Australian Institute of Criminology

Skip to content

Results

Characteristics of the sample

In total, 5,000 respondents completed the survey instrument; however, the responses of five individuals were removed as those individuals did not normally reside in Australia and therefore were not eligible to participate. The data were weighted to reflect the distribution of the population across jurisdiction based on ABS (2013) census data. Table 1 shows the breakdown of respondents by place of normal residence. Both the unweighted and weighted numbers are provided to show where the population was over or under-sampled. The differences between the unweighted and weighted numbers reflect the under-sampling of larger jurisdictions and the over-sampling of smaller jurisdictions. For example, respondents whose place of normal residence was Sydney comprised 11.0 percent of the sample; however, this jurisdiction contains 20.6 percent of the Australian population.

Table 1 Respondents by place of normal residence
Location Multiplier Unweighted Weighted
n % n %
Sydney 1.867 550 11.0 1,026 20.6
Other New South Wales 1.931 300 6.0 579 11.6
Melbourne 1.440 649 13.0 934 18.7
Other Victoria 1.521 200 4.0 304 6.1
Brisbane 1.150 419 8.4 482 9.6
Other Queensland 1.161 450 9.0 522 10.5
Perth 0.643 649 13.0 418 8.4
Other Western Australia 0.589 200 4.0 118 2.4
Adelaide 0.432 650 13.0 281 5.6
Other South Australia 0.417 200 4.0 83 1.7
Canberra 0.271 304 6.1 82 1.7
Hobart 0.239 200 4.0 48 1.0
Other Tasmania 0.382 170 3.4 65 1.3
Darwin 0.724 40 0.8 29 0.6
Other Northern Territory 1.626 14 0.3 23 0.5
Total 4,995 100.0 4,995 100.0

Note: Percentages may not total 100 and weighted figures may not total 4,995 due to rounding

Source: Identity Crime Survey 2013 [AIC data file]

Only respondents aged 15 years and over were eligible to participate in the survey. Tables 2 and 3 show the respondents’ weighted distributions by gender and age group respectively. It is noted that in relation to gender, one participant (0.02%) selected the ‘other’ category, however, when the data were weighted this represented just 0.01% of the sample.

Table 2 Respondents by gender
Gender n %
Male 2,335 46.8
Female 2,660 53.3
Other 0 0.0
Total 4,995 100.0

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Percentages may not total 100 due to rounding

Source: Identity Crime Survey 2013 [AIC data file]

Table 3 Respondents by age
Age group n %
17 years and under 265 5.3
18–24 years 465 9.3
25–34 years 876 17.5
35–44 years 1,024 20.5
45–54 years 936 18.7
55–64 years 733 14.7
65 years and over 697 14.0
Total 4,995 100.0

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Weighted figures may not total 4,995 due to rounding

Source: Identity Crime Survey 2013 [AIC data file]

Respondents were asked what language was most often spoken at home. These responses were recoded using the ABS’ (2011) Australian Standard Classification of Languages, although English has been differentiated from other ‘Northern European’ languages. Table 4 shows the respondents’ weighted distributions by language most often spoken at home.

Table 4 Respondents by language most often spoken at home

Language classification

n

%

English 4,695 94.0
Southern Asian 85 1.7
Eastern Asian 80 1.6
Southeast Asian 40 0.8
Eastern European 31 0.6
Southern European 24 0.5
Northern European 15 0.3
Southwest and Central Asian 12 0.3
Other languages 10 0.2
Australian Indigenous 2 0.0
Total 4,995 100.0

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Weighted figures may not total 4,995 due to rounding

Source: Identity Crime Survey 2013 [AIC data file]

Participants were asked if they identified as Aboriginal or Torres Strait Islander. Weighted responses are provided in Table 5.

Table 5 Respondents who identified as Aboriginal or Torres Strait Islander
Aboriginal and Torres Strait Islander status n %
Aboriginal 78 1.6
Torres Strait Islander 6 0.1
Both Aboriginal and Torres Strait Islander 5 0.1
No 4,851 97.1
Rather not say 54 1.1
Total 4,995 100.0

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Weighted figures may not total 4,995 due to rounding

Source: Identity Crime Survey 2013 [AIC data file]

Participants were asked to categorise their individual gross income (before tax had been deducted) from all sources for the year 2012–13. Weighted responses are provided in Table 6.

Table 6 Respondents by individual gross income 2012–13
Income category n %
$0–$18,200 1,168 23.4
$18,201–$37,000 1,056 21.1
$37,001–$80,000 1,438 28.8
$80,001–$180,000 624 12.5
$180,001 and over 64 1.3
I’d rather not say 645 12.9
Total 4,995 100.0

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

Respondents were asked how many hours in the previous week they had spent using a computer or computerised device, including desktops, laptops, smartphones and tablets. Eight responses were omitted as they exceeded the number of hours in a week. Weighted responses ranged from none to 168 (mean=25.8, SD=18.0, n=4,987). As shown in Figure 1, 75 percent of respondents spent 35 hours or less on a computerised device per week, with some respondents spending much longer hours.

Figure 1 Number of hours spent the previous week using a computer or computerised device (unweighted data)

Figure 2 Number of hours spent the previous week using a computer or computerised device for work-related activities (unweighted data)

Source: Identity Crime Survey 2013 [AIC data file]

Respondents were also asked how many hours in the previous week they had spent using a computer or computerised device for work-related activities. Three responses were omitted as they exceeded the number of hours in a week. The remaining weighted responses ranged from none to 168 (mean=9.0, SD=13.4, n=4,992). As shown in Figure 2, the distribution was also positively skewed, with 75 percent of respondents spending 12 hours or less on a computerised device per week for work purposes.

Perceptions of misuse of personal information

The survey sought the views of participants on a number of matters concerning how they perceived the risk of misuse of personal information, how serious they perceived such conduct to be and what changes were likely to occur in the years ahead. Although some participants may have had access to independent verifiable evidence relating to these matters, others would not. The responses, therefore, reflected the personal views of participants at the time of the survey and cannot be said to be indicative of objective factual information. Nonetheless, the responses to these questions provide baseline indications of the perceptions of respondents and should the survey be replicated in the future, will indicate changes in perceptions of risk, seriousness and trends.

Participants were asked initially, in terms of harm to the Australian economy, how serious they thought misuse of personal information was. As shown in the weighted responses provided in Table 7, most respondents believed the misuse of personal information was very serious or somewhat serious.

Table 7 Respondents’ perceptions about the seriousness of misuse of personal information
Seriousness n %
Very serious 3,434 68.8
Somewhat serious 1,390 27.8
Not very serious 147 2.9
Not at all serious 24 0.5
Total 4,995 100.0

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

Participants were also asked if they thought the risk of someone misusing their personal information would change over the next 12 months. Weighted responses are provided in Table 8.

Table 8 Respondents’ perceptions about the risk of misuse of their personal information in the next 12 months
Risk of misuse of personal information n %
Risk will increase greatly 989 19.8
Risk will increase somewhat 2,270 45.4
Risk will not change 1,690 33.8
Risk will decrease somewhat 23 0.5
Risk will decrease greatly 23 0.5
Total 4,995 100.0

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

Participants were asked if they were aware that a person who has had their personal information misused could apply to a court to obtain a victim certificate to prove what occurred and if they had done so in the past. Weighted responses are provided in Table 9.

Table 9 Respondents’ awareness of victim certificates
Awareness of victim certificates n %
I am aware of such certificates, and have applied for one in the past 168 3.4
I am aware of such certificates, but have not applied for any 557 11.2
I am unaware of such certificates 4,270 85.5
Total 4,995 100.0

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Percentages may not total 100 due to rounding

Source: Identity Crime Survey 2013 [AIC data file]

It is noted that the number of respondents (n=168) who reported being aware of victim certificates and had applied for them in the past is low. This percentage (3.4%) does not parallel the number of victim certificates applied for through the court system. It is possible that the question has been misunderstood and participants may have instead believed they were being asked about other actions they could have taken, such as having fraudulent information removed from their credit information file.

Experience of misuse of personal information

Participants were asked if their personal information had been misused at any time in the past, as well as any time in the previous 12 months. Of the 4,995 respondents, 1,032 (20.7%) had experienced identity misuse at some time. Some of the locations with a smaller population that were oversampled to obtain a larger sample size experienced lower levels of misuse (eg Darwin and Tasmania) and some of the locations with a larger population that were under-sampled experienced higher levels of misuse (eg Sydney and Melbourne). When the data were weighted to correct for this over and under-sampling, the level of lifetime misuse of personal information increased to 20.8 percent (n=1,040) of respondents. While the weighted data allow examination of the prevalence of misuse of personal information based on the surveyed respondents, the unweighted responses demonstrate the prevalence of misuse of personal information by place of normal residence, particularly where the population is relatively small. The unweighted data by place of normal residence are presented in Table 10.

Table 10 Respondents who experienced misuse of their personal information at any time in the past by place of normal residence (unweighted data)
Location n %
Sydney (n=550) 122 22.2
Other New South Wales (n=300) 60 20.0
Melbourne (n=649) 145 22.3
Other Victoria (n=200) 40 20.0
Brisbane (n=419) 70 16.7
Other Queensland (n=450) 92 20.4
Perth (n=649) 134 20.7
Other Western Australia (n=200) 47 23.5
Adelaide (n=650) 138 21.2
Other South Australia (n=200) 42 21.0
Canberra (n=304) 63 20.7
Hobart (n=200) 37 18.5
Other Tasmania (n=170) 32 18.8
Darwin (n=40) 7 17.5
Other Northern Terrirory (n=14) 3 21.4
Nationally (n=4,995) 1,032 20.7

Source: Identity Crime Survey 2013 [AIC data file]

Participants were also asked about misuse of their personal information in the previous 12 months. For the total sample (n=4,995), 9.2 percent (n=460) of respondents experienced identity misuse in the past 12 months. When these data were weighted to reflect national population distributions, 9.4 percent (n=471) of respondents experienced identity misuse in the previous 12 months. Again, while the weighted data allow examination of the prevalence of misuse of personal information using nationally representative data, the unweighted responses demonstrate the prevalence of misuse of personal information by place of normal residence, particularly for those with smaller populations. The unweighted data by place of normal residence are presented in Table 11.

Table 11 Respondents who experienced misuse of their personal information in the last 12 months by place of normal residence (unweighted data)
Location n %
Sydney (n=550) 55 10.0
Other New South Wales (n=300) 31 10.3
Melbourne (n=649) 67 10.3
Other Victoria (n=200) 13 6.5
Brisbane (n=419) 29 6.9
Other Queensland (n=450) 45 10.0
Perth (n=649) 62 9.6
Other Western Australia (n=200) 19 9.5
Adelaide (n=650) 62 9.5
Other South Australia (n=200) 15 7.5
Canberra (n=304) 26 8.6
Hobart (n=200) 18 9.0
Other Tasmania (n=170) 12 7.1
Darwin (n=40) 4 10.0
Other Northern Territory (n=14) 2 14.3
Nationally (n=4,995) 460 9.2

Source: Identity Crime Survey 2013 [AIC data file]

Locations with respondents who experienced higher than the national rates of misuse of personal information over their lifetime as well as the previous 12 months included Sydney, other New South Wales, Melbourne, other Queensland, Perth, other Western Australia, Adelaide, Darwin and the other Northern Territory. Interestingly, while the first two have the largest populations in Australia, the latter two are included in the locations with the smallest populations, particularly when considering the geographic distances they encompass. Respondents in other Victoria, Brisbane, Hobart and other areas of Tasmania experienced the lowest rates of misuse of personal information over their lifetimes as well as in the previous 12 months.

The 460 respondents who experienced misuse of their personal information within the last 12 months were asked further questions relating to their experience. When the data were weighted, the number of separate occasions that participants believed that their personal information had been misused ranged from one to 20 (mean=2.2, SD=2.4, n=460). As shown in Figure 3, half of the participants (53.7%) believed that their personal information had been misused on a single occasion.

Figure 3 Number of separate occasions participants believed their personal information had been misused (unweighted data)

Source: Identity Crime Survey 2013 [AIC data file]

Losses, costs and consequences resulting from the misuse of personal information

Participants who had experienced misuse of their personal information within the last 12 months were asked how much they were left out-of-pocket as a result, excluding any money that they were able to recover from banks and any costs associated with repairing what occurred. Summary statistics are set out in Table 12.

Table 12 Summary statistics for financial losses over the last 12 months
Statistic Out-of-pocket losses ($) Recovered ($)
Number of respondents 250 255
Minimum 1 2
Maximum 310,000 310,000
Mean 4,101 2,381
Median 247 300
Standard deviation 34,062 23,478
25% quartile 80 98
75% quartile 1,000 1,000
Total 1,025,250 607,164

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

Almost half (n=210, 45.7%) of the survey participants had not suffered a financial loss. The remaining 250 participants experienced losses that when weighted ranged from $1 to $310,000, with a median loss of $247. The distribution was positively skewed, with the majority of participants experiencing smaller losses. Total losses amounted to $1,025,250. The distribution of out-of-pocket losses suffered by respondents is shown in Figure 4.

Figure 4 Distribution of financial losses experienced in the preceding 12 months (n)

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

Participants who had been reimbursed by banks or other organisations, or recovered their losses in other ways, as the result of the misuse of their personal information in the previous 12 months, had recovered between $2 and $310,000. When the data were weighted, the mean amount reimbursed or recovered was $2,381 and the median amount reimbursed or recovered was $300. The total reimbursed or recovered during the last 12 months was $607,164. The remaining 205 participants (44.6%) did not receive any reimbursement or recover any losses.

Figure 5 Distribution of funds reimbursed or recovered in the preceding 12 months (n)

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

Figure 6 shows, for those who reported a financial loss (n=250), the average loss by age and gender. It is noted that the one participant who selected ‘other’ in relation to gender did not report a financial loss. As the number within each category was relatively small, the averages reported here are sensitive to statistical outliers, or high values in excess of $6,000 that were reported by few respondents (see Figure 4). Therefore, further analyses are reported later in this chapter to determine the statistical significance of the relationship between amount of financial loss, age and gender.

Figure 6 Average financial loss by age and gender ($)

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

Participants were asked what other negative consequences they had experienced as a result of their personal information having been misused over the previous 12 months. Any causal connection between misuse of personal information and the specified consequences was not suggested and participants were asked to make their own judgment about whether the results occurred ‘as a result’ of the misuse or not. Participants were able to select multiple responses. When the data were weighted, almost half (48.2%, n=222) of the participants did not experience any other negative consequence following misuse of their personal information. Weighted responses for the other consequences that were experienced are provided in Table 13.

Table 13 Consequences experienced as the result of personal information being misused in the previous 12 months (n=460)
Consequences n %
I was refused credit 65 14.1
I experienced mental or emotional distress requiring counselling or other treatment 49 10.7
I was wrongly accused of a crime 25 5.5
I experienced physical health problems requiring medical treatment by a doctor 25 5.4
I had to commence legal action to clear debts and/or to clear my name 23 5.0
I experienced financial difficulties resulting in the repossession of a house or land, motor vehicle or other items 22 4.8
I experienced other reputational damage 20 4.4
I was refused government benefits 17 3.8
I was refused other services 10 2.2
Other 83 18.0

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

Participants who had been refused other services were asked to specify the type of service they had been refused as the result of their personal information being misused. These included access to existing credit cards (n=3), bank accounts (n=4), online games (n=1), eBay (n=1), electricity (n=1) and insurance products including health, car and house (n=2). Responses provided by participants in relation to other reputational damage that had been experienced as the result of misuse of personal information included ‘criminal charges due to misuse of personal information’, ‘I was refused housing’, ‘my credit rating made companies hesitate before allowing me to [buy] products even with a debit card’, ‘my image was damaged’, ‘our email account was compromised causing many people on our address list become distressed about their addresses being subject to compromise’, ‘bullying’, ‘classed as a fool’, ‘cost me my job’, ‘defamation’ and ‘employer accused me of sharing my passwords with criminals’.

Participants were also able to outline other consequences they had experienced. In many cases, participants provided context to the answers they had already given in the categories provided. For example, responses included:

Police have not found the other person. I was not charged as my identity was used in a different state in Australia.
Huge sense of mistrust!! Very stressful emotional time!!
My mobile phone was in police custody under investigation. It was a stressful time for me and left me feeling paranoid and anxious because someone had used my mobile number to threaten someone else’s life.
Mental and emotional stress—no counselling…I am very unhappy!!!

Participants were asked how many hours they had spent dealing with the consequences of having their personal information misused over the previous 12 months. This included, for example, the time taken to have their credit rating fixed, having new cards issued, or accounts changed. The weighted number of hours ranged from none to 500 (mean=18.1, SD=49.5). This distribution was positively skewed, with 95 percent of the respondents spending 60 hours or less and half (50.0%) of the population spending three hours or less. The weighted total number of hours spent dealing with the consequences of personal information misuse was 8,518.9.

Participants were also asked how much money they had spent dealing with the consequences of having their personal information misused over the previous 12 months. This included, for example, the cost of getting legal advice, lost income, telephone charges, or postage and fees. A nil cost was experienced by 202 (43.9%) of participants. For the remainder of participants who experienced misuse in the previous 12 months, the weighted estimated financial cost to deal with the consequences ranged from $1 to $60,000 (mean=576.23, SD=3,615.32). It was found that half (50.4%) of the respondents who had spent any money spent $40 or less.

Reporting the misuse of information

Of those who experienced misuse of their personal information, 41 (8.9%) did not report it in any way. A further 246 respondents (53.5%) told a friend or family member, 36 (7.8%) told a government agency or a business organisation and 137 (29.8%) told a friend or family member as well as a government agency or business organisation. Respondents were also asked to specify which government agency or business organisation they had reported to and how satisfied they were with the outcome. As shown in the weighted responses provided in Table 14, the majority of reports resulted in a very satisfactory or satisfactory outcome. It is noted that the 173 participants reported a weighted average of 2.1 agencies or organisations about the misuse of their personal information in the previous 12 months (range=1–10, SD=1.6).

Table 14 Government agencies and business organisations reported to and satisfaction with the response
Agency/organisation reported to Level of satisfaction
Very satisfied Satisfied Unsatisfied Very unsatisfied
A bank or credit union, a credit/debit card company (eg Visa or MasterCard) or an e-commerce provider (eg PayPal) (n=129) n 80 35 10 4
% 62.6 27.2 7.8 2.7
A policing agency (n=49) n 14 19 10 8
% 28.3 38.7 20.4 12.6
A consumer protection agency (eg SCAMwatch, Consumer Affairs, Office of Fair Trading) (n=36) n 11 14 5 5
% 30.2 39.0 13.0 17.8
An internet service provider (n=23) n 11 10 2 1
% 47.0 41.5 8.4 3.1
A credit reporting agency (eg Veda or Dun and Bradstreet) (n=20) n 9 7 2 2
% 44.1 34.5 10.4 11.1
A utility company (eg gas, electricity, telephone, water etc) (n=19) n 7 9 3 1
% 34.7 45.2 17.1 3.0
Medicare Australia (n=12) n 4 7 - 2
% 31.1 54.3 - 14.7
A media organisation (n=10) n 2 6 2 -
% 21.3 56.7 17.9 -
The Passport Office (n=10) n 4 2 4 -
% 42.3 18.9 38.8 -
A road traffic authority (n=8) n 2 3 - 3
% 22.0 36.6 - 41.4
Other (n=35) n 9 10 10 6
% 26.3 28.6 27.7 17.4

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Percentages may not total 100 due to rounding.

Source: Identity Crime Survey 2013 [AIC data file]

Figure 7 shows the percentage of respondents who were satisfied or very satisfied with the response by each agency. As shown, participants were most satisfied with the response provided by Medicare Australia (91.7% responded either satisfied or very satisfied), an internet service provider (91.3%) and a bank, credit union, credit/debit card company or e-commerce provider (89.1%).

Figure 7 Respondents who were satisfied or very satisfied with the response, by agency (%)

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

The 41 participants who indicated that they had not reported the misuse of their personal information were asked why they had not. Weighted responses are provided in Table 15. It is noted that participants could select more than one reason for not reporting.

Table 15 Reasons for not reporting misuse of personal information
Reason for not reporting n %
I did not believe the police or any other authority would be able to do anything 16.19 39.5
I was too embarrassed to report it 9.68 23.6
I did not know how or where to report the matter 9.47 23.1
I did not believe it was a crime 4.91 12.0
Other 9.05 22.1

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

Reasons for not reporting under other included ‘no need’, ‘my head office handled the problem’, ‘sorted privately’ and ‘usual data theft’.

Behavioural changes arising from the misuse of personal information

Participants were asked how their behaviour had changed as a direct result of having their personal information misused. Weighted responses are provided in Table 16. It is noted that participants could select more than one way in which their behaviour had changed. When the data were weighted, a minority (5.9%, n=27) of participants who experienced misuse of their personal information in the previous 12 months indicated that this did not result in some behaviour change.

Table 16 Behavioural changes resulting from the misuse of personal information (n=460)
Behavioural change n %
Changed password(s) 223 48.5
More careful when using or sharing personal information 221 48.1
Changed banking details 195 42.5
Review financial statements more carefully 182 39.6
Don’t trust people as much 179 39.0
Use better security for computer or other computerised devices 174 37.9
Shred personal documents before disposing of them 127 27.6
Changed email address(es) 73 15.8
Changed social media account(s) 63 13.6
Lock mailbox 56 12.3
Redirect mail when away or move residence 44 9.7
Changed telephone number(s) 43 9.4
Applied for a credit report 40 8.8
Use a registered post box 36 7.8
Changed place of residence 33 7.1
Signed up for a commercial identity theft alert/protection service 27 5.8
Other 18 4.0
Behaviour has not changed 27 5.9

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

The most serious occasion of misuse of personal information in the previous 12 months

Participants who experienced misuse of their personal information within the previous 12 months (n=460) were asked further questions about the most serious occasion on which misuse had occurred during this time. The most serious occasion was defined as the occasion that resulted in the largest financial or other harm to the participant. The aim was to seek participants’ own best recollections or assessments of the facts and circumstances in question, although it should be emphasised that some participants might not have had access to evidence sufficient to answer these questions with certainly. Future surveys could include additional questions that assess the level of certainly in terms of evidence on which participants based their answers to these questions.

Weighted responses for the types of personal information that had been misused are provided in Table 17. It is noted that participants could select more than one type of personal information that had been misused.

Table 17 Types of personal information respondents believed were misused on the most serious occasion in the previous 12 months (n=460)
Type of personal information n %
Credit/debit card information 241 52.3
Name 185 40.2
Bank account information 143 31.1
Address 113 24.6
Date of birth 101 22.0
Gender 87 18.9
Password 87 18.8
Online account username 83 18.0
Computer username 67 14.7
Driver’s licence information 47 10.2
Place of birth 44 9.5
Signature 37 8.1
PIN 37 8.0
TFN 31 6.7
Medicare information 24 5.3
Passport information 23 4.9
Student number 13 2.8
Biometric information (eg fingerprint) 10 2.2
HIN 10 2.2
Other 31 6.8

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Respondents could select multiple types

Source: Identity Crime Survey 2013 [AIC data file]

Participants indicated that between one and 19 different types of personal information had been misused in the most serious occasion in the past 12 months (weighted mean=3.1, SD=3.3, n=460). As shown in Figure 8, this distribution is positively skewed, with almost half (46.3%, n=213) of participants indicating that only one type of information had been misused and over three-quarters (80.7%, n=371) indicating that four or fewer types of personal information had been misused.

Figure 8 Number of types of personal information misused in the most serious occasion in the past 12 months (unweighted data)

Source: Identity Crime Survey 2013 [AIC data file]

Participants were asked how they believed their personal information had been obtained on the most serious occasion in the previous 12 months. Weighted responses are provided in Table 18. It is noted that participants could select more than one way in which they believed their personal information had been obtained. For those participants who had indicated how their personal information had been obtained (n=360), the majority (n=229, 63.6%) indicated that only one method had been used (weighted mean=1.4, SD=1.6, range 1–11).

Table 18 How personal information was obtained on the most serious occasion in the previous 12 months (n=460)
Way of obtaining personal information n %
From theft or hacking of a computer or other computerised device (eg smartphone) 92 20.0
From an online banking transaction 90 19.5
By email 84 18.3
From information placed on a website (other than social media, eg online shopping) 72 15.7
From an ATM or EFTPOS transaction 51 11.0
By telephone (excluding SMS) 48 10.5
Theft of mail 44 9.6
From information lost or stolen from a business or other organisation (ie a data breach) 44 9.6
In a face-to-face meeting (eg a job interview or a doorknock appeal) 35 7.5
From information placed on social media (eg Facebook, Linked-in etc) 32 6.9
By text message (SMS) 29 6.4
Theft of an identity or other personal document 9 2.0
Theft of a copy of an identity or other personal document 4 0.8
Other 26 5.7
Don’t know 90 19.7

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Respondents could select multiple types

Source: Identity Crime Survey 2013 [AIC data file]

Participants were asked how they believed their personal information had been misused on the most serious occasion in the previous 12 months. Weighted responses are provided in Table 19. It is noted that participants could select more than one way in which they believed their personal information had been misused.

Table 19 How personal information was misused on the most serious occasion in the previous 12 months (n=460)
Misuse n %
To obtain money from a bank account (excluding superannuation) 163 35.4
To purchase something 150 32.5
To apply for a loan or obtain credit 37 8.1
To file a fraudulent tax return 33 7.2
To obtain money from an investment (eg shares) 30 6.5
To apply for a job 30 6.4
To open a mobile phone account 29 6.4
To apply for government benefits 19 4.1
To provide false information to police 24 5.3
To obtain superannuation monies 23 5.1
To open an online account, such as Facebook, eBay 14 3.2
To rent a property 11 2.3
Other 41 8.9
Don’t know 68 14.7

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Respondents could select multiple types

Source: Identity Crime Survey 2013 [AIC data file]

Participants who indicated that their personal information had been misused to purchase something were asked to specify what was purchased. The most commonly purchased items included airfares and travel (n=23), and electronics, such as computer equipment and mobile phones (n=21). Other purchases included clothing and accessories (such as shoes and watches) (n=11), expenditure on gaming sites (n=6), restaurants and food (n=5), vehicles (including cars and motorbikes) (n=4), hotels (n=4), and cosmetics (n=4). Drugs (n=2) and, in one case, a gun were also purportedly purchased by misusing participants’ personal information.

For those participants who knew how their personal information had been misused (n=386), the weighted number of different ways it had been misused ranged from one to ten (mean=1.5, SD=1.4). Over three-quarters (n=305, 79.0%) indicated just one way in which their personal information had been misused.

Participants were asked how they became aware of the misuse of their personal information on the most serious occasion in the previous 12 months. Weighted responses are provided in Table 20. It is noted that participants could select more than one way in which they had become aware that their personal information had been misused.

Table 20 How misuse of personal information was detected on the most serious occasion in the past 12 months (n=460)
Detection method n %
Received a notification from a bank or financial institution and/or credit card company 199 43.3
Noticed suspicious transactions in bank statements or accounts 153 33.3
Received a bill from a business or company for which they were not responsible 62 13.5
Was unsuccessful in applying for credit 42 9.1
Received a notification from the police 36 7.9
Received a notification from another company 24 5.2
Was contacted by debt collectors 24 5.1
Received a notification from a government agency or authority other than the police 17 3.6
Other 73 15.8

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Respondents could select multiple types.

Source: Identity Crime Survey 2013 [AIC data file]

Most participants (n=366, 79.6%) had detected the most serious misuse of personal information over the past 12 months using just one method. When the data were weighted, the average number of methods used to detect the most serious misuse of personal information was 1.4 (SD=0.9, range=1–6).

Participants were asked how much they were left out-of-pocket due to the misuse of personal information for the most serious occasion in the past 12 months (excluding any money that they were able to recover from banks and any costs associated with repairing what occurred). Summary statistics are shown in Table 21.

Table 21 Summary statistics for financial losses on the most serious occasion
Statistic Out-of-pocket losses ($) Recovered ($)
Number of respondents 260 246
Minimum 1 1
Maximum 310,000 310,000
Mean 4,816 2,209
Median 200 227
Standard deviation 30,541 23,944
25% quartile 50 87
75% quartile 800 920
Total 1,252,177 543,514

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

No financial loss was experienced by 200 participants (43.5%). The remaining 260 participants experienced losses ranging from $1 to $310,000. When the data were weighted, the median financial loss was $200. The distribution was positively skewed as shown in Figure 9, with over three-quarters (75.4%) of participants experiencing losses of up to $800. The total lost on the most serious occasion was $1,252,177.

Figure 9 Distribution of financial losses experienced in respect of the most serious occasion in the preceding 12 months (n)

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

Participants who had been reimbursed by banks or other organisations, or recovered their losses in other ways, in respect of the most serious occasion recovered between $1 and $310,000. When weighted, the median amount recovered was $227. It was found that most participants received reimbursement or recovery of small amounts, with few receiving much higher amounts (see Figure 10).The total amount recovered was $543,514. The remaining 214 participants (46.5%) did not receive any reimbursement or recover any losses in respect of the most serious occasion in the past 12 months.

Figure 10 Distribution of funds reimbursed or recovered in respect of the most serious occasion in the preceding 12 months (n)

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

Characteristics of those who experienced misuse of personal information in the previous 12 months

The characteristics of those who experienced misuse of personal information in the previous 12 months were explored in more detail. Chi-square tests, which test the assumption that the frequencies observed within each cell are obtained by chance, were used for categorical variables. Table 22 shows the results of the chi-square tests for those variables that were found not to have a significant relationship with misuse of personal information in the previous 12 months.

Table 22 Variables that did not have a significant relationship with misuse of personal information in the previous 12 months (n=4,995)
Variable df χ2 Significance
Place of normal residence 14 10.16 .654
Place of normal residence dichotomised (capital city/outside capital city) 1 0.07 .828
Age group 6 7.36 .495
Language spoken at home dichotomised (English/language other than English) 1 0.80 .451

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

In relation to gender, Fisher’s exact test, which is a more conservative statistical measure, was used as an alternative to chi-square, as the assumption that there be no more than 20 percent of the expected frequencies with a value less than five was violated. No significant relationship was found between experiencing misuse of personal information in the previous 12 months and gender (df=2, p=.095).

As shown in Table 23, a significant relationship was found between experiencing misuse of personal information in the previous 12 months and Indigenous status (Indigenous was defined as those who identified as Aboriginal, Torres Strait Islander, or both Aboriginal and Torres Strait Islander) (χ2(2, n=4,995)=37.78, p<.001). These results indicate that those who identified as Indigenous were more likely to experience misuse of their personal information.

Table 23 Contingency table for misuse of personal information in the previous 12 months and Indigenous status (expected frequencies are shown in parentheses)
Indigenous status Misuse of personal information in previous 12 months Total
Yes No
Identified as Indigenous 25 (8) 65 (82) 90
Did not identify as Indigenous 441 (457) 4,410 (4,394) 4,851
Preferred not to say 4 (5) 50 (49) 54
Total 471 4,524 4,995

p<.001

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

A significant relationship was also found between individual gross income category and experience of misuse of personal information in the previous 12 months (χ2(5, 4,995)=32.25, p<.001; see Table 24). These results indicate that those in the lowest income category ($18,200 and under) were less likely to experience misuse of their personal information and those earning $37,001 and above were more likely to experience misuse. Interestingly, those who preferred not to indicate their income were also less likely to experience misuse of their personal information. This may be because they were reluctant to divulge their information and therefore undertake fewer behaviours that may result in personal information being stolen.

Table 24 Contingency table for misuse of personal information in the previous 12 months and individual gross income (expected frequencies are shown in parentheses)
Income category Misuse of personal information in previous 12 months Total
Yes No
$0–$18,200 80 (110) 1,088 (1,058) 1,168
$18,201–$37,000 99 (99) 957 (956) 1,056
$37,001–$80,000 156 (135) 1,281 (1,302) 1,438
$80,001–$180,000 83 (59) 541 (566) 624
$180,001 and over 9 (6) 55 (58) 64
I’d rather not say 42 (61) 603 (584) 645
Total 471 4,524 4,995

p<.001

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

As shown in Table 25, a significant relationship was found between perceptions of the seriousness of misuse of personal information and experiencing misuse of personal information in the previous 12 months (χ2(3, 4,995)=20.74, p<.01), with those who had experienced misuse more likely to perceive it as being very serious.

Table 25 Contingency table for misuse of personal information in the previous 12 months and perceptions of the seriousness of misuse of personal information (expected frequencies are shown in parentheses)
Seriousness Misuse of personal information in previous 12 months Total
Yes No
Very serious 363 (323) 3,071 (3,111) 3,434
Somewhat serious 102 (131) 1,288 (1,259) 1,390
Not very serious 5 (14) 142 (133) 147
Not at all serious 0 (2) 24 (22) 24
Total 471 4,524 4,995

p<.01

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

A significant relationship was also found between perceptions about the risk of misuse of personal information in the next 12 months and experiencing misuse of personal information in the previous 12 months (χ2(4, 4,995)=123.81, p<.001), as shown in Table 26.

Table 26 Contingency table for misuse of personal information in the previous 12 months and perceptions about the risk of misuse of personal information in the next 12 months (expected frequencies are shown in parentheses)
Risk of misuse of personal information Misuse of personal information in previous 12 months Total
Yes No
Risk will increase greatly 169 (93) 819 (895) 989
Risk will increase somewhat 213 (214) 2,057 (2,056) 2,270
Risk will not change 81 (159) 1,609 (1,531) 1,690
Risk will decrease somewhat 7 (2) 16 (21) 23
Risk will decrease greatly 0 (2) 22 (21) 23
Total 471 4,524 4,995

p<.001

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

A Mann-Whitney U Test was used to test for differences in the number of hours spent on a computer or computerised device between those who had experienced misuse of their personal information in the previous 12 months and those who had not. This non-parametric test was used owing to the fact that the dependent variable, number of hours spent on a computer or computerised device, was not normally distributed. The test, which compared the median number of hours for the two groups (those who had experienced misuse in the previous 12 months and those who had not), found that participants who experienced misuse spent significantly more hours on a computer or computerised device than those who had not (z=2.12, p<.05, n=4,987).

As the Mann-Whitney U Test could not be replicated with the weighted data, the number of hours spent on a computer or computerised device variable was normalised using logarithmic transformation so that the parametric alternative, an independent t-test, could be undertaken. With the unweighted data, the t-test also found that those who experienced misuse spent significantly more hours on a computer or computerised device (M=3.07, SD=0.75) than those who had not (M=3.00, SD=0.77; t(4,984)=1.96, p<.05). However, when the data were weighted, the difference was no longer significant (p=.069).

For those who had experienced misuse of their personal information within the previous 12 months, their place of normal residence was dichotomised to compare those who resided in capital cities with those who did not. An analysis was then undertaken of the methods that had been used to obtain their personal information. This was to test whether those who lived in closer density were more likely to have their personal information misused by tactics such as mail theft compared with those who may have lived further apart. Table 27 shows the results of the chi-square tests for those methods by which personal information had been obtained that were found not to have a significant relationship with participants’ place of normal residence.

Table 27 Methods by which personal information had been obtained that did not have a significant relationship with participants’ place of normal residence (dichotomised) (n=460)
Variable df χ2 Significance
In a face-to-face meeting (eg a job interview or a doorknock appeal) 1 3.13 .156
By telephone (excluding SMS) 1 1.53 .328
By text message (SMS) 1 0.40 .596
By email 1 0.01 .919
From theft or hacking of a computer or other computerised device (eg smartphone) 1 0.03 .885
Theft of an identity or other personal document 1 0.90 .335
Theft of a copy of an identity or other personal document 1 0.00 .942
Theft of mail 1 0.78 .474
From an online banking transaction 1 0.02 .896
From information placed on social media (eg Facebook, Linked-in etc) 1 1.15 .391
From an ATM or EFTPOS transaction 1 0.40 .598
Other 1 0.00 .992

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

Table 28 shows the relationship between place of normal residence and data breaches for respondents who had experienced misuse of their personal information in the previous 12 months. It was found that respondents located outside a capital city were significantly more likely than those who were not located outside a capital city to have had their personal information obtained from information lost or stolen from a business or other organisation (ie a data breach; χ2(1, 460)=5.34, p<.05).

Table 28 Contingency table for place of normal residence for participants who experienced misuse of personal information in the previous 12 months and information lost or stolen from a business or other organisation (expected frequencies are shown in parentheses)
Location Information lost or stolen from a business or other organisation Total
Selected Not selected
Capital city 22 (29) 284 (277) 306
Outside capital city 22 (15) 132 (139) 154
Total 44 416 460

p<.05

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

Those who resided outside a capital city were significantly more likely to have had their personal information stolen from information used on a website (other than social media eg online shopping) (χ2(1, n=460)=9.00, p<.05; see Table 29).

Table 29 Contingency table for place of normal residence of participants who experienced misuse of personal information in the previous 12 months and information obtained from a website other than social media (expected frequencies are shown in parentheses)

Location

Information obtained from a website other than social media

Total

Selected Not selected
Capital city 37 (48) 269 (258) 306
Outside capital city 35 (24) 118 (130) 154
Total 72 388 460

p<.05

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

As shown in Table 30, a significant relationship was found between the place of normal residence for those participants who experienced misuse of their personal information in the previous 12 months and not knowing how their personal information had been obtained (χ2(1, n=460)=5.50, p<.05). This table indicates that those who live in capital cities were significantly more likely than those who did not, to know how their personal information had been obtained.

Table 30 Contingency table for place of normal residence of participants who experienced misuse of personal information in the previous 12 months and did not know how their personal information was obtained (expected frequencies are shown in parentheses)
Location Don’t know how personal information was obtained

Total

Selected Not selected
Capital city 51 (60) 256 (246) 306
Outside capital city 40 (30) 114 (123) 154
Total 90 370 460

p<.05

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2013 [AIC data file]

Further analyses were undertaken to test the relationship between the characteristics of respondents who reported a financial loss (n=250) and the amount that they reported losing. As the reported financial loss distribution was positively skewed, this variable was normalised using logarithmic transformation prior to these analyses being undertaken. The data were weighted and t-tests found no significant relationship between the amount of financial loss and gender (dichotomised as male/female, as the respondent who indicated ‘other’ did not report a financial loss; t(249)=0.39, p=.534), location (dichotomised; t(249)=2.32, p=.129) and Indigenous status (dichotomised; t(249)=0.87, p=.353). A significant relationship was found in relation to language spoken at home, with those who spoke English reporting having lost significantly more than those who spoke a language other than English (t(249)=4.94, p<.05).

A one-way between-groups analysis of variance was conducted to explore the impact of income on the amount of financial loss. No statistically significant difference was found between the amount of financial loss and individual gross income (F(5, 245)=1.51, p=.189). Similarly, respondents’ age categories were not significantly related to amount of financial loss (F(6, 244)=2.04, p=.062).

As Figure 4 showed some potentially interesting results, the relationship between age, gender and amount of financial loss was explored further. However, with the transformed data, there were no statistically significant differences between men and women at all age points (F(7, 243)=1.74, p=.101). A series of interaction tests were examined to determine whether any specific age and gender combinations were significant, however, these tests indicated no significant findings.

The number of hours spent dealing with the consequences of identity misuse, as well as the amount of money spent, were normalised using logarithmic transformation and the relationship with these weighted variables and financial loss were investigated using Pearson product-moment correlation coefficients. Both these variables were found to have a significant medium, positive correlation with amount of financial loss, indicating that the higher the financial loss, the more time (r=.36, n=248, p<.001) and money (r=.45, n=187, p<.001) was spent dealing with the consequences.

Related links

Identity crime and misuse in Australia: Results of the 2013 online survey