Análisis profundo
Desglose paso a paso
Paso 1. Discover and Document the Full Scope of the Theft
Identity theft recovery begins with a thorough assessment of how your information has been misused. Pull credit reports from all three bureaus at AnnualCreditReport.com and examine every tradeline, inquiry, and personal detail. The FTC received 1.4 million identity theft reports in 2023, and the median time to detect theft was 3 months, meaning significant damage may have accumulated before discovery.
Catalog every fraudulent account, unauthorized inquiry, and incorrect personal information across all three reports. Create a spreadsheet with columns for the creditor name, account number, date opened, current balance, bureau(s) reporting, and dispute status. This document becomes your master recovery tracker and will be referenced dozens of times throughout the process.
Check beyond credit reports. Review bank statements for unauthorized transactions, check the IRS for fraudulent tax returns filed in your name (request a tax transcript at irs.gov/individuals/get-transcript), and verify your Social Security statement at ssa.gov for unreported earnings. Identity theft often extends beyond credit accounts into tax fraud, medical identity theft, and employment fraud.
- Pull reports from all three bureaus and catalog every fraudulent account in a dedicated spreadsheet
- Check IRS tax transcripts for fraudulent returns filed using your SSN
- Review Social Security statements for wages from employers you have never worked for
- Check bank and brokerage accounts for unauthorized transactions or address changes
- Request your full file from ChexSystems to identify unauthorized bank accounts
Paso 2. File Official Reports With the FTC and Law Enforcement
File your identity theft report at IdentityTheft.gov, the FTC's centralized reporting portal. This generates a personalized recovery plan with pre-filled letters for each fraudulent account, step-by-step instructions organized by the type of fraud, and an official FTC Identity Theft Report number. This report is legally recognized under FCRA Section 603(q) and triggers specific protections.
File a police report with your local law enforcement agency. Bring copies of your credit reports with fraudulent items highlighted, the FTC Identity Theft Report, and any evidence of the fraud. Some jurisdictions have dedicated financial crimes units that handle identity theft. If your local police do not take the report, contact your state attorney general's office.
If the theft involved the US Postal Service (change of address fraud, stolen mail), file a complaint with the US Postal Inspection Service at postalinspectors.uspis.gov. Postal identity theft is a federal crime investigated by USPIS, and filing with them can lead to federal prosecution, which typically results in more significant law enforcement attention than local police reports.
- File at IdentityTheft.gov first to generate the official FTC Identity Theft Report and recovery plan
- File a local police report with highlighted credit reports and the FTC report as documentation
- Contact the US Postal Inspection Service if mail theft or fraudulent address changes are involved
- Keep all report numbers, dates, and officer names in your recovery tracker spreadsheet
Paso 3. Dispute Fraudulent Accounts With Bureaus and Creditors
Send dispute letters to each bureau reporting fraudulent accounts. Include the FTC Identity Theft Report and a copy of the police report. Under FCRA Section 605B, bureaus must block fraudulent information within 4 business days of receiving an identity theft report with proper documentation. Send disputes by certified mail with return receipt requested for documentation purposes.
Simultaneously contact each creditor that opened a fraudulent account. Under FCRA Section 609(e), creditors must provide copies of applications and transaction records for fraudulent accounts within 30 days of your request when accompanied by an identity theft report and police report. This evidence may help law enforcement identify the perpetrator.
For existing accounts that were taken over (unauthorized address changes, additional users, or balance transfers), contact the creditor's fraud department to reverse unauthorized transactions and restore original account details. Under Regulation Z (credit cards) and Regulation E (debit/electronic funds), you have specific timeframes for disputing unauthorized transactions: 60 days for credit cards and 2 to 60 days for debit cards.
- Send bureau disputes by certified mail with the FTC report, police report, and identity documentation
- FCRA Section 605B requires bureaus to block fraudulent information within 4 business days
- Request fraudulent application copies from creditors under FCRA Section 609(e)
- Contact fraud departments for taken-over accounts to reverse unauthorized changes and transactions
- Dispute unauthorized credit card charges within 60 days under Regulation Z for full protection
Paso 4. Secure All Accounts and Prevent Further Damage
Place credit freezes at all three bureaus immediately if not already in place. Place fraud alerts for additional verification. Freeze specialty reports at ChexSystems, LexisNexis, and NCTUE. Request an IRS Identity Protection PIN to prevent future tax fraud. These protective measures form a perimeter defense that blocks the most common identity theft vectors.
Change passwords on all financial accounts, email accounts, and any account that stores personal information. Use a password manager to generate unique passwords of 16 or more characters for each account. Enable multi-factor authentication everywhere it is available, prioritizing financial institutions, email providers, and government accounts (SSA, IRS).
Contact the Social Security Administration at 800-772-1213 if your SSN is being used for employment fraud. SSA can review your earnings record and flag your SSN for monitoring. In extreme cases of ongoing, documented identity theft that cannot be resolved through other measures, SSA may issue a new SSN, though this is rare and creates its own complications with credit history.
- Place credit freezes at Equifax, Experian, TransUnion, ChexSystems, LexisNexis, and NCTUE
- Request an IRS Identity Protection PIN at irs.gov/ippin
- Change all passwords using a password manager with 16+ character unique passwords
- Enable MFA with an authenticator app on all financial, email, and government accounts
- Contact SSA at 800-772-1213 if your SSN is used for employment fraud
Paso 5. Track Dispute Progress and Follow Up Systematically
Bureaus must investigate disputes within 30 days of receipt (45 days if you submit additional documentation during the investigation). Under FCRA Section 611, if the bureau cannot verify the disputed information with the furnisher, it must be deleted. Request investigation results in writing, which the bureau must provide within 5 business days of completion.
Use your recovery tracker to monitor the status of every dispute. Color-code items as pending, resolved, or requiring follow-up. Set 30-day calendar reminders for each dispute filed. If a bureau does not respond within 30 days, the information must be removed by operation of law. File a CFPB complaint at consumerfinance.gov if bureaus miss deadlines.
Creditors have their own investigation timelines. Under Regulation Z, credit card issuers must acknowledge billing error disputes within 30 days and resolve them within 90 days (two billing cycles). During the investigation, the disputed amount cannot be reported as delinquent. If the creditor finds the charges were unauthorized, they must credit your account and cease all collection activity.
- Bureau disputes must be investigated within 30 days; unverifiable items must be deleted
- Request written dispute results from each bureau within 5 business days of completion
- Credit card billing disputes must be resolved within 90 days under Regulation Z
- File CFPB complaints if bureaus or creditors miss investigation deadlines
Paso 6. Rebuild Credit and Maintain Long-Term Vigilance
After fraudulent accounts are removed, your credit score may initially drop because the fraudulent accounts, if they had positive payment histories, were contributing to your score. This is normal and temporary. Your score will stabilize based on your legitimate credit history within 1 to 3 statement cycles as bureaus recalculate.
Continue monitoring credit reports monthly for at least 12 months after the last fraudulent account is resolved. Identity thieves frequently attempt repeat fraud, and information sold on the dark web circulates indefinitely. Approximately 33% of identity theft victims experience repeat victimization according to the Bureau of Justice Statistics.
Maintain an identity theft affidavit file with copies of all reports, dispute letters, creditor correspondence, and resolution confirmations. Keep this file for at least 7 years, as fraudulent accounts could potentially reappear on credit reports due to data furnisher errors. Having documentation readily available enables rapid re-dispute if issues resurface.
- Expect temporary score fluctuations as fraudulent accounts are removed and scores recalculate
- Monitor credit reports monthly for at least 12 months after the last dispute is resolved
- 33% of identity theft victims experience repeat victimization per the Bureau of Justice Statistics
- Maintain a complete documentation file for at least 7 years to support potential re-disputes
