So Your Identity Was Stolen: What To Do and How To Recover

If your identity was stolen, you’re not alone. Over 1.4 million cases of identity theft were reported to the Federal Trade Commission in 2021. And unfortunately, it’s only becoming more common. Identity theft is the fastest-growing crime in the United States, leaving more people and companies at risk than ever before. If you’ve been a victim of identity theft, it’s important that you understand how it happened as well as how to recover from it.

How Does Identity Theft Happen?

Identity theft can start physically or digitally, and happens through a variety of means.

Physically, identity theft can happen when someone steals your identification, bank cards or phone from your person. This can be as obvious as someone stealing your bag off your shoulder, or unknowingly when you swipe your card through a skimming device on an ATM machine. Thieves may also find your sensitive information in physical form by stealing your mail or digging through your trash.

Identity theft can also happen online, mainly through phishing attacks or data breaches. In a phishing attack, a victim is tricked into giving their sensitive information via email, social media, text, phone or a website to a hacker. Criminals then use it to commit fraud.

Similarly, criminals may steal your usernames, passwords and other sensitive online account information through a data breach and use it to cause harm. They can steal your information by hacking into a larger data system or by breaking into your individual account if either has weak security credentials.

How to Tell if Your Identity Was Stolen

Unfortunately, identity theft is not always obvious and can take months or even years to discover. Child identity theft, for example, isn’t usually discovered until years later.

If any of the below has happened to you, it’s likely that your identity has been compromised:
● There are charges and transactions on your credit card and bank statements that you don’t recognize.
● Your credit report doesn’t seem accurate based on your recent activity and the last time you checked it.
● Your credit or debit card gets denied when you try to buy something.
● You suddenly can’t log in to an online account, even though you didn’t change your username or password.
● You received fraud alerts from your financial institution or credit monitoring service.
● You received notifications about health care visits that you never went to or tax benefits that you never claimed.
● You’re receiving suspicious phone calls, emails and text messages at a high frequency.
● Your computer or phone isn’t working as well as it should, or you’re receiving strange pop-up notifications.
● Unfamiliar devices have access to your online accounts.

How Long Does it Take to Recover From Identity Theft?

On average, it can take 100-200 hours of your time to discover, act on and recover from identity theft. But, it can take more or less time than that depending on:

● What type of identity theft occurred: If your SSN, health care information or email address credentials were stolen, it will likely take much longer than six months to recoup from the damage done.
● How much of your personal information was stolen: The “how” matters just as much as, if not more, than the “what.” The more information that criminals have about you, the more difficult it will be to resolve their crimes.
● How quickly you discovered the theft: The more quickly you discover the identity theft, the faster you can get it resolved and recover from it, which will minimize the damages.

How to Recover From Identity Theft

If you know that your identity has been stolen, follow the below steps as soon as possible to recover.

Call your bank and credit card issuer

To prevent further financial damages, call your bank and each of your credit card companies to let them know that you’ve been a victim of identity theft. It’s important to remember that you’re not the first person who’s had their identity stolen. Your bank and credit card issuer will already have an established protocol for helping you move forward and recover fast.

Your bank will help you get new cards or accounts, depending on how severe the theft was.

Place a fraud alert with any of the three credit bureaus

Contact any of the three major credit bureaus to place a fraud alert on your account. You only need to contact one. Federal law states that if you contact one bureau and place a fraud alert, that bureau must contact the other two on your behalf.

A fraud alert will make it so that companies will need to verify your identity each time a new account is opened in your name. This makes it more difficult for identity thieves to open fraudulent accounts. Fraud alerts typically last one year, but you can ask the credit bureaus to extend it for increased protection as you recover.

Freeze your credit

While a fraud alert doesn’t completely stop new accounts from being opened in your name, a credit freeze will. With a credit freeze, no accounts can be opened in your name unless you lift the freeze entirely or lift it temporarily with a PIN or password, which can take hours or sometimes days.

You’ll need to contact each of the three credit bureaus separately to have each one put a freeze in place. You’ll also need to contact each one when you want to lift the freeze for any reason.

Review your credit report

Look through your credit report closely and look for any recent fraudulent activity. You can request a free credit report at any time from

See if you recognize any of the following on your credit report:
● Hard credit inquiries you don’t recognize
● Inaccurate personal information (for example, an address change)
● Loans you didn’t take out
● Fraudulent accounts
● Accounts that are now in collections

Keep in mind that you’ll need to dispute each line item separately to get it taken off your report. The more fraudulent activity you find, the longer it will take to resolve your credit report.

Notify the Federal Trade Commission

The Federal Trade Commission (FTC) is a government agency that will help you dispute fraud by providing you with an official document to prove your identity has been stolen. To get your FTC identity theft report, you’ll need to submit the following to

● Your legal name
● Date of birth
● Social security number
● Driver’s license number
● Phone number
● Email address
● Current residential address and how long you’ve been living there

Replace any stolen forms of identification

If your identity was stolen through physical means, you’ll have to apply for a new driver’s license, social security card or passport.

Contact the appropriate government agency to kick off the replacement process.

File a police report

You don’t always need to file a police report to recover from identity theft, but your financial institution or insurance company may require one. You should also file a police report if you know exactly who stole your identity.

Contact your local police precinct’s non-emergency number and tell them you’re a fraud victim. They’ll likely ask to see your FTC report as well as any concrete evidence, so be sure you obtain that first before you reach out.

Change all your passwords and use a password manager

In the event of a data breach, you should change all your passwords for your online accounts.

Your new passwords should ideally contain a combination of capital letters, lowercase letters, numbers and symbols. The more unique characters you use, the harder your password will be to crack. The same thing goes for password length. Short passwords are easier for hackers to guess. Even though most websites only require passwords to be eight to 10 characters long at minimum, you should try to make your passwords at least 11 characters long to be safe.

We know it’s hard to remember all of your passwords, especially if they’re long and randomized. That’s where a password manager comes in.

Enable 2FA via authenticator apps

Once you’ve reset your passwords, you should also take the time to set up two-factor authentication (2FA). You can do this with an authenticator app like Google Authenticator, Okta or Onelogin. 2FA provides each of your accounts with an extra layer of security by requiring you to enter a one-time code. New codes are typically generated every 30 seconds and are only accessible to you via whichever authenticator app you choose.

Try to avoid setting up 2FA with SMS if possible, because unfortunately, login codes can be easily compromised or spoofed if sent over text.

Check for malware and viruses on your devices

If your identity was stolen electronically, it’s possible that your devices could be infected with malware. Most antivirus software can scan your devices and give you actionable steps on how to remove the malware.

Once the malware is deleted, your devices should function normally again.

Protect Yourself

Be as vigilant as possible when it comes to your personal data and information as there are many web security vulnerabilities. Stay aware of your surroundings, shred any physical documents with sensitive information and practice good password hygiene with your online accounts.

If you’re concerned about identity theft, you also may want to consider investing in a credit monitoring service to protect yourself and your family. Credit monitoring services and other tools help give you peace of mind and will alert you before a breach becomes more disastrous.

Dmitry Dragilev

Dmitry Dragilev use SEO & PR to grow a startup from 0 to 40 million page views per month and got acquired by Google in 2014. He translated his know-how into a software tool that has been used by 5,000 marketers to get featured in press, blogs, and publications and rank high on Google. Over the last decade, Dmitry has consulted 200+ companies to help them rank #1 on Google for their search term, his clients include, HubSpot, Backlinko, Pipedrive, Wistia, CultureAmp, and many others. More about his story and his latest articles on his blog,

dmitry-dragilev has 2 posts and counting.See all posts by dmitry-dragilev