The FBI’s 2025 Internet Crime Report landed with a number that should stop every security leader cold: $20.877 billion in reported cybercrime losses. One million complaints filed in a single year. A 26% increase in losses from 2024 alone.
But the IC3 report tells you what happened. Constella’s 2026 Identity Breach Report tells you why.
Together, these two documents form a complete picture of where the threat landscape stands heading into the second half of 2026, and the picture is not encouraging. The connection between the FBI’s documented losses and Constella’s data is not coincidental. It is causal. The industrialization of identity exposure is the engine driving the IC3’s record-breaking statistics.
$20 Billion in Losses Has a Root Cause: Stolen Identities at Machine Scale
The IC3 report identifies personal data breach, phishing and spoofing, account takeover (ATO), and business email compromise (BEC) as dominant loss categories. Constella’s 2026 Identity Breach Report maps exactly where those attack vectors originate.
In 2025, Constella processed over 27.9 billion identity records, a 135% year-over-year increase, pulled from breaches, data leaks, and infostealer packages across the surface, deep, and dark web. The organization’s Agentic AI automation hunted 567,061 total breaches, representing a 159% increase in detection capacity. The sheer scale of exposed identity data provides the raw material for virtually every crime category documented in the IC3 report.
The link is direct. Every phishing campaign, every BEC wire fraud, every government impersonation scam, and every crypto investment scheme reported to the FBI began, at some level, with identity data that was harvested, compiled, and weaponized from breaches like the ones Constella monitors.
Five Points Where the FBI’s Data and Constella’s Intelligence Converge
1. Infostealers Are Fueling the ATO Surge the FBI Is Now Tracking
The IC3’s 2025 report flagged a notable shift: account takeover (ATO) incidents surged within the Financial Fraud Kill Chain, previously dominated by BEC. ATO-related FFKC initiations now involve upwards of 50 simultaneous transactions across multiple banks, a pattern that reflects automation, not manual fraud.
Constella’s data explains the mechanism. In 2025, Constella processed 51.7 million infostealer packages, a 72% increase year-over-year, identifying 24.8 million unique infected devices. These logs do not just capture passwords. They harvest live session cookies, system metadata, and autofill data, giving adversaries the means to bypass multi-factor authentication entirely through session hijacking.
As Constella CEO Andres Andreu wrote in the 2026 Identity Breach Report: “In an era where nearly 70% of compromised credentials are found in plaintext, the challenge is no longer just preventing unauthorized access, it’s outrunning the automated systems that weaponize these identities at machine speed.”
The FBI is seeing the outcome. Constella is documenting the pipeline.
2. Plaintext Credentials Are the Direct Fuel for BEC’s $3 Billion in Losses
The IC3 reported $3.046 billion in BEC losses in 2025, with AI-enabled BEC growing as a specific subcategory. Constella’s data reveals the supply chain underneath that figure: 68.89% of all breached credentials ingested in 2025 were stored in plaintext, a 261% increase year-over-year.
When credentials exist in plaintext, compromise becomes instantaneous and automated. There is no need to crack hashes. Threat actors, increasingly leveraging Agentic AI tools, can execute credential stuffing at a velocity no human security team can match reactively.
CTO Alberto Casares framed the compounding problem: “Password reuse across personal and professional accounts turns a single, years-old leak into a recurring and scalable attack opportunity. An exposed password is a compromised password, regardless of its strength.”
3. PII-Rich Breaches Are Powering Phishing and Government Impersonation
The FBI logged 191,561 phishing and spoofing complaints in 2025, the single highest crime type by volume. Government impersonation complaints nearly doubled, rising from 17,367 in 2024 to 32,424 in 2025, with losses of $797.9 million.
Constella’s 2026 report identified a 661% increase in breaches containing PII, a deliberate strategic shift by threat actors away from recycled credential lists toward high-fidelity data containing names, phone numbers, physical addresses, and account identifiers. Adversaries are feeding this enriched PII into Agentic AI tools to generate hyper-personalized phishing and vishing campaigns targeting executives and high-value individuals.
The FBI’s government impersonation surge is not happening in a vacuum. It is happening because the raw data required to make those impersonations convincing has never been more abundant or more accessible.
4. The Government Sector Breach Surge Matches the FBI’s Crime Data Exactly
The IC3 noted a significant escalation in state-sponsored and cybercriminal targeting of government infrastructure. Constella’s 2026 Identity Breach Report documented a 569% increase in government sector breaches in 2025.
This is the upstream-to-downstream relationship in its clearest form. When government systems are breached at scale, the identities harvested become the raw material for impersonation schemes, credential-stuffing attacks against contractors and agencies, and the kinds of influence operations the FBI has flagged as a growing national security concern.
5. The Crypto Fraud Pipeline Runs Through Infostealer Infrastructure
The IC3 documented $11.366 billion in cryptocurrency-related losses in 2025, a 22% increase. Cryptocurrency investment fraud alone accounted for $7.2 billion, driven by organized criminal enterprises using AI-generated personas, fake investment platforms, and social engineering at scale.
Constella’s infostealer data provides insight into the infrastructure sustaining these schemes. Infostealer logs captured 2.3 billion web addresses where credentials were used, providing threat actors with direct operational intelligence about which platforms their victims access. When an infected device belongs to someone who holds crypto accounts, the session cookies extracted from that device can be used to bypass authentication on those platforms entirely.
The “Never Expires” Problem the FBI’s Data Cannot Fully Capture
One finding from the 2026 Identity Breach Report has direct implications for interpreting the IC3’s numbers: identity breach exposures are effectively permanent.
Constella found that nearly 60% of ingested breach datasets consist of recycled credential compilations, and that even after password resets, the same emails, names, and partial PII continue circulating. For every unique email address in the Constella Data Lake, there are approximately six distinct points of exposure.
This means that the IC3’s complaint volume is itself an undercount of the threat. Victims of phishing, BEC, or ATO today may be exploited using credentials harvested in a breach from years ago. The 1.35 billion unique email addresses Constella observed in 2025 represent not a snapshot of current exposure but a persistent attack surface that grows incrementally each year and never fully contracts.
What Organizations Need to Do About It
The FBI’s recommendations in the IC3 report focus on response: report incidents quickly, contact financial institutions immediately after fraudulent transfers, and enable MFA where possible.
Those steps matter. But they address the downstream consequence, not the upstream exposure.
The posture that Constella’s data demands is continuous, proactive identity monitoring. Reactive detection, password resets triggered only after a breach is disclosed, and point-in-time scans are inadequate against adversaries operating at machine scale with AI-driven pipelines.
Specifically, organizations should monitor for employee and executive identity exposure across infostealer logs in near real time, treat any compromised credential as an active threat regardless of its age, invalidate active session tokens when infostealer alerts trigger (not just reset passwords), and extend identity monitoring to personal devices where corporate credentials may have been synced.
What Constella Tracks So Organizations Do Not Have to Track It Alone
Constella’s Hunter platform provides identity attribution and investigation capabilities that enable security teams and investigators to trace exposed identities across the surface, deep, and dark web. Constella Infostealer Sentinel delivers continuous monitoring specifically against the infostealer threat, alerting organizations when employee or executive credentials appear in newly harvested logs.
The FBI’s 2025 IC3 report is the most comprehensive public accounting of what cybercrime costs. Constella’s 2026 Identity Breach Report is the most comprehensive accounting of where those costs originate. Together, they define the mandate for any organization serious about identity-centric defense.
To see how Constella’s identity intelligence can close the gap between your current exposure and the threat landscape documented in these reports, request a demo.
Sources
- FBI Internet Crime Complaint Center (IC3). 2025 Internet Crime Report. Federal Bureau of Investigation, 2025.
- Constella Intelligence. 2026 Identity Breach Report: The Industrialization of Identity Risk and the AI Agent Frontier. Constella Intelligence, February 2026.