Identity Theft Recovery: Step-by-Step Guide

Discovering that someone has stolen your identity – opened accounts in your name, filed tax returns using your Social Security number, or obtained medical care using your insurance – is one of the most stressful experiences in modern life. The recovery process is complex, often frustrating, and can take months or even years depending on the severity. But it is a solvable problem. This guide, part of our Data Breaches & Identity Protection resource center, provides a systematic, step-by-step roadmap for recovering from identity theft, designed to be both a start-to-finish walkthrough and a reference you return to as your case progresses.

Step 1: Document Everything

Before you take any action, start a dedicated record for your identity theft case. This will be essential for disputes, law enforcement, insurance claims, and your own sanity over what may be a long process.

Create a file (physical, digital, or both) containing:

• A timeline of events: when you discovered the theft, how you discovered it, what fraudulent activity you have identified
• Copies of every fraudulent account, charge, or document
• Records of every phone call: date, time, representative name, reference number, what was discussed and agreed
• Copies of every letter, email, and form you send or receive
• A running list of accounts and institutions you have contacted
• Receipts for any expenses incurred during recovery

Store digital records securely – in a password manager vault or encrypted storage. If you use a KeePass-format manager like PanicVault, you can attach files and notes directly to database entries, keeping everything encrypted in your local vault rather than in cloud storage you do not control.

Step 2: Report to the FTC

File an identity theft report at IdentityTheft.gov, the Federal Trade Commission’s dedicated identity theft resource. This is the single most important administrative step because it generates an official Identity Theft Report that provides specific legal rights.

What the FTC Report Gives You

An FTC Identity Theft Report (which replaced the older Identity Theft Affidavit) provides the legal basis to:

• Block fraudulent information from your credit reports permanently
• Prevent debt collectors from collecting debts resulting from identity theft
• Place an extended fraud alert (seven years) on your credit reports
• Get copies of records related to the fraudulent transactions from businesses
• Stop companies from reporting fraudulent debts to credit bureaus

What to Include in Your Report

IdentityTheft.gov walks you through the process with guided questions. Be as specific as possible:

• Types of identity theft you have experienced
• Details of fraudulent accounts or transactions
• When you discovered the theft
• Any information about how it may have happened (a data breach, a stolen wallet, a phishing attack)

The site generates a personalized recovery plan based on your responses. Print or save this plan – it becomes your procedural roadmap.

Step 3: File a Police Report

File a report with your local police department. While police are unlikely to investigate individual identity theft cases (the crime typically crosses jurisdictions), the police report serves critical administrative purposes:

• Some creditors require a police report before they will remove fraudulent accounts
• Insurance claims for identity theft recovery expenses may require a police report
• The combination of an FTC report and police report constitutes an Identity Theft Report under the Fair Credit Reporting Act, which provides the strongest legal protections

Bring your FTC Identity Theft Report, any evidence of fraudulent activity, and a government-issued ID to the police station.

Step 4: Contact the Credit Bureaus

Place a Fraud Alert

Contact one of the three major credit bureaus (Equifax, Experian, or TransUnion) to place an extended fraud alert. With your FTC Identity Theft Report, you qualify for a seven-year extended fraud alert rather than the standard one-year alert. The bureau you contact is required to notify the other two.

Freeze Your Credit

If you have not already done so, freeze your credit at all three bureaus. A freeze is stronger than a fraud alert – it blocks access to your credit report entirely for new applications. This prevents the identity thief from opening additional accounts while you work on recovery.

Review Your Credit Reports

Pull your credit reports from all three bureaus at AnnualCreditReport.com. Review every line for:

• Accounts you did not open: Credit cards, loans, mortgages, retail accounts
• Inquiries you did not authorize: Hard credit pulls from companies you never applied to
• Addresses you have never lived at: Identity thieves often change the address on file to receive statements and correspondence
• Names or aliases you do not recognize: Variations of your name associated with your Social Security number
• Account balances or payment histories that do not match your records

Dispute Fraudulent Information

For each fraudulent item on your credit reports, file a dispute with the credit bureau(s) reporting it. Include:

• A copy of your FTC Identity Theft Report
• A clear statement identifying the specific items that are fraudulent
• A request that the items be blocked (not just investigated)

Under the Fair Credit Reporting Act, credit bureaus must block fraudulent information within four business days of receiving your Identity Theft Report and supporting documentation.

Step 5: Contact Affected Businesses

For each fraudulent account or transaction, contact the business directly.

For Fraudulent Credit Accounts

1. Call the fraud department (not general customer service)
2. Explain that the account was opened fraudulently using your stolen identity
3. Request immediate account closure
4. Request written confirmation that the account has been closed and that you are not liable for any charges
5. Request copies of all records related to the fraudulent account (applications, transaction records, correspondence) – you have a legal right to these under the FTC Identity Theft Report
6. Follow up with a written letter including a copy of your FTC Identity Theft Report

For Fraudulent Charges on Existing Accounts

1. Contact your bank or credit card issuer immediately
2. Report the specific unauthorized charges
3. Request a new account number and card
4. File a formal dispute for each unauthorized charge
5. Review your account for unauthorized changes (address, phone number, authorized users)

For Fraudulent Tax Returns

If someone filed a tax return using your Social Security number:

1. File Form 14039 (Identity Theft Affidavit) with the IRS
2. File your legitimate tax return by mail (it will be rejected electronically if a fraudulent return was already filed)
3. Respond to any IRS notices by calling the number on the notice
4. Consider requesting an Identity Protection PIN (IP PIN) from the IRS for future tax filings

For Medical Identity Theft

If someone used your identity to obtain medical care:

1. Contact your health insurance provider to report the fraud
2. Request a copy of your medical records from the provider where fraudulent care was received
3. Review the records for treatments, prescriptions, or diagnoses that are not yours
4. Request corrections to your medical records in writing
5. Contact the provider’s billing department about any fraudulent charges

Medical identity theft is particularly concerning because incorrect information in your medical records could affect your future care. Follow up diligently to ensure corrections are made.

Step 6: Address Financial Damage

Dealing with Debt Collectors

If debt collectors contact you about fraudulent accounts:

1. Tell the collector the debt is the result of identity theft
2. Send them a written dispute with a copy of your FTC Identity Theft Report within 30 days of their first contact
3. The collector must stop collection activity and verify the debt
4. If the debt is confirmed as fraudulent, the collector must stop attempting to collect

Monitoring Your Accounts

Set up enhanced monitoring for all your financial accounts:

• Real-time transaction alerts on all bank accounts and credit cards
• Weekly credit report checks (you can stagger free reports from the three bureaus)
• Identity theft monitoring services if you have not already set them up
• Dark web monitoring for your SSN and financial account numbers if the exposure was severe

Step 7: Secure Your Digital Life

Identity theft often stems from or is accompanied by compromised digital credentials. Use the recovery process as an opportunity to build stronger defenses.

Password Security

• Change passwords for all financial, email, and government accounts
• Use a password manager to generate unique, random passwords for every account
• With 94% of passwords reused or duplicated and the average person managing roughly 250 passwords, a password manager is not a luxury – it is a necessity

Consider a password manager that stores your vault locally rather than on a vendor’s cloud servers. The LastPass breach demonstrated the risk of centralized vault storage. PanicVault stores your encrypted KeePass database on your Apple devices or iCloud Drive, not on PanicVault’s servers. If PanicVault as a company disappeared, your data remains accessible through any KeePass-compatible app.

Two-Factor Authentication

Enable two-factor authentication on every account that supports it, prioritizing:

• Email accounts (the keys to password resets everywhere else)
• Financial accounts
• Government accounts (IRS, SSA, state tax)
• Cloud storage
• Social media

Email Security

• Check for unauthorized forwarding rules in your email accounts
• Review connected apps and revoke access for anything you do not recognize
• Consider whether your email account itself was compromised and act accordingly (see our guide to checking email compromise)

Step 8: Plan for the Long Term

Ongoing Monitoring

Identity theft recovery is not a single event – it requires ongoing vigilance. Some identity thieves hold stolen information for months or years before using it. Set up:

• Annual credit report reviews (free at AnnualCreditReport.com)
• Continued credit monitoring (free through any breach notification offers)
• Have I Been Pwned email notifications for ongoing breach monitoring
• IRS Identity Protection PIN renewal (annual)

Keep Your Records

Maintain your identity theft recovery file for at least seven years. You may need it if:

• Old fraudulent accounts resurface on your credit report
• A debt collector contacts you about a previously resolved fraudulent debt
• You need to demonstrate a pattern of identity theft for an extended fraud alert renewal
• You file an insurance claim or legal action related to the theft

Know Your Rights

As an identity theft victim, you have rights under federal law:

• Fair Credit Reporting Act: Right to dispute and block fraudulent information on credit reports
• Fair Debt Collection Practices Act: Protection from collection of fraudulent debts
• Electronic Fund Transfer Act: Limits liability for unauthorized electronic transactions
• State identity theft laws: Many states provide additional protections, including identity theft passports and specialized victim assistance

Understanding the Recovery Timeline

One of the most difficult aspects of identity theft recovery is its duration. Simple cases involving a single fraudulent credit card may be resolved in a few weeks. Complex cases involving multiple accounts, tax fraud, medical identity theft, or synthetic identity theft can take months or years to fully resolve.

Our detailed recovery timeline guide breaks down expected durations by type and severity, helping you set realistic expectations and plan your effort accordingly.

Related Articles

• How Long Does Identity Theft Recovery Take?
• How to Freeze Your Credit After a Data Breach
• What to Do Immediately After a Data Breach
• How to Set Up Identity Theft Monitoring
• Data Breach Notification Letters: How to Read Them