FTC IdentityTheft.gov: How to Use the Official Resource

IdentityTheft.gov is the Federal Trade Commission's centralized federal portal for identity theft victims operating across the United States. The platform generates legally recognized documentation, structured recovery workflows, and pre-filled dispute letters under the authority of the Fair Credit Reporting Act (FCRA). For victims, advocates, caseworkers, and professionals working the identity protection providers landscape, understanding the platform's structural capabilities and hard limits determines how effectively it can be deployed in a real recovery process.

Definition and scope

IdentityTheft.gov is operated by the Federal Trade Commission under its statutory consumer protection mandate, consolidated from the prior FTC Identity Theft Clearinghouse into a unified federal web property. The FTC defines identity theft as fraud committed or attempted using another person's identifying information without authority — a definition that maps directly to the intake categories available on the platform.

The platform's scope spans the full taxonomy of identity theft variants tracked in federal enforcement records. These include financial account fraud, new account fraud, tax identity theft, medical identity theft, government benefits fraud, and employment identity theft. According to the FTC Consumer Sentinel Network Data Book 2023, the FTC received over 1 million identity theft reports through IdentityTheft.gov in 2022 alone, making it the single largest federal intake mechanism for this category of consumer harm.

The platform's regulatory foundation rests on 15 U.S.C. § 1681c-2, which compels credit bureaus to block information resulting from identity theft when a victim presents a valid FTC Identity Theft Report. This statutory linkage is what distinguishes an FTC Identity Theft Report from a general police report or a self-written dispute letter — the report carries enforceable weight under federal law.

IdentityTheft.gov does not provide legal representation, initiate law enforcement investigations, or guarantee outcomes with creditors. Its defined role is documentation generation and recovery guidance within the civil dispute framework established by the FCRA and related statutes. For a broader orientation to how this platform fits the identity protection service sector, see the .

How it works

The platform operates through a sequential intake and output process structured in 4 discrete phases:

  1. Incident intake — The victim selects from a categorized list of identity theft types (e.g., credit card fraud, tax fraud, government documents fraud). The platform branches the workflow based on the specific fraud type reported.

  2. FTC Identity Theft Report generation — Upon completing intake, the platform generates an official FTC Identity Theft Report. This document is not a police report substitute but is specifically recognized under 15 U.S.C. § 1681c-2 as sufficient to trigger the credit bureau blocking obligation as processing allows of receipt.

  3. Personalized recovery plan — The platform produces a stepwise action checklist tailored to the fraud type reported. Plans for tax identity theft include IRS-specific steps referencing the IRS Taxpayer Guide to Identity Theft; plans involving medical records reference the HHS Office for Civil Rights HIPAA framework.

  4. Pre-filled dispute letters — The platform generates populated letters addressed to the 3 major credit bureaus (Equifax, Experian, and TransUnion), specific creditors, and relevant agencies. Victims download, print, and submit these letters — the FTC does not transmit them on the victim's behalf.

The platform maintains a saved account feature allowing victims to track completed steps, update incident details, and generate revised documentation as new fraudulent accounts are discovered.

Common scenarios

Financial account and new account fraud — The highest-volume category in federal records. The FTC Identity Theft Report generated through IdentityTheft.gov triggers credit bureau blocking obligations under FCRA and supports extended fraud alert placement under 15 U.S.C. § 1681c-1.

Tax identity theft — When a fraudulent tax return has been filed using a victim's Social Security Number, IdentityTheft.gov generates an IRS-specific recovery plan and directs victims to IRS Form 14039 (Identity Theft Affidavit). The IRS operates a separate Identity Protection PIN program outside IdentityTheft.gov's direct scope.

Medical identity theft — Fraudulent use of a victim's identity to obtain medical services or insurance benefits. The platform provides HIPAA-linked guidance directing victims to the treating provider and to the HHS Office for Civil Rights for insurance record correction. Medical identity theft carries compounding risk because corrupted records can affect clinical treatment decisions.

Synthetic identity fraud — A distinct variant in which a fabricated identity combines a real Social Security Number with fictitious personal information. The Federal Reserve's 2019 analysis of synthetic identity fraud identified it as the fastest-growing financial crime in the United States at that time. IdentityTheft.gov's workflow addresses the real SSN holder's exposure but does not resolve the broader synthetic identity file, which may require Social Security Administration engagement.

Government benefits fraud — Fraudulent claims filed under a victim's identity with agencies including the Social Security Administration or state unemployment systems. The platform generates agency-specific steps; however, benefits correction requires direct interaction with each agency.

Decision boundaries

Understanding what IdentityTheft.gov covers — and where its authority ends — is essential for routing victims to the correct resolution path.

IdentityTheft.gov handles:
- FTC Identity Theft Report generation with FCRA-enforceable status
- Credit bureau dispute letter preparation for all 3 major bureaus
- Personalized action plans covering 12+ fraud subtypes
- Pre-filled letters to creditors and federal agencies

IdentityTheft.gov does not handle:
- Criminal investigations — those require local law enforcement or the FBI's Internet Crime Complaint Center (IC3)
- Direct transmission of dispute letters to creditors or bureaus
- Legal representation or advocacy on the victim's behalf
- Data breach notifications from companies — those are governed by state breach notification laws across all 50 states and sector-specific federal rules under HIPAA and the FTC's 16 C.F.R. Part 603

Comparing FTC Identity Theft Report vs. police report: A police report is issued by a law enforcement agency and may carry weight in criminal proceedings. An FTC Identity Theft Report is a civil consumer protection document issued through IdentityTheft.gov that carries statutory force under FCRA specifically for credit-related disputes and information blocking. Neither document substitutes for the other in every context — financial institutions frequently accept both, but FCRA's blocking provision at 15 U.S.C. § 1681c-2 is triggered specifically by the FTC report, not the police report.

For professionals and researchers evaluating platform utility across the identity protection service sector, the how to use this identity protection resource reference page details how IdentityTheft.gov is classified and cross-referenced within this network's framework.

 ·   · 

References

Read Next

Identity Protection Listings ANA › Professional Services Authority Authority › National Cyber Authority Authority › Identity Protection Authority Identity Protection Providers The identity... Identity Protection Directory: Purpose and Scope ANA › Professional Services Authority Authority › National Cyber Authority Authority › Identity Protection Authority Identity Protection Network: Purpose and Scope... Disputing Fraudulent Accounts on Your Credit Report ANA › Professional Services Authority Authority › National Cyber Authority Authority › Identity Protection Authority Disputing Fraudulent Accounts on Your Credit...