All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
A new report finds the bigger identity threat in 2026 isn't a smooth-talking scammer. It's your own phone.
The Identity Theft Resource Center (ITRC) released its 2026 Trends in Identity Report on June 9. Among people who turned to the ITRC for help, unauthorized access to phones and computers jumped 78% year over year. For adults aged 35 to 64, hacked devices have now passed scams as the single most common way identities get stolen for the first time.[1]
For years, staying safe online mostly meant avoiding phishing scams and malicious downloads. But now, criminals can pull saved passwords and verification codes straight off your device, then use them to open new accounts or drain the ones you already have.
Below, we break down what the report found, the warning signs your phone has been compromised, and the steps that actually lock it down.
The ITRC is a nonprofit that provides free, one-on-one help to victims of identity crime, and its annual report draws on the real cases it handles. This year's data covers 9,253 cases from 6,188 people who contacted the center between April 2025 and March 2026, according to the ITRC's announcement.
The standout number is the rise in device hacking. Unauthorized access to computers and mobile devices climbed 78% year over year, going from 15.3% of all identity compromises to 27.2%. Over the same stretch, scams that trick people into sharing personal information fell from 43.1% to 36.1%. Put those two trends together, and you get the milestone: for adults aged 35-64, getting hacked now beats getting conned.
Crimes are also piling on top of each other. The report found that 25.6% of victims were juggling two or more identity incidents at once, up from 23.5% the year before. The ITRC calls these "multi-layered" crimes. One compromise sets off a chain reaction. A compromised email or hacked phone lets a criminal intercept the verification codes that would normally warn you about everything else.
"Identity crimes are no longer isolated, single events," said Mona Terry, the ITRC's Chief Operating and Programs Officer. "A single compromise can trigger a chain reaction that spreads across multiple accounts and institutions, making it much harder for people to recover."
One caveat worth keeping in mind: the ITRC is clear that this data reflects the people who reached out to it, not a random national sample. It shows where the threat is heading for real victims, not a precise nationwide rate.
The same ITRC report found that recovery gets dramatically harder once money is involved. Among victims who reported no financial loss, 53% resolved their case. Among those who took any financial hit, only 9% did. For people facing three or more financial consequences, the resolution rate was zero.
Device hacking tends to lead straight to financial damage. Mobile malware can quietly harvest data from your phone, including passwords and one-time codes that protect your bank and email accounts.
Most people feel underprepared for exactly this. In an All About Cookies survey of 1,000 U.S. adults, 48% said they don't feel they have adequate protection against identity theft, and 14% had already had their identity stolen. More than a quarter of victims (27%) said they had no idea how thieves got their data in the first place. A quiet device compromise is exactly the kind of attack that leaves no obvious trail.
A hacked phone rarely announces itself. Instead, it leaves a trail of small oddities, and the warning sign is usually a cluster of them showing up together rather than any single glitch. Watch for these signs that your phone is hacked:
None of these alone proves a hack. Overheating can just mean an old battery. But when several land at once, treat it seriously. For a deeper walkthrough by operating system, see our guide on whether your phone is hacked.
You don't need to be technical to close the most common gaps. Work through these steps in order.
If you think your phone may already be compromised:
/images/2023/03/03/logo-norton-large.png){kind=logo}
Our #1 rated antivirus that scores 18/18 on AV-TEST across Windows, macOS, and Android, verified across multiple test rounds
Passed every malware, drive-by download, and phishing detection test we ran, quarantining threats automatically
Backed by a 100% Virus Protection Promise: if Norton can't remove a virus, you get your money back
/images/2023/05/25/logo-aura.png){kind=logo}
ID theft protection that monitors your SSN, bank accounts, credit cards, and brokerage and retirement accounts for suspicious activity
Every plan includes the full feature set, so no additional cost to unlock monitoring, insurance, or restoration
Bundles data removal with identity theft protection, antivirus, VPN, and a password manager in one subscription
The 2026 ITRC report shows the identity theft threat shifting from phishing schemes to attacks on your devices, with hacked phones now overtaking scams as the leading way identities are stolen for adults aged 35 to 64.
The fix is the same set of basics done consistently: keep your phone updated, use complex passwords with a password manager, turn on multi-factor authentication, and add monitoring so a quiet compromise doesn't become a financial one.
If your phone is already showing several warning signs, scan it, change your key passwords from another device, and act today rather than later.
ID theft protection that monitors your SSN, bank accounts, credit cards, and brokerage and retirement accounts for suspicious activity
Every plan includes the full feature set, so no additional cost to unlock monitoring, insurance, or restoration
Bundles data removal with identity theft protection, antivirus, VPN, and a password manager in one subscription
/images/2026/06/04/best_lifelock_alternatives.jpg)
/images/2023/07/07/best-identity-theft-protection-service.png)
/images/2026/06/23/smartphone_with_hacked_inscription_and_sad_emoji_icon_on_screen.jpg){kind=icon}
/images/2026/06/09/instagram_logo_mobile_app_on_a_screen_smartphone_iphone_closeup..jpg){kind=logo}
/images/2026/05/30/7-11_or_seven_eleven_24_hours_convenience_store_franchise_logo_at_fron_unA3lb5.jpg){kind=logo}
/images/2026/05/27/pearland_texas_usa_-_february_19_2022_closeup_of_krispy_kreme_restaura_1ebMGCm.jpg)
/images/2025/10/01/is_aura_worth_it.jpg)
/images/2025/08/16/is_norton_lifelock_worth_it.jpg)
/authors/kate-quinlan-new.jpg){kind=small}
/authors/kalleigh-lane-new.jpg){kind=small}
/images/2023/05/25/logo-aura.png){kind=logo}
/authors/kate-quinlan-new.jpg)