Understanding identity theft laws and your credit rights - your legal rights and how to use them in credit repair.
Resumen de la guía
Comprender las leyes sobre robo de identidad y sus derechos crediticios: sus derechos legales y cómo utilizarlos en la reparación de crédito.
Análisis profundo
Federal identity theft protections come from multiple statutes. The Identity Theft and Assumption Deterrence Act of 1998 (18 U.S.C. SS 1028) made identity theft a federal crime with penalties up to 15 years imprisonment. FACTA (2003) amended the FCRA to add specific identity theft rights including fraud alerts, credit freezes, and the right to block fraudulent tradelines.
The FCRA provides key protections for identity theft victims. Section 605A allows initial fraud alerts (1 year), extended fraud alerts (7 years), and active duty alerts for military personnel. Section 605B allows victims to block reporting of information resulting from identity theft by providing a copy of the FTC Identity Theft Report.
The FTC Identity Theft Report (filed at IdentityTheft.gov) is the cornerstone document for exercising identity theft rights. It generates a personalized recovery plan, provides a report that creditors and bureaus must accept, and serves as the basis for placing extended fraud alerts and blocking fraudulent accounts.
Step one: file a report at IdentityTheft.gov. The FTC's online system creates an Identity Theft Report and a personalized recovery plan with specific steps for your situation. Print the report, as you will need it for disputes, fraud alerts, and police reports.
Step two: contact all three credit bureaus. Place an extended fraud alert (7 years) at one bureau, which auto-propagates to the other two. Place credit freezes at all three. Request free copies of your reports to identify all fraudulent accounts.
Step three: contact every company where fraud occurred. Use the FTC Identity Theft Report to dispute fraudulent accounts. Under FCRA Section 605B, these companies must stop reporting the fraudulent information and stop trying to collect on it. File a local police report for any fraud involving physical documents or in-person impersonation.
When you provide an FTC Identity Theft Report, credit bureaus have specific obligations under FCRA. They must block the reporting of any information you identify as resulting from identity theft within 4 business days (Section 605B). They cannot re-insert blocked information unless they determine the block was requested in error.
Bureaus must provide free disclosure of your complete file to identity theft victims, beyond the standard annual free report. They must also exclude identity theft-related inquiries from reports provided to third parties, so that unauthorized hard pulls do not appear on your report.
If a bureau fails to block fraudulent information after receiving your Identity Theft Report, this constitutes a willful FCRA violation. Document the failure and consider legal action under Section 616 for statutory and punitive damages.
All 50 states have identity theft criminal statutes. Penalties range from misdemeanors to felonies depending on the amount of loss and number of victims. Many states also provide civil remedies allowing victims to sue identity thieves for damages.
Several states provide enhanced protections beyond the federal framework. California's identity theft law (Penal Code SS 530.5) allows victims to obtain court orders compelling businesses to release records related to the identity theft. New York requires credit bureaus to provide additional notifications to identity theft victims.
State data breach notification laws require companies to notify consumers when their personal information has been compromised. Most states require notification within 30-60 days of discovering the breach. Some states mandate free credit monitoring for affected consumers.
Proactive freezes at all credit bureaus (including specialty bureaus) are the single most effective preventive measure. Freeze your credit at Equifax, Experian, TransUnion, Innovis, NCTUE, and ChexSystems even if you have never been a victim.
Use strong, unique passwords for every financial account. Enable two-factor authentication wherever available. Monitor your credit reports quarterly and review bank and credit card statements monthly for unauthorized transactions.
Be cautious with personal information. Shred documents containing SSNs, account numbers, and dates of birth. Do not share personal information over phone or email unless you initiated the contact. Opt out of pre-screened credit offers at OptOutPrescreen.com.
Identity theft recovery is not a one-time event. Stolen personal information circulates on dark web marketplaces for years. Maintain credit freezes indefinitely and review your reports at least quarterly. Set up free monitoring services to alert you to new accounts or inquiries.
Keep your FTC Identity Theft Report, police report, and all dispute correspondence indefinitely. You may need these documents years later if the identity thief's data resurfaces. Some victims experience recurring fraud over a period of years.
Consider an IRS Identity Protection PIN (IP PIN) to prevent tax-related identity theft. The IRS assigns a 6-digit PIN that must be included on your tax return. Without the PIN, a fraudulent return cannot be filed in your name.
Resumen
Lista de verificación
Create your FTC Identity Theft Report and print it. This is the foundation document for all recovery steps.
Extended alert at one bureau (auto-propagates). Separate freezes at all three major bureaus plus specialty bureaus.
Use the FTC report to dispute fraudulent accounts and demand they stop reporting and collecting.
Required for some remedies and provides additional documentation of the crime.
Prevents tax-related identity theft. Apply at irs.gov/ippin.
Free monitoring services plus quarterly report reviews to catch recurring fraud.
Preguntas frecuentes
File a report at IdentityTheft.gov. The FTC generates an Identity Theft Report and a personalized recovery plan. This report is required for exercising many of your rights under the FCRA.
Extended fraud alerts for confirmed identity theft victims last 7 years (vs. 1 year for initial alerts). Place the alert at one bureau and it auto-propagates to all three.
Yes. Under FCRA Section 605B, provide your FTC Identity Theft Report to the bureau, identify the fraudulent accounts, and the bureau must block them within 4 business days.
Freeze credit at all 6 bureaus, use strong unique passwords with 2FA, monitor reports quarterly, shred sensitive documents, and opt out of pre-screened offers at OptOutPrescreen.com.