FTC IdentityTheft.gov: How to Use the Official Resource

IdentityTheft.gov is the Federal Trade Commission's centralized portal for identity theft victims, providing a structured, step-by-step recovery workflow backed by federal statutory authority. The platform generates personalized recovery plans, pre-filled dispute letters, and official FTC Identity Theft Reports — documents that carry legal weight under the Fair Credit Reporting Act (FCRA). Understanding how the platform is structured and what it can and cannot accomplish is essential for victims, advocates, and professionals navigating the identity theft reporting process.

Definition and scope

IdentityTheft.gov is operated by the Federal Trade Commission under its mandate to protect consumers from deceptive and unfair practices, including identity-based fraud. The platform replaced the prior FTC Identity Theft Clearinghouse process and consolidates victim intake, documentation generation, and recovery guidance into a single federal web property.

The FTC defines identity theft as a fraud committed or attempted using another person's identifying information without authority (FTC, Identity Theft Resources). The platform addresses the full spectrum of identity theft variants catalogued in federal enforcement records, including financial identity theft, tax identity theft, medical identity theft, and account takeover fraud.

The FTC received 1.4 million identity theft reports in 2023 (FTC Consumer Sentinel Network Data Book 2023), making IdentityTheft.gov the primary federal intake point for a high-volume enforcement dataset. Reports submitted through the portal feed directly into the Consumer Sentinel Network, a law enforcement database accessible to more than 2,700 federal, state, and local agencies.

How it works

The platform operates through a sequential intake and documentation workflow. Victims navigate a decision-tree interface that categorizes the type of theft and generates a tailored recovery plan. The core process unfolds in five discrete phases:

1. Report submission — The victim describes the specific fraud, including account types affected, the approximate date of discovery, and whether new fraudulent accounts were opened or existing accounts were compromised.
2. FTC Identity Theft Report generation — The platform produces a signed, pre-filled FTC Identity Theft Report. Under 15 U.S.C. § 1681c-2 of the FCRA, this report gives victims the right to block fraudulent tradelines from their credit files within four business days of providing the report to a credit bureau.
3. Personalized recovery plan — The system outputs a checklist specific to the reported fraud type, referencing which creditors, agencies, or bureaus to contact and in what sequence.
4. Pre-filled dispute letters — Template letters addressed to credit bureaus, banks, and the IRS (where applicable) are generated with the victim's reported information pre-populated, reducing administrative error during the identity restoration process.
5. Progress tracking — Victims may create an account to save their plan and track which recovery steps have been completed.

The FTC Identity Theft Report produced by the platform is a legally operative document. It is not equivalent to a police report, but it satisfies the evidentiary threshold required by credit bureaus under the FCRA for blocking fraudulent information. For circumstances requiring law enforcement documentation, a separate identity theft police report serves a complementary function.

Common scenarios

The platform is structured to handle distinct theft categories, each of which triggers a different recovery workflow.

Existing account fraud — A fraudster gains access to an open credit card, bank account, or loan account. The recovery plan prioritizes direct creditor contact, account closure, and credit bureau fraud alerts. This category maps to identity theft and existing accounts.

New account fraud — A fraudster opens accounts in the victim's name using stolen personal identifiers. The FTC report enables extended fraud alerts and supports blocking of fraudulent tradelines. See the dedicated reference on new account fraud explained.

Tax identity theft — A fraudulent return is filed using the victim's Social Security Number. The portal generates IRS Form 14039 (Identity Theft Affidavit) referencing instructions and directs victims to the IRS Identity Protection PIN program (IRS Taxpayer Guide to Identity Theft).

Medical identity theft — A fraudster uses the victim's insurance credentials to obtain healthcare services or prescription drugs (HHS Office for Civil Rights – HIPAA and Medical Identity Theft). The platform's guidance for this variant includes steps for contacting insurers and requesting Explanation of Benefits audits.

Child identity theft — Children's Social Security Numbers are targeted because clean credit histories go unmonitored for years. The platform includes a dedicated pathway for child identity theft that guides parents through bureau inquiries and freezes.

Decision boundaries

IdentityTheft.gov serves defined functions and operates within explicit limitations that determine when supplementary resources or agencies must be engaged.

What the platform does:
- Generates FTC Identity Theft Reports with federal legal standing under FCRA § 1681c-2
- Produces pre-filled letters for Equifax, Experian, and TransUnion
- Issues personalized recovery checklists segmented by fraud type
- Feeds reported data to law enforcement via Consumer Sentinel

What the platform does not do:
- File criminal charges or initiate law enforcement investigations
- Contact creditors, bureaus, or agencies on the victim's behalf
- Freeze credit files directly — victims must place freezes separately with each bureau (see how to place a credit freeze and credit freeze vs. fraud alert)
- Provide legal counsel or formally dispute accounts; the identity theft affidavit process is a separate procedural step

The distinction between an FTC Identity Theft Report and a notarized Identity Theft Affidavit is operationally significant. The FTC report satisfies FCRA block requirements for credit bureaus. A notarized affidavit is typically required by individual creditors to reverse specific fraudulent charges. The two documents often work in conjunction during extended recovery processes.

For synthetic identity fraud — where fabricated identities blend real Social Security Numbers with fictitious biographical data — the portal's standard workflow may not capture the full scope of harm, because synthetic identities often do not appear on the victim's credit report (Federal Reserve – Synthetic Identity Fraud, 2019). Victims in these cases should also consult the synthetic identity fraud reference and engage the Social Security Administration directly.

Social Security Number protection practices and data breach response for individuals represent upstream prevention disciplines that reduce the conditions requiring IdentityTheft.gov use in the first place.

References

• FTC – IdentityTheft.gov
• FTC Consumer Sentinel Network Data Book 2023
• FTC – Identity Theft Resources
• CFPB – Fair Credit Reporting Act (FCRA)
• 15 U.S.C. § 1681c-2 – Block of Information Resulting from Identity Theft
• IRS – Taxpayer Guide to Identity Theft
• HHS Office for Civil Rights – HIPAA and Medical Identity Theft
• Federal Reserve – Synthetic Identity Fraud (2019)
• NIST SP 800-122 – Guide to Protecting the Confidentiality of PII