It’s true that data breaches, particularly those in which Social Security numbers are compromised, can lead to a more devastating sort of identity theft, in which criminals open new financial accounts in a person’s name and do damage that can take years and a lot of work to clean up. But consumers are almost never on the hook for financial losses in these sorts of episodes, which, by the way, have also been on the decline.

This relatively sanguine picture of the impact of data breaches is an example of a threat that looks worse than it turns out to be. The sheer size of hackings shocks and startles when the attacks are first reported, but it’s rare that journalists check on the actual consequences.

Moreover, consumer fears can be stoked by the incentives of the people providing the data. Many of the statistics on identity fraud and online attacks come from security firms that want more people to buy their services. It’s not so different from the soap company that advertises how many different types of bacteria are on a subway pole without mentioning how unlikely it is that any of those bacteria would make you sick.

One of the most memorable statistics on identity fraud comes from advertisements that say a new victim is created every two seconds. That figure, which comes from Javelin Strategy and Research, is largely attributable to standard credit card fraud, in which criminals use a stolen credit card number to buy goods — not the sort of thing most people imagine when they think of identity fraud. The more troubling identity theft, in which new accounts are opened in an unsuspecting person’s name, make up only 5 percent of the total figure given by Javelin.