Identity Theft Resource Center 2025 Predictions

2025 Predictions & 2024 Recap

A Look into the Future of Identity Crimes and Cybersecurity

The Identity Theft Resource Center (ITRC) has released its 2025 predictions, shedding light on the evolving landscape of identity crimes and cybersecurity. The report points to critical discussions around policy changes, resource reductions, and the growing struggles faced by victims, who are left with fewer avenues for support. As we look to the future, reflecting on 2024 provides a valuable perspective on the trends shaping this space.

2024 Predictions Recap

Prediction 1: AI and Compromised Data Fueling Fraud

Reality: AI’s role in crafting fraudulent documents far exceeded expectations. Criminals leveraged generative AI to create false medical records, death certificates, and accident reports, significantly boosting phishing scams and insurance fraud. Government reports reveal an 85% rise in compromised insurance accounts since 2022.

Prediction 2: Data Breaches Driving Biometric Adoption

Reality: A record number of identity crimes led to widespread adoption of biometric verification tools. Over one-third of victims faced hurdles proving their identity, and 74% of people used biometric authentication in 2024.

Prediction 3: State-Level Privacy Laws Prevail

Reality: True to predictions, 20 states enacted comprehensive privacy and cybersecurity laws, filling the void left by Congress’s failure to pass national legislation.

Prediction 4: Privacy Concerns over Biometrics

Reality: Mixed results. While legislative attempts to block biometric use failed, public apprehension persisted. Despite 90% of surveyed individuals consenting to biometric verification, 62% expressed serious concerns.

Prediction 5: Emotional Toll of Identity Crimes

Reality: A marginally positive trend emerged as fewer victims reported contemplating self-harm (12%, down from 16% in 2023). However, the financial and emotional impacts of identity crimes remain profound.

2025 Predictions

The ITRC’s 2025 predictions highlight an increasingly challenging environment for identity theft victims, exacerbated by shifting federal priorities and the rise of advanced cybercriminal techniques.

1. Reduced Support for Victims and Cybercrime Prevention
Government resource allocation for victim assistance, cybercrime prevention, and cybersecurity enforcement is expected to dwindle. Federal agencies, including the U.S. Secret Service, may shift focus, leaving multi-national criminal organizations unchecked. This vacuum will likely lead to a surge in identity crimes, leaving individuals and businesses more exposed.

2. Decline in VOCA Fund Resources
The Victims of Crime Act Fund, a critical source of non-taxpayer-funded aid, will shrink as fewer identity crimes are investigated and prosecuted. This will strain victim support programs, reducing the help available to those navigating the fallout of identity theft.

3. Cybercrime Job Market Boom
Cybercriminal organizations are capitalizing on advancements in AI and automation. Accessible tools now allow even non-technical criminals to execute complex attacks. The demand for software testers and other roles in cybercrime is expected to soar, exacerbating the risk landscape.

4. State Regulators Take the Lead
With federal regulations weakening or abandoned, states are stepping up to enforce privacy and cybersecurity laws. While this is good news for state residents, the patchwork of regulations will create confusion and compliance burdens for businesses operating across state lines.

5. Return to Self-Regulation
In the absence of stringent federal mandates, industries will likely revert to voluntary self-regulation. While flexible, these measures often lack the enforcement mechanisms needed to protect consumers effectively. Sophisticated fraud enterprises will exploit these gaps, further eroding trust.

Key Takeaways and 2025 Outlook

The trajectory from 2024 to 2025 underscores a growing divide between the sophistication of cybercriminals and the resources available to combat them. The reliance on state-level regulation and self-policing introduces inconsistencies that can leave individuals and businesses vulnerable. Meanwhile, the integration of AI into criminal operations accelerates the scale and severity of cyber threats.

To navigate 2025 successfully:

  • Businesses must invest in robust cybersecurity frameworks, recognizing the risks of fragmented state laws and the limitations of self-regulation.

  • Individuals should adopt proactive measures, such as using multi-factor authentication and regularly monitoring accounts for suspicious activity.

  • Policymakers need to prioritize a unified approach to cybersecurity and identity theft, balancing innovation with enforcement.

 

The battle against identity crimes is far from over, and the challenges of 2025 demand vigilance, innovation, and collaboration.

Subarus, Starlink, and Cyber Shenanigans

Wyomingites love their Subarus. Whether you’re tackling a snowy mountain pass, cruising the plains, or loading up the skis for a weekend adventure, a trusty Subaru is practically a badge of honor around here. But what if I told you that the biggest off-road hazard for your Outback isn’t a pothole—it’s a cybersecurity pothole big enough to swallow your data whole?

Recently, security researcher Sam Curry uncovered a doozy of a vulnerability in Subaru’s Starlink connected vehicle service. You know, the system that lets you remote-start your car, locate it in a crowded parking lot, or even call for roadside assistance. Turns out, it also had an unintentional feature: a giant back door into customer accounts in the U.S., Canada, and Japan. Oops.

Curry reported the problem to Subaru and it was corrected within 24 hours without a data breach, maintaining the Subaru Equals Love tagline for those of us in cybersecurity.

But, How Bad Was It?

Pretty bad. Curry and fellow researcher Shubham Shah discovered that Subaru’s administrator portal—the one that should have been accessible only to employees—had the equivalent of a “Come on in, make yourself at home!” sign on it. By poking around a subdomain (subarucs.com), they found JavaScript files that revealed a security nightmare: any employee’s password could be reset without a confirmation token. That’s like being able to change the locks on someone’s house without needing a key.

It gets worse. Once inside the admin panel, they found they could modify total access to vehicles;  no owner verification, no alerts, just the digital equivalent of handing over the keys to a stranger. This meant bad actors could have potentially unlocked doors, started engines, and taken off with someone’s beloved Forester without so much as a hotwiring attempt.

But Wait, There’s More!

If this sounds familiar, it’s because similar security flaws have been found in other automakers’ connected car services. Curry previously warned about a bug in Kia’s online services that exposed millions of vehicles to remote hacking. And in 2023, he and six other researchers uncovered vulnerabilities affecting 16 different car brands that could lead to data leaks, remote control exploits, and enough cyber mayhem to make a hacker’s heart race faster than a WRX in sport mode.

What Does This Mean for Wyoming Drivers?

If you own a Subaru, or any connected vehicle for that matter, here’s the takeaway: Your car is now a rolling computer, and just like your laptop or smartphone, it needs protection. Automakers are racing to secure these systems, but as we’ve seen, vulnerabilities still slip through the cracks.

Here’s how you can protect yourself:

  • Update, update, update. If Subaru releases a software patch for Starlink, install it immediately. Cybersecurity is an arms race, and patches are your best defense.

  • Use strong passwords. If your vehicle service lets you set a password for remote access, don’t use “password123.” Make it strong, unique, and (please) not your dog’s name.

  • Enable two-factor authentication (2FA). If Subaru (or any connected service you use) offers 2FA, enable it. It adds an extra layer of security.

  • Be skeptical of phishing scams. Cybercriminals love pretending to be your car company. If you get an email asking you to reset your password or log into a strange-looking website, verify it’s legit before clicking anything.

The Road Ahead

Cybersecurity in vehicles is still a developing battlefield. While Subaru (and other automakers) did beef up security, history tells us new vulnerabilities will emerge. The best thing we can do as consumers is stay informed and practice good cyber hygiene.

So, next time you’re heading into the wild Wyoming backcountry, remember: The road may be rough, but your cybersecurity doesn’t have to be. Drive safe, stay secure, and maybe double-check that your car is only answering to you.