TransUnion and Sontiq are putting the onus on government agencies after uncovering the latest information about data breaches.

According a report that analyzed data from Sontiq’s BreachIQ solution, more than 22 million Americans had personally identifiable information exposed in data breaches during the fourth quarter, including driver’s licenses, passports and Social Security Numbers.

TransUnion said impact to government agencies is likely as fraudsters and other criminals may use personal information to commit medical identity and tax refund theft as well as other forms of fraud.

“More than anything, this report should give government agencies a sense of where they should focus their efforts to curb fraud and prevent further victimization,” said Jeff Huth, senior vice president of TransUnion’s public sector business. “Getting access to this information to understand the current type and severity of data breaches is a great first step.”

For the third quarter in a row, TransUnion indicated medical identity theft was most common type of fraud risk among public sector categories, as more than 14 million individuals had their information exposed.

Experts said the stolen information can be used for crimes, including health insurance fraud and illegally obtaining prescription drugs.

Overall, TransUnion said there were fewer high-risk breaches compared to the previous quarter (321 in Q4 versus 429 in Q3). However, the risk severity score was up 2% in the last quarter.

The Public Sector Breach Intelligence Dashboard calculates risk severity by considering the number of people affected as well as the sensitivity of information exposed and the type of fraud that could be enabled with the data exposed.

“At times there is an intuitive trend in the types of data breaches that occur; for example, we can anticipate a significant rise in tax refund fraud in the coming months,” said Greg Schlichter, director of research and consulting for TransUnion’s public sector business. “However, this report can help government agencies prepare for and respond to emerging threats that may not be predicted by seasonality.”

Experts also observed types of breaches most common in certain states. Breaches related to medical identity fraud were widespread across the U.S. with Alabama, Colorado, and Oklahoma experiencing the most severe instances of data exposure.

Additionally, TransUnion said those same states saw higher levels of data breaches that could lead to fraudsters assuming stolen or synthetic identities that help them evade law enforcement agencies, like Customs and Border Patrol.

Experts said government agencies can take several actions to prevent fraud and protect consumers. These steps include:

—Improving identification and device proofing tools

—Assessing databases for duplicative information such as a Social Security Number being used for more than one person.

“A more proactive measure might include strengthening data privacy and security standards required of certain organizations to prevent data breaches from happening in the future,” TransUnion said.