200 a day — in the same year.
What is the most common type of identity fraud in the UK?
Identity fraud against bank accounts is the most common single target, rising 10% to more than 63,000 cases in 2025. Facility (account) takeover is the fastest-growing related category at more than 78,000 cases, and unauthorised SIM swaps rose 38% over the year, per CIFAS Fraudscape 2026.
Is identity fraud increasing or decreasing in the UK?
Both, depending on the measure. Raw identity fraud cases dipped 3% in 2025 to 242,003, but total fraud hit a record high, account takeover rose 6%, SIM swaps rose 38%, and CIFAS recorded 118,000-plus identity fraud cases in the first half of 2025 alone. Card ID theft losses, by contrast, fell 26% in 2024. The direction of travel for identity abuse overall is upward.
What is the difference between identity fraud and account takeover?
Identity fraud is using someone's identity — genuine or fabricated — to obtain a new product or service, such as opening an account or taking out a loan in their name. Account (facility) takeover is hijacking an account the victim already holds. CIFAS counts them separately, but together they made up around 72% of all recorded fraud cases in 2025.
How is personal data used in identity fraud?
Identity fraud runs on stolen personal data — names, dates of birth, addresses and account details — much of it exposed in data breaches or harvested through phishing. That is why data protection training and identity fraud are two sides of one coin: reducing breaches reduces the raw material for identity crime. See our data breach statistics for the breach side of the picture.
Related guides
- Data Breach Statistics UK: ICO Reports, Trends & Costs
- Phishing Statistics UK: Attack Volumes, Targets & Trends
- Ransomware Statistics UK: Attacks, Costs & Recovery
- GDPR Fines UK: ICO Fine & Enforcement Statistics
- GDPR data breach: what to do in the first 72 hours
- What is personal data under GDPR? A UK guide
Sources & references
- CIFAS — Fraudscape 2026 (2025 full-year data, published March 2026)
- CIFAS — Fraudscape six-month update 2025 (January–June 2025, published August 2025)
- CIFAS — Fraudscape 2025 (2024 full-year data, published April 2025)
- Office for National Statistics — Crime in England and Wales: year ending December 2025 (fraud, CSEW)
- UK Finance — Annual Fraud Report 2025 (2024 losses, published May 2025)
- UK Finance — press release: over £1 billion stolen through fraud in 2024
Identity fraud runs on personal data that leaks through everyday handling mistakes — train your team to manage personal data safely and meet UK GDPR duties.
Explore the GDPR & Data Protection Course →