So Your Identity Was Stolen: What To Do and How To Recover
If your identity has been stolen, you are not alone. Over 1.4 million cases of identity theft were reported to the Federal Trade Commission in 2021. And unfortunately it is becoming more and more common. Identity theft is the fastest growing crime in the United States, putting more people and businesses at risk than ever before. If you’ve been a victim of identity theft, it’s important that you understand how it happened and how to recover from it.
How does identity theft happen?
Identity theft can start physically or digitally and can happen in a variety of ways.
Physically, identity theft can happen when someone steals your ID, bank cards, or phone from you. This can be as obvious as someone stealing your bag off your shoulder, or unknowingly swiping your card through a skimming device at an ATM. Thieves can also find your sensitive information in physical form by stealing your mail or sifting through your junk.
Identity theft can also happen online, mainly through phishing attacks or data breaches. In a phishing attack, a victim is tricked into giving their sensitive information to a hacker via email, social media, SMS, phone or a website. Criminals then use it to commit fraud.
Likewise, criminals can steal your usernames, passwords, and other sensitive online account information through a data breach and use them to cause harm. They can steal your information by hacking into a larger data system or by breaking into your individual account if either one has weak security features.
How to tell if your identity has been stolen
Unfortunately, identity theft is not always obvious and can take months or even years to detect. Identity theft in children, for example, is usually not discovered until years later.
If any of the following happened to you, your identity has likely been compromised:
● There are charges and transactions on your credit card and bank statements that you are not familiar with.
● Your credit report appears to be incorrect based on your recent activity and the last time you checked it.
● Your credit or debit card is declined when you try to make a purchase.
● You suddenly can’t log in to an online account even though you haven’t changed your username or password.
● You have received fraud alerts from your financial institution or credit monitoring service.
● You received notifications about doctor visits that you never attended or tax benefits that you never took advantage of.
● You receive suspicious calls, emails and text messages very frequently.
● Your computer or phone isn’t working as well as it should, or you’re getting strange pop-up notifications.
● Unknown devices have access to your online accounts.
How long does it take to recover from an identity theft?
On average, it can take 100-200 hours of your time to detect, respond to, and recover from identity theft. But it may take more or less time depending on:
● Type of identity theft: If your social security number, health information, or email address was stolen, it’s likely to take much longer than six months to recover from the damage sustained.
● How much of your personal information was stolen: The ‘how’ is just as important, if not more important, than the ‘what’. The more information criminals have about you, the more difficult it becomes to solve their crimes.
● How quickly you caught the theft: The quicker you catch identity theft, the quicker you can solve and recover from it, minimizing the damage.
How to recover from identity theft
If you know your identity has been stolen, follow these steps as soon as possible to recover it.
Call your bank and credit card issuer
To avoid further financial damage, call your bank and each of your credit card companies to let them know you’ve been the victim of identity theft. Remember that you are not the first person to have their identity stolen. Your bank and credit card issuer already have an established protocol to help you move forward and recover quickly.
Your bank will help you get new cards or accounts, depending on how serious the theft was.
Submit a fraud alert to any of the three credit reporting agencies
Contact any of the three major credit bureaus to place a fraud alert on your account. You only have to contact one. Federal law states that if you contact an bureau and file a fraud report, that bureau must contact the other two on your behalf.
A fraud alert ensures companies need to verify your identity each time a new account is opened in your name. This makes it difficult for identity thieves to open fraudulent accounts. Fraud alerts typically last a year, but you can ask credit bureaus to extend them for increased protection if you recover.
Block your balance
While a fraud alert won’t completely prevent new accounts from being opened in your name, a credit freeze will. A credit freeze will not allow accounts to be opened in your name unless you completely remove the freeze or temporarily unfreeze it with a PIN or password, which can take hours or sometimes days.
You must contact each of the three credit bureaus separately to have each place a ban. You also need to contact anyone if you want to unfreeze for any reason.
Check your credit report
Take a close look at your credit report and look for any recent fraudulent activity. You can always request a free credit report from AnnualCreditReport.com.
Check that you see the following on your credit report:
● Tough credit requests you don’t know about
● Inaccurate personal information (such as a change of address)
● Loans you did not take out
● Fraudulent accounts
● Accounts now in collections
Keep in mind that you must dispute each line item separately to have it removed from your report. The more fraudulent activity you find, the longer it will take to clear your credit report.
Notify the Federal Trade Commission
The Federal Trade Commission (FTC) is a government agency that helps you fight fraud by providing you with an official document proving your identity. In order to receive your FTC Identity Theft Report, you must submit the following to IdentityTheft.gov:
● Your real name
● Date of Birth
● Social Security Number
● Driver’s License Number
● Telephone number
● Email address
● Current home address and how long you have lived there
Replace any stolen ID cards
If your identity has been stolen through physical means, you will need to apply for a new driver’s license, social security card, or passport.
Contact the appropriate government agency to initiate the exchange process.
File a report with the police
You don’t always have to file a police report to recover from an identity theft, but your financial institution or insurance company may require one. You should also file a police report if you know for sure who stole your identity.
Contact your local police station emergency number and tell them you are a victim of fraud. They’ll likely ask to see your FTC report as well as physical evidence, so make sure you get that first before you come forward.
Change all your passwords and use a password manager
In the event of a data breach, you should change all of your passwords for your online accounts.
Your new passwords should ideally contain a combination of uppercase letters, lowercase letters, numbers and symbols. The more unique characters you use, the harder it will be to crack your password. The same applies to the password length. Short passwords are easier for hackers to guess. Although most websites only require passwords to be at least 8-10 characters long, try to make your passwords at least 11 characters long to be secure.
We know it’s difficult to remember all of your passwords, especially when they’re long and random. This is where a password manager comes into play.
Enable 2FA via authenticator apps
After you’ve reset your passwords, you should also take the time to set up two-factor authentication (2FA). You can do this with an authenticator app like Google Authenticator, Okta, or Onelogin. 2FA adds an extra layer of security to each of your accounts by requiring you to enter a one-time code. New codes are typically generated every 30 seconds and are only accessible to you through your chosen authentication app.
Avoid setting up 2FA with SMS if possible, as unfortunately login codes can be easily compromised or forged when sent via text.
Scan your devices for malware and viruses
If your identity has been electronically stolen, it is possible that your devices are infected with malware. Most antivirus programs can scan your devices and give you actionable steps to remove the malware.
Once the malware is deleted, your devices should function normally again.
protect yourself
Be as vigilant as possible when it comes to your personal data and information as there are many security holes on the internet. Be aware of your surroundings, destroy all physical documents containing sensitive information, and practice good password hygiene with your online accounts.
If you’re concerned about identity theft, you should also consider investing in a credit monitoring service to protect yourself and your family. Credit monitoring services and other tools give you peace of mind and warn you before a breach becomes even more catastrophic.