Australian Institute of Criminology

Skip to content

Results

Characteristics of the sample

In total, 5,000 respondents completed the survey instrument. The data were weighted to reflect the distribution of the population across jurisdictions based on ABS (2014) census data. Table 1 shows the breakdown of respondents by place of normal residence.

Table 1 Respondents by place of normal residence
Location Multiplier Unweighted Weighted
n % n %
Sydney 1.859 551 11.0 1,026 20.5
Other New South Wales 1.909 300 6.0 574 11.5
Melbourne 1.767 530 10.6 938 18.8
Other Victoria 0.999 301 6.0 301 6.0
Brisbane 1.151 421 8.4 485 9.7
Other Queensland 1.160 451 9.0 524 10.5
Perth 0.656 650 13.0 427 8.5
Other Western Australia 0.586 200 4.0 118 2.4
Adelaide 0.429 650 13.0 280 5.6
Other South Australia 0.410 200 4.0 82 1.6
Canberra 0.258 320 6.4 83 1.7
Hobart 0.235 200 4.0 47 0.9
Other Tasmania 0.376 170 3.4 64 1.3
Darwin 0.706 41 0.8 29 0.6
Other NT 1.516 15 0.3 23 0.5
Total 5,000 100 5,000 100.0

Note: Percentages may not total 100 and weighted figures may not total 5,000 due to rounding

Source: Identity Crime Survey 2014 [AIC data file]

Only respondents aged 15 years and over were eligible to participate in the survey. Tables 2 and 3 show the respondents’ weighted distributions by gender and age group respectively.

Table 2 Respondents by gender
Gender n %
Male 2,115 42.3
Female 2,878 57.6
Other 7 0.1
Total 5,000 100.0

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Percentages may not total 100 and weighted figures may not total 5,000 due to rounding

Source: Identity Crime Survey 2014 [AIC data file]

Table 3 Respondents by age
Age group n %
17 years and under 184 3.7
18–24 years 303 6.1
25–34 years 826 16.5
35–44 years 977 19.5
45–54 years 1,083 21.7
55–64 years 877 17.5
65 years and over 750 15.0
Total 5,000 100.0

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Percentages may not total 100 and weighted figures may not total 5,000 due to rounding Source: Identity Crime Survey 2014 [AIC data file]

Respondents were asked what language was most often spoken at home. These responses were recoded using the ABS’s (2011) Australian Standard Classification of Languages, although in this instance English has been disaggregated from ‘Northern European’ languages. Table 4 shows the respondents’ weighted distributions by language most often spoken at home. This indicates that only about five percent of those surveyed most often spoke a language other than English at home.

Table 4 Respondents by language most often spoken at home
Year 2014 2014
Language classification n %
English 4,724 94.5
Southern Asian 51 1.0
Eastern Asian 69 1.4
Southeast Asian 47 0.9
Eastern European 26 0.5
Southern European 30 0.6
Northern European 12 0.2
Southwest and Central Asian 10 0.2
Other languages 30 0.6
Australian Indigenous 0 0.0
Total 5,000 100.0

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Percentages may not total 100 and weighted figures may not total 5,000 due to rounding

Source: Identity Crime Survey 2014 [AIC data file]

Participants were also asked if they identified as Aboriginal or Torres Strait Islander. Weighted responses are provided in Table 5 and show that two percent of those surveyed identified as either Aboriginal or Torres Strait Islander.

Table 5 Respondents who identified as Aboriginal or Torres Strait Islander
Year 2014 2014
Aboriginal and Torres Strait Islander status n %
Aboriginal 85 1.7
Torres Strait Islander 8 0.2
Both Aboriginal and Torres Strait Islander 4 0.1
No 4,851 97.0
Rather not say 53 1.0
Total 5,000 100.0

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Percentages may not total 100 and weighted figures may not total 5,000 due to rounding Source: Identity Crime Survey 2014 [AIC data file]

Participants were asked to categorise their individual gross income (before tax had been deducted) from all sources for the year 2013–14. Weighted responses are provided in Table 6.

Table 6 Respondents by individual gross income 2013–14
Year 2014 2014
Income category n %
$0–$18,200 1,001 20.0
$18,201–$37,000 1,166 23.3
$37,001–$80,000 1,373 27.5
$80,001–$180,000 715 14.3
$180,001 and over 70 1.4
I’d rather not say 675 13.5
Total 5,000 100.0

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Percentages may not total 100 and weighted figures may not total 5,000 due to rounding

Source: Identity Crime Survey 2014 [AIC data file]

Respondents were asked how many hours in the previous week they had spent using a computer or computerised device, including desktops, laptops, smartphones and tablets. Responses (after weighting) ranged from zero to 168 (mean=25.7, SD=18.5, n=4,991). As Figure 3 demonstrates, similar to 2013, in 2014, the majority (77.8%) of respondents spent 35 hours or less on a computerised device per week. Some respondents, however, recorded spending much longer hours.

Figure 3 Number of hours spent the previous week using a computer or computerised device

Figure 4 Number of hours spent the previous week using a computer or computerised device for work-related activities

Source: Identity Crime Survey 2014 [AIC data file]

Respondents were also asked how many hours in the previous week they had spent using a computer or computerised device for work-related activities. Responses ranged from zero to 100 hours (mean=8.4, SD=13.3, n=5,000). As shown in Figure 4, the distribution was also positively skewed, with the majority (75.9%) of respondents spending 12 hours or less on a computerised device per week for work purposes.

Perceptions of misuse of personal information

The survey sought the views of participants on a number of matters concerning how they perceived the risk of misuse of personal information, how serious they perceived such conduct to be and what changes were likely to occur in the years ahead. Although some participants may have had access to independent verifiable evidence relating to these matters, others would not. The responses, therefore, reflected the personal views of participants at the time of the survey and cannot be said to be indicative of objective factual information.

Participants were asked initially, in terms of harm to the Australian economy, how serious they thought misuse of personal information was. As shown in the weighted responses provided in Table 7, most respondents (96.3%) believed the misuse of personal information was a very serious or somewhat serious issue. These results were similar to those from the 2013 survey (96.6%).

Table 7 Respondents’ perceptions about the seriousness of misuse of personal information
Year 2013 2014 2014
Seriousness % n %
Very serious 68.8 3,403 68.1
Somewhat serious 27.8 1,409 28.2
Not very serious 2.9 154 3.1
Not at all serious 0.5 34 0.7
Total 100.0 5,000 100.0

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Percentages may not total 100 and weighted figures may not total 5,000 due to rounding

Source: Identity Crime Survey 2014 [AIC data file]

Participants were also asked if they thought the risk of someone misusing their personal information would change over the next 12 months. Two-thirds of those surveyed (67%) thought the risk of their personal information being misused would increase greatly or somewhat over the next year. This was slightly higher than in 2013 (65.2%). Weighted responses are provided in Table 8.

Table 8 Respondents’ perceptions about the risk of misuse of their personal information in the next 12 months
Year 2013 2014 2014
Risk of misuse of personal information % n %
Risk will increase greatly 19.8 1,099 22.0
Risk will increase somewhat 45.4 2,252 45.0
Risk will not change 33.8 1,607 32.1
Risk will decrease somewhat 0.5 25 0.5
Risk will decrease greatly 0.5 17 0.3
Total 100.0 5,000 100.0

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Percentages may not total 100 and weighted figures may not total 5,000 due to rounding

Source: Identity Crime Survey 2014 [AIC data file]

Participants were asked if they were aware that a person who has had their personal information misused could apply to a court to obtain a victim certificate to prove what occurred and were asked if they had done so in the past. Weighted responses are provided in Table 9.

Table 9 Respondents’ awareness of victim certificates
Year 2013 2014 2014
Awareness of victim certificates % n %
I am aware of such certificates, and have applied for one in the past 3.4 171 3.4
I am aware of such certificates, but have not applied for any 11.2 576 11.5
I am unaware of such certificates 85.5 4,253 85.0
Total 100.0 5,000 100.0

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Percentages may not total 100 and weighted figures may not total 5,000 due to rounding

Source: Identity Crime Survey 2014 [AIC data file]

It should be noted that the number of respondents (n=171) who reported being aware of victim certificates and had applied for them in the past is low. This percentage (which is identical to the 2013 result) does not parallel the number of victim certificates applied for through the court system.

Experience of misuse of personal information

Participants were asked if their personal information had been misused at any time in the past, as well as any time in the previous 12 months. Of the 5,000 respondents, 1,008 (20.2%) experienced identity misuse at some time in their lives. This finding is almost identical to the 2013 results, which saw 1,032 (20.7%) experiencing identity misuse at some time in their lives. The unweighted data by place of normal residence are presented in Table 10. When data were weighted to restore national representativeness, 1,019 (20.4%) reported experiencing identity misuse at some time in their lives.

Table 10 Respondents who experienced misuse of their personal information at any time in the past by place of normal residence (unweighted data)
Year 2013 2014 2014
Location % n %
Sydney (n=551) 22.2 132 24.0
Other New South Wales (n=300) 20.0 48 16.0
Melbourne (n=530) 22.3 126 23.8
Other Victoria (n=301) 20.0 56 18.6
Brisbane (n=421) 16.7 73 17.3
Other Queensland (n=451) 20.4 73 16.2
Perth (n=650) 20.7 118 18.2
Other Western Australia (n=200) 23.5 45 22.5
Adelaide (n=650) 21.2 127 19.5
Other South Australia (n=200) 21.0 43 21.5
Canberra (n=320) 20.7 78 24.4
Hobart (n=200) 18.5 41 20.5
Other Tasmania (n=170) 18.8 30 17.7
Darwin (n=41) 17.5 16 39.0
Other Northern Territory (n=15) 21.4 3 20.0
National (n=5,000) 20.7 1,008 20.2

Source: Identity Crime Survey 2014 [AIC data file]

Participants were also asked about misuse of their personal information in the previous 12 months. For the total sample (n=5,000), 8.7 percent (n=434) of respondents experienced identity misuse in the past 12 months. This represents a slight decline on 2013 results, which indicated that 9.2 percent (n=460) of respondents experienced identity misuse during that period. The unweighted data by place of normal residence are presented in Table 11. When data were weighted to restore national representativeness, 446 (8.9%) reported experiencing identity misuse in the past 12 months.

Table 11 Respondents who experienced misuse of their personal information in the past 12 months by place of normal residence (unweighted data)
Year 2013 2014 2014
Location % n %
Sydney (n=551) 10.0 57 10.3
Other New South Wales (n=300) 10.3 20 6.7
Melbourne (n=530) 10.3 62 11.7
Other Victoria (n=301) 6.5 23 7.6
Brisbane (n=421) 6.9 28 6.7
Other Queensland (n=451) 10.0 31 6.9
Perth (n=650) 9.6 51 7.9
Other Western Australia (n=200) 9.5 19 9.5
Adelaide (n=650) 9.5 53 8.2
Other South Australia (n=200) 7.5 19 9.5
Canberra (n=320) 8.6 32 10.0
Hobart (n=200) 9.0 14 7.0
Other Tasmania (n=170) 7.1 15 8.8
Darwin (n=41) 10.0 9 22.0
Other Northern Territory (n=15) 14.3 1 6.7
National (n=5,000) 9.2 434 8.7

Source: Identity Crime Survey 2014 [AIC data file]

Locations with respondents who experienced higher than the national rates of misuse of personal information over their lifetime as well as the previous 12 months included Australia’s largest population centres, Melbourne and Sydney. Other areas with above-average lifetime and 12-month prevalence estimates include Canberra, regional Western Australia and regional South Australia.

The 434 respondents who experienced misuse of their personal information within the past 12 months were asked further questions relating to their experience. In 2014, the number of separate occasions on which participants believed that their personal information had been misused ranged from one to 200 (mean=2.9, SD=11.2, n=434). As shown in Figure 5, more than half of participants (53.3%) believed that their personal information had been misused on only a single occasion, which is similar to the findings for 2013 (53.7%).

Figure 5 Number of separate occasions participants believed their personal information had been misused

Source: Identity Crime Survey 2014 [AIC data file]

Losses, costs and consequences resulting from the misuse of personal information

Participants who had experienced misuse of their personal information within the past 12 months were asked how much they were left out-of-pocket as a result, excluding any money that they were able to recover from banks and any costs associated with repairing what occurred. Summary statistics are shown in Table 12.

Table 12 Summary statistics for financial losses over 12 months
Year 2013 2014 2013 2014
Statistic Out-of-pocket losses ($) Out-of-pocket losses ($) Recovered ($) Recovered ($)
Number of respondents 250 240 255 250
Minimum 1 1 2 1
Maximum 310,000 200,000 310,000 2,000,000
Mean 4,101 3,572 2,381 15,317
Median 247 300 300 350
Standard deviation 34,062 19,554 23,478 167,916
25% quartile 80 28 98 120
75% quartile 1,000 1,000 1,000 998
Total 1,025,250 858,599 607,164 3,831,440

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2014 [AIC data file]

In 2014, 240 participants indicated suffering a financial loss ranging between $1 and $200,000. The median loss was $300 and total losses amounted to $858,599. This compares with 2013, when 250 respondents experienced a median loss of $247. As with 2013, in 2014, the distribution of losses is positively skewed, with the majority of participants experiencing smaller losses. The distribution of out-of-pocket losses suffered by respondents is shown in Figure 6.

Figure 6 Distribution of financial losses experienced in the preceding 12 months (n)

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2014 [AIC data file]

Participants who had been reimbursed by banks or other organisations, or recovered their losses in other ways, as the result of the misuse of their personal information in the previous 12 months, recovered between $1 and $2,000,000. When the data were weighted, the mean amount reimbursed or recovered was $15,317, and the median amount reimbursed or recovered was $350. While the total recovered losses in 2014 ($3,831,440) were significantly higher than in 2013 ($607,164) this was skewed by a single reported recovery totalling $2m dollars, which was somewhat of an outlier, given that the next highest figure reimbursed was $60,000.

Figure 7 Distribution of funds reimbursed or recovered in the preceding 12 months (n)

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2014 [AIC data file]

Figure 8 shows the average loss by age and gender for those who reported a financial loss in 2014 (n=240). As the number within each category was relatively small, the averages reported here are sensitive to statistical outliers or high values in excess of $6,000 that were reported by few respondents (see Figure 6). Therefore, further analyses are reported below to determine the statistical significance of the relationship between the amount of financial loss, age and gender.

Participants were asked what other negative consequences they had experienced as a result of having their personal information misused over the previous 12 months. Any causal connection between misuse of personal information and the specified consequences was not suggested, and participants were asked to make their own judgment about whether the results occurred ‘as a result’ of the misuse or not. Participants were able to select multiple responses. Weighted responses for the other consequences that were experienced are provided in Table 13.

Figure 8 Average financial loss by age and gender ($)

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2014 [AIC data file]

Table 13 Consequences experienced as the result of personal information being misused in the previous 12 months (n=446)
Year 2013 (n=460) 2014 2014
Consequences % n %
I was refused credit 14.1 67 14.9
I experienced mental or emotional distress requiring counselling or other treatment 10.7 53 11.9
I was wrongly accused of a crime 5.5 23 5.2
I experienced physical health problems requiring medical treatment by a doctor 5.4 30 6.7
I had to commence legal action to clear debts and/or to clear my name 5.0 25 5.5
I experienced financial difficulties resulting in the repossession of a house or land, motor vehicle or other items 4.8 22 4.8
I experienced other reputational damage 4.4 11 2.6
I was refused government benefits 3.8 23 5.2
I was refused other services 2.2 12 2.7

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2014 [AIC data file]

Participants who had been refused other services were asked to specify the type of service they had been refused as a result of their personal information being misused. These included access to existing credit cards (n=3), bank accounts (n=2) and utility services (n=2). Responses provided by participants in relation to other reputational damage that had been experienced as a result of misuse of personal information included:

  • ‘I also had two regular payments dishonoured because of lack of funds in my account, which had been hacked’;
  • ‘Someone claiming to be me was submitting my CV in order to get work’;
  • ‘My credit company called my work and gave the impression I owed money’;
  • ‘My licence details were used in another country’; and
  • ‘People on my mailing list felt my emails could not be trusted’.

Participants were also able to outline other consequences they had experienced. In many cases, participants provided context to the answers they had already given in the categories provided. For example, responses included:

  • ‘I experienced financial difficulties resulting in not being able to afford food’;
  • ‘I got a dishonour fee from my bank’;
  • ‘I had to cancel an ATM card’;
  • ‘They came to arrest me’;
  • ‘I was put into debt for a while as I couldn’t pay some bills and got behind’;
  • ‘I had to change all my passwords and credit card details’; and
  • ‘My bank account was frozen for three days’.

In addition, the 446 participants who experienced the misuse of personal information in the previous 12 months were asked how many hours they had spent dealing with the consequences. This included, for example, the time taken to have their credit rating fixed, having new cards issued or accounts changed. The weighted number of hours ranged from none to 500 (the same as in 2013), with a mean of 15.3 hours and a standard deviation of 42.4 hours (compared with a mean of 18.1 hours and a standard deviation of 49.5 hours in 2013). More than half (55.7%) spent three hours or less dealing with the consequences of personal information misuse (compared with 50% in 2013).

Participants were also asked how much money they had spent dealing with the consequences of having their personal information misused over the previous 12 months. This included, for example, the cost of getting legal advice, lost income, telephone charges or postage and fees. A nil cost was experienced by 227 (50.9%) participants in 2014 (compared with 43.9% of participants in 2013). For the remainder of participants who experienced misuse in the previous 12 months, the weighted estimated financial cost to deal with the consequences ranged from $1 to $100,000 (mean=$1,358.77, SD=$9,104.01) compared with a range of $1 to $60,000 in 2013 (mean=$576.23, SD=$3,615.32). In 2014, half (50.2%) of participants spent $35 or less dealing with the consequences of having their personal information misused over the previous 12 months (compared with 50.4% of participants spending $40 or less in 2013).

Reporting the misuse of personal information

Of 446 participants who experienced misuse of their personal information in the previous 12 months, 45 (10.1%) did not report in any way in 2014 (compared with 8.9% in 2013). A further 216 participants (48.5%) told a friend or family member (compared with 53.5% in 2013), while 47 (10.6%) told a government agency or a business organisation (compared with 7.8% in the previous year). Finally, 138 (31%) told a friend or family member as well as a government agency or business organisation (compared with 29.8% in the previous year).

Respondents were also asked to specify which government agency or business organisation they had reported to and how satisfied they were with the outcome. As shown in the weighted responses provided in Table 14, the majority of reports resulted in a very satisfactory or satisfactory outcome. It is noted that the 179 participants who responded to this question (six provided no response) reported to a weighted average of 1.9 agencies or organisations about the misuse of their personal information in the previous 12 months (range=1–6, SD=1.2), compared with an average of 2.1 agencies/organisations in 2013.

Table 14 Government agencies and business organisations reported to and satisfaction with the response
Agency/organisation reported to Level of satisfaction
Very satisfied Satisfied Unsatisfied Very unsatisfied
A bank or credit union, a credit/debit card company (eg Visa or MasterCard) or an e-commerce provider (eg PayPal) (n=125) n 63 34 15 13
% 50.6 26.9 11.8 10.6
A policing agency (n=51) n 14 14 17 6
% 27.2 26.9 33.3 12.5
A consumer protection agency (eg SCAMwatch, Consumer Affairs, Office of Fair Trading) (n=20) n 2 10 3 5
% 10.1 49.3 14.9 25.6

An internet service provider (n=24)

n 6 10 5 3
% 24.7 42.3 21.2 11.7
A credit reporting agency (eg Veda or Dun & Bradstreet) (n=11) n 6 2 3
% 50.8 19.3 29.9
A utility company (eg gas, electricity, telephone, water) (n=14) n 3 7 2 2
% 21.3 53 12.9 12.9
Medicare Australia (n=8) n 5 3
% 63.3 36.7

A media organisation (n=9)

n 5 2 2
% 57.4 22.1 20.5
The Passport Office (n=3)a n
%
A road traffic authority (n=4)a n
%
Other (n=19) n 8 2 5 4
% 41.9 10.3 25.9 21.7

– not applicable

a Agencies/organisations with fewer than five responses were excluded from the analysis

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Percentages may not total 100 due to rounding

Source: Identity Crime Survey 2014 [AIC data file]

Figure 9 shows the percentage of respondents who were satisfied or very satisfied with the response by each agency. As shown, participants were most satisfied with the response provided by a bank or credit union, credit/debit card company or e-commerce provider (77.5% responded either satisfied or very satisfied), a utility company (74.3%) and by a credit reporting agency (70.1%).

Figure 9 Respondents who were satisfied or very satisfied with the response, by agency (%)

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2014 [AIC data file]

The participants who indicated that they had not reported the misuse of their personal information were asked why they had not. Weighted responses are provided in Table 15. Participants could select more than one reason for not reporting.

Reasons for not reporting under other included ‘the bank did all the work’, ‘it wasn’t that big of a deal’, ‘it was not worth the time for such a small amount’ and ‘it was taken care of by authorities in USA at no loss to us’.

Table 15 Reasons for not reporting misuse of personal information (n=45)
Year 2013 2014 2014
Reason for not reporting % n %
I did not believe the police or any other authority would be able to do anything 39.5 15 32.5
I was too embarrassed to report it 23.6 6 14.0
I did not know how or where to report the matter 23.1 16 35.2
I did not believe it was a crime 12.0 8 18.0
Other 22.1 6 12.8

Note: Data were weighted to reflect the distribution of the population across jurisdictions.

Source: Identity Crime Survey 2014 [AIC data file]

Behavioural changes arising from the misuse of personal information

Participants were asked how their behaviour had changed as a direct result of having their personal information misused. Weighted responses are provided in Table 16. It is noted that participants could select more than one way in which their behaviour had changed. When the data were weighted, almost all (91.6%, n=408) participants who experienced misuse of their personal information in the previous 12 months indicated that they had changed their behaviour in some way as a direct result of their experience—a similar result to the previous 12 months.

Table 16 Behavioural changes resulting from the misuse of personal information (n=446)
Year 2013 2014 2014
Behavioural change % n %
Changed password(s) 48.5 250 56.1
More careful when using or sharing personal information 48.1 172 38.6
Changed banking details 42.5 151 34.0
Review financial statements more carefully 39.6 177 39.6
Don’t trust people as much 39.0 143 32.1
Use better security for computer or other computerised devices 37.9 136 30.4
Shred personal documents before disposing of them 27.6 122 27.5
Changed email address(es) 15.8 53 11.8
Changed social media account(s) 13.6 50 11.1
Lock mailbox 12.3 46 10.3
Redirect mail when away or move residence 9.7 30 6.7
Changed telephone number(s) 9.4 35 7.8
Applied for a credit report 8.8 28 6.4
Use a registered post box 7.8 35 7.8
Changed place of residence 7.1 13 2.9
Signed up for a commercial identity theft alert/protection service 5.8 20 4.6
Other 4.0 22 4.9
Behaviour has not changed 5.9 37 8.4

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2014 [AIC data file]

The most serious occasion of misuse of personal information in the previous 12 months

Participants who experienced misuse of their personal information within the previous 12 months were asked further questions about the most serious occasion on which misuse had occurred during this time. The most serious occasion was defined as the occasion that resulted in the largest financial or other harm to the participant. The aim was to seek participants’ own best recollections or assessments of the facts and circumstances in question, although it should be emphasised that some participants might not have had access to evidence sufficient to answer these questions with certainty. Future surveys could include additional questions that assess the level of certainty in terms of evidence on which participants based their answers to these questions.

Type of information

Weighted responses for the types of personal information that had been misused are provided in Table 17. It is noted that participants could select more than one type of personal information that had been misused.

Table 17 Types of personal information respondents believed were misused in the most serious occasion in the previous 12 months (n=446)
Year 2013 2014 2014
Type of personal information % n n
Credit/debit card information 52.3 231 51.8
Name 40.2 163 36.7
Bank account information 31.1 110 24.6
Address 24.6 110 24.7
Date of birth 22.0 95 21.4
Gender 18.9 61 13.7
Password 18.8 94 21.2
Online account username 18.0 65 14.6
Computer username 14.7 51 11.4
Driver’s licence information 10.2 33 7.3
Place of birth 9.5 41 9.1
Signature 8.1 29 6.4
Personal identification number (PIN) 8.0 25 5.6
Tax file number (TFN) 6.7 14 3.2
Medicare information 5.3 16 3.5
Passport information 4.9 17 3.8
Student number 2.8 4 1.0
Biometric information (eg fingerprint) 2.2 1 0.2
Holder identification number (HIN) 2.2 1 0.2
Other 6.8 44 9.8

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Respondents could select multiple types

Source: Identity Crime Survey 2014 [AIC data file]

Participants indicated that between one and 19 different types of personal information had been misused in the most serious occasion in the past 12 months (weighted mean=2.7, SD=3.3, n=434). As shown in Figure 10, this distribution is positively skewed, with almost half (44%) of participants indicating that only one type of information had been misused and eight in 10 participants noting that four or fewer types were misused.

Figure 10 Number of types of personal information misused in the most serious occasion in the past 12 months (unweighted data)

Source: Identity Crime Survey 2014 [AIC data file]

Source of information

Participants were asked how they believed their personal information had been obtained on the most serious occasion of misuse in the previous 12 months. Weighted responses are provided in Table 18. It is noted that participants could select more than one way in which they believed their personal information had been obtained.

For those participants who had indicated how their personal information had been obtained (n=339), the majority (n=231, 68.2%) indicated that only one method had been used (weighted mean=1.5, SD=0.9, range 1–6).

Table 18 How personal information was obtained on the most serious occasion in the previous 12 months (n=446)
Year 2013 (n=460) 2014 2014
Way of obtaining personal information % n %
From theft or hacking of a computer or other computerised device (eg smartphone) 20.0 90 20.2
From an online banking transaction 19.5 67 15.1
By email 18.3 58 12.9
From information placed on a website other than social media (eg online shopping) 15.7 60 13.5
From an ATM or EFTPOS transaction 11.0 29 6.4
By telephone (excluding SMS) 10.5 37 8.4
Theft of mail 9.6 32 7.2
From information lost or stolen from a business or other organisation (i.e. a data breach) 9.6 44 10.0
In a face-to-face meeting (eg a job interview or a doorknock appeal) 7.5 24 5.3
From information placed on social media (eg Facebook, Linked-in) 6.9 25 5.6
By text message (SMS) 6.4 18 4.1
Theft of an identity or other personal document 2.0 6 1.3
Theft of a copy of an identity or other personal document 0.8 3 0.6
Other 5.7 33 7.4
Don’t know 19.7 102 23

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Respondents could select multiple types

Source: Identity Crime Survey 2014 [AIC data file]

Misuse of information

Participants were asked how they believed their personal information had been misused on the most serious occasion in the previous 12 months. Weighted responses are provided in Table 19. It is noted that participants could select more than one way in which they believed their personal information had been misused.

Table 19 How personal information was misused on the most serious occasion in the previous 12 months (n=446)
Year 2013 (n=460) 2014 2014
Misuse % n %
To obtain money from a bank account (excluding superannuation) 35.4 111 24.8
To purchase something 32.5 160 35.8
To apply for a loan or obtain credit 8.1 22 5.0
To file a fraudulent tax return 7.2 25 5.6
To obtain money from an investment (eg shares) 6.5 8 1.7
To apply for a job 6.4 12 2.7
To open a mobile phone account 6.4 15 3.3
To apply for government benefits 4.1 13 2.8
To provide false information to police 5.3 21 4.6
To obtain superannuation monies 5.1 12 2.7
To open an online account, such as Facebook, eBay 3.2 18 4.1
To rent a property 2.3 8 1.8
Other 8.9 54 12.1
Don’t know 14.7 76 17.0

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Respondents could select multiple types

Source: Identity Crime Survey 2014 [AIC data file]

Participants who indicated that their personal information had been misused to purchase something were asked to specify what was purchased. A wide range of purchases was identified, among the most frequent of which were consumer electrical goods (n=21), airfares and travel (n=16), fashion (n=15), gambling (n=7), phones (n=6) and hotels (n=6).

For those participants who knew how their personal information had been misused (n=446) the weighted number of different ways in which it had been misused ranged from one to five (mean=1.2, SD=0.6). More than eight in 10 (n=370, 84.9%) indicated just one way in which their personal information had been misused (compared with 79% in 2013).

Detection methods

Participants were asked how they became aware of the misuse of their personal information on the most serious occasion in the previous 12 months. Weighted responses are provided in Table 20. It is noted that participants could select more than one way in which they had become aware that their personal information had been misused.

Table 20 How misuse of personal information was detected on the most serious occasion in the past 12 months (n=446)
Year 2013 (n=460) 2014 2014
Detection method % n %
Received a notification from a bank or financial institution and/or credit card company 43.3 174 38.9
Noticed suspicious transactions in bank statements or accounts 33.3 148 33.3
Received a bill from a business or company for which they were not responsible 13.5 33 7.4
Was unsuccessful in applying for credit 9.1 22 4.9
Received a notification from police 7.9 38 8.4
Received a notification from another company 5.2 32 7.2
Was contacted by debt collectors 5.1 18 4.1
Received a notification from a government agency or authority other than the police 3.6 3 0.6
Other 15.8 81 18.2

Note: Data were weighted to reflect the distribution of the population across jurisdictions. Respondents could select multiple types

Source: Identity Crime Survey 2014 [AIC data file]

Most participants (n=353, 79.2%) had detected the most serious misuse of personal information over the past 12 months using just one method, which was similar to the results for 2013 (79.6%). When the data were weighted, the mean number of methods used to detect the most serious misuse of personal information was 1.2 (SD=0.6, range=1–6).

Out-of-pocket losses

Participants were asked how much they were left out-of-pocket due to the misuse of personal information for the most serious occasion in the past 12 months (excluding any money that they were able to recover from banks and any costs associated with repairing what occurred). Summary statistics are shown in Table 21.

Table 21 Summary statistics for financial losses on the most serious occasion
Year 2013 2014 2013 2014
Statistic Out-of-pocket losses ($) Out-of-pocket losses ($) Recovered ($) Recovered ($)
Number of respondents 260 224 246 244
Minimum 1 1 1 1
Maximum 310,000 200,000 310,000 60,000
Mean 4,816 3,687 2,209 1,318
Median 200 200 227 350
Standard deviation 30,541 20,181 23,944 4,505
25% quartile 50 50 87 100
75% quartile 800 750 920 1,000
Total 1,252,177 824,800 543,514 321,653

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2014 [AIC data file]

In 2014, 222 participants (49.8%) experienced no financial loss (compared with 43.5% in 2013). The remaining 224 participants experienced losses ranging from $1 to $200,000. When the data were weighted, the median financial loss was $200. The distribution was positively skewed, as shown in Figure 11, with more than three-quarters (76%) of participants experiencing losses of up to $750. The total lost on the most serious occasion was $824,800 (compared with $1,252,177 in 2013).

Figure 11 Distribution of financial losses experienced on the most serious occasion in the preceding 12 months (n)

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2014 [AIC data file]

Funds recovered

Among the 244 participants who had been reimbursed by banks or other organisations, or recovered their losses in other ways, in respect of the most serious occasion, recovered between $1 and $60,000. When weighted, the median amount recovered was $350. It was found that most participants received reimbursement or recovery of small amounts, with few receiving higher amounts (see Figure 12). The total amount recovered was $321,653 (compared with $543,514 in 2013). The remaining 202 (45.3%) participants did not receive any reimbursement or recover anything from the most serious occasion of misuse in the previous 12 months.

Figure 12 Distribution of funds reimbursed or recovered in the most serious occasion in the preceding 12 months (n)

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2014 [AIC data file]

Characteristics of those who experienced misuse of personal information in the previous 12 months

The characteristics of those who experienced misuse of personal information in the previous 12 months were explored in more detail. Chi-square tests (χ2), which test the assumption that the frequencies observed within each cell are obtained by chance, were used for categorical variables (those with two or more categories but no agreed way in which to order them). Using weighted data, the results of chi-square tests indicated that for a number of variables there was no significant relationship with misuse of personal information in the previous 12 months. These variables were:

  • age group;
  • gender;
  • place of normal residence;
  • place of normal residence dichotomised (capital city/outside capital city);
  • language spoken at home dichotomised (English/language other than English); and
  • perception of seriousness of misuse of information.

As shown in Table 22, a significant relationship was found between experiencing misuse of personal information in the previous 12 months and Indigenous status (Indigenous was defined as those who identified as Aboriginal, Torres Strait Islander or both Aboriginal and Torres Strait Islander) (χ2 (2, n=5,000)=11.31, p<0.05). These results indicate that those who identified as Indigenous were more likely than others to experience misuse of their personal information.

Table 22 Contingency table for misuse of personal information in the previous 12 months and Indigenous status (expected frequencies are shown in parentheses)
Indigenous status Misuse of personal information in previous 12 months Total
Yes No
Identified as Indigenous 18 (9) 79 (88) 97
Did not identify as Indigenous 422 (433) 4,429 (4,418) 4,851
Preferred not to say 6 (5) 46 (48) 52
Total 446 (446) 4,554 (4,554) 5,000

p<0.05

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2014 [AIC data file]

The results of Table 23 indicate that those in the lowest income category ($18,200 and under) were less likely to experience misuse of their personal information and those earning $37,001 and above were more likely to experience misuse (χ2 (5, n=5,000)=36.24, p<0.001).

Table 23 Contingency table for misuse of personal information in the previous 12 months and individual gross income (expected frequencies are shown in parentheses)
Income category Misuse of personal information in previous 12 months Total
Yes No
$0–$18,200 60 (89) 941 (912) 1,001
$18,201–$37,000 108 (104) 1,058 (1,062) 1,166
$37,001–$80,000 137 (122) 1,236 (1,250) 1,373
$80,001–$180,000 85 (64) 630 (651) 715
$180,001 and over 14 (6) 56 (64) 70
I’d rather not say 42 (60) 633 (615) 675
Total 446 4,554 5,000

p<0.001

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2014 [AIC data file]

A significant relationship was also found between perceptions of the risk of misuse of personal information in the next 12 months and experiencing misuse of personal information in the previous 12 months (χ2(4, n=5,000)=118.11, p<0.001), as shown in Table 24. Those who had experienced misuse of personal information in the previous 12 months were more likely than expected to perceive that risks would increase in future.

Table 24 Contingency table for misuse of personal information in the previous 12 months and perceptions about the risk of misuse of personal information in the next 12 months (expected frequencies are shown in parentheses)
Risk of misuse of personal information Misuse of personal information in previous 12 months Total
Yes No
Risk will increase greatly 167 (98) 932 (1,001) 1,099
Risk will increase somewhat 214 (201) 2,039 (2,052) 2,252
Risk will not change 58 (143) 1,549 (1,464) 1,607
Risk will decrease somewhat 6 (2) 19 (23) 25
Risk will decrease greatly 1 (1) 15 (15) 17
Total 446 4,554 5,000

p<0.001

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2014 [AIC data file]

A Mann-Whitney U test was used to test for differences in the number of hours spent on a computer or computerised device between those who had experienced misuse of their personal information in the previous 12 months and those who had not. This non-parametric test was used because the dependent variable—the number of hours spent on a computer or computerised device—was not normally distributed. The test, which compared the median number of hours for the two groups (those who had experienced misuse in the previous 12 months and those who had not), found that participants who experienced misuse spent significantly more hours on a computer or computerised device than those who had not (z=–2.10, p<0.05, n=4,995).

As the Mann-Whitney U test could not be replicated with the weighted data, the number of hours spent on a computer or computerised device variable was normalised using logarithmic transformation so that the parametric alternative, an independent t-test, could be undertaken. With the unweighted data, the t-test also found that those who experienced misuse spent significantly more hours on a computer or computerised device (M=3.06, SD=0.79) than those who had not (M=2.97, SD=0.81; t(4)=2.09, p<0.05). When the data were weighted, however, the difference was no longer significant (p=0.051).

For those who had experienced misuse of their personal information within the previous 12 months, their place of normal residence was dichotomised to compare those who resided in capital cities with those who did not. An analysis was then undertaken of the methods that had been used to obtain their personal information. This was to test whether those who lived in closer density were more likely to have their personal information misused by tactics such as mail theft than those who lived further apart. A number of the methods used to obtain personal information were found to be statistically unrelated to participants’ place of normal residence. These were:

  • in a face-to-face meeting (eg a job interview or a doorknock appeal);
  • by telephone (excluding SMS);
  • by text message (SMS);
  • by email;
  • from theft or hacking of a computer or other computerised device (eg smartphone);
  • theft of an identity or other personal document;
  • theft of a copy of an identity or other personal document;
  • from information lost or stolen from a business or other organisation (i.e. a data breach);
  • from an online banking transaction;
  • from information placed on social media (eg Facebook, Linked-in);
  • from information placed on a website (other than social media);
  • from an ATM or EFTPOS transaction;
  • other; and
  • don’t know how personal information was obtained.

Table 25 shows the relationship between place of normal residence and theft of mail for respondents who had experienced misuse of their personal information in the previous 12 months. It was found that respondents located in a capital city were significantly more likely than those who were not in a capital city to have their personal information obtained from the theft of their mail (χ2(1, n=446)=6.14, p<0.05).

Table 25 Contingency table for place of normal residence of participants who experienced misuse of personal information in the previous 12 months and information lost or stolen from theft of mail (expected frequencies are shown in parentheses)
Location Information lost or stolen from theft of mail Total
Selected Not selected
Capital city 29 (23) 293 (299) 322
Outside capital city 3 (9) 121 (115) 124
Total 32 414

Note: Data were weighted to reflect the distribution of the population across jurisdictions

Source: Identity Crime Survey 2014 [AIC data file]

Further analyses were undertaken to test the relationship between the characteristics of respondents who reported a financial loss (n=224) and the amount they reported losing. As the reported financial loss distribution was positively skewed, this variable was normalised using logarithmic transformation prior to these analyses being undertaken.

The data were weighted and t-tests found no significant relationship between the amount of financial loss and gender (dichotomised as male/female, as the respondents who indicated ‘other’ gender did not report a financial loss; t(215)=1.31 NS), location (dichotomised; t(215)=2.71 NS), language (dichotomised; t(215)=3.61 NS) or Indigenous status (dichotomised; t(215)=2.62, NS).

A one-way between-groups analysis of variance was conducted to explore the impact of income on the amount of financial loss. No statistically significant difference was found between the amount of financial loss and individual gross income (F(5,211)=0.73, NS). There was, however, a significant relationship between respondents’ age categories and the amount of financial loss (F(6,210)=12.05, p<0.001), with the average financial loss generally increasing with age.

Further analysis of the relationship between age, gender and amount of financial loss showed that gender was not statistically significant when controlling for age (t(215)=–1.65 NS). A series of interaction tests examining specific age and gender combinations found no statistically significant findings.

The number of hours spent dealing with the consequences of identity misuse, as well as the amount of money spent, was normalised using logarithmic transformation, and the relationship between these weighted variables and financial loss was investigated using Pearson product moment correlation coefficients. Both these variables were found to have significant positive correlation with the amount of financial loss, indicating that the higher the financial loss, the more time (r=0.27, n=211, p<0.01) and money (r=0.60, n=148, p<0.001) were spent dealing with the consequences.