Ever wonder which banks suffer most from incidents of identity theft? Bank of America tops the list of most identity theft complaints, while HSBC suffers a higher incidence of fraud, according to a new report from Berkeley Center for Law and Technology at the University of California at Berkeley.

The report is based on complaint data provided by victims to the Federal Trade Commission in 2006, and the data is based on bad guys setting up fraudulent accounts or tapping victims’ accounts. (It took nearly a year for the researchers' Freedom of Information Act request to go through, and they plan to analyze ’07 numbers when they become available). Turns out telecommunications firms suffered a lot of identity theft incidents as well, with AT&T and Sprint/Nextel just behind Bank of America in overall events, according to the report.

Bank of America averaged 1,117 events per month, followed by AT&T (763.3), Sprint/Nextel (698.3), JP Morgan/Chase/Bank One (613), Capital One (442.7), Citibank (413.3), Verizon/Verizon Wireless (310.7), and American Express (303.3). The data was averaged over three months in 2006: January, March, and September.

As for the largest financial institutions, HSBC has a higher rate during that period of fraud than Bank of America when the events take into account total deposits: HSBC had around 21.293 incidents per billion in deposits in 2006, while Bank of America had 17.646, and Washington Mutual/Providian had 16.163. ING had only one event per month in 2006, which was the lowest among the banks.

But it’s not just the financial institutions that are in the hot seat. According to UC Berkeley report’s author Chris Hoofnagle, a similar analysis is needed for utility companies as well. “Thousands of victims identified various utilities companies as the institution involved in the fraud,” he wrote in the report.

— Kelly Jackson Higgins, Senior Editor, Dark Reading