Log in links for this page

Recovering from Identity Theft

This guide will assist you in learning the warning signs of identity theft and how best to respond when you believe you are a victim.

Having your identity stolen can be scary, invasive and have damaging effects on your finances, medical records and reputation. Identity theft occurs when someone steals your personally identifiable information (‘PII’) to commit fraud. Identify theft tactics often involve the use of sophisticated digital scams such as phishing, sms phishing, malicious websites, and the exploitation of weak passwords to defraud you of your PII. Identity thieves can then use this information for a myriad of nefarious purposes – from opening new financial accounts to financing medical procedures. The widespread use of the internet and e-commerce has provided fertile ground for fraudsters and identity thieves.

Table of Contents

Unemployment Fraud Information

Warning Signs of Identity Theft

Online identity theft can take a variety of forms, but there are several tried and true warning signs that your identity has been compromised including:

  • Unrecognized bills for items and services you did not buy, accounts you did not open, or medical services you did not utilize.
  • Charges on your credit card and/or bank statements that you do not recognize.
  • Unexplained withdrawals from your bank account.
  • Receiving calls from debt collectors or collection agencies about a debt that is not yours.
  • Notification that more than one tax return was filed in your name.
  • An inexplicable denial of credit.

What to do if you believe you are a victim

1. Contact the Companies and Banks where you know Identity Fraud has occurred

Call the fraud departments at the financial institutions and companies where you know the identity thief has used your personal information. At this point you may need to freeze or close compromised accounts.

2. Contact the “Big Three” Credit Reporting Agencies

Contact the “Big Three” Credit Reporting Agencies (‘CRA’) – Equifax, Experian, and TransUnion. Individual CRAs are legally required to alert and share information with the other two agencies but it is generally advisable to reach out to each CRA individually to be sure they are alerted as soon as possible.

Request a fraud alert from the agency/s you contacted. This will last for one year and require a business to verify your identity before opening any new lines of credit.


credit bureau contact information

Credit Bureau Contact Information

3. Ask for copies of your Credit Report

If you are confirmed to be a victim of identity theft, you may be eligible for an extended seven-year fraud alert.

After you have contacted the Credit Reporting Agencies and placed an initial fraud alert, request a free copy of your Credit Report from each of the three agencies. The Fair Credit Reporting Act (‘FCRA’) requires each of the nationwide credit reporting companies — Equifax, Experian, and TransUnion — to provide you with a free copy of your credit report, at your request, once every 12 months.

Equifax, Experian, and TransUnion have set up a central website, a toll-free telephone number, and a mailing address through which you can order your free annual report. To order your three credit reports, visit www.annualcreditreport.com, call 1-877-322-8228, or complete the Annual Credit Report Request Form and mail it to:

Annual Credit Report Request Service
P.O. Box 105281
Atlanta, GA 30348-5281

If you have an extended fraud alert in place you are eligible to receive two free credit reports from each of the credit bureaus within 12 months after you placed the alert

4.     Place a Security Freeze on your Credit Report

If you know that your identity has been stolen, it may be advisable to place a Security Freeze on your credit report. This will prohibit any of the three Credit Reporting Agencies from releasing any and all information in your credit report without your express approval. This provides you with an additional layer of personal security by prohibiting a CRA from approving new credit, loans, or other services in your name without your explicit authorization.

5.     Review your Credit Reports and Remove Fraudulent Information

Review each of your three Credit Reports for fraudulent information. If you find any incorrect or fraudulent info that requires removal, contact the corresponding CRA.

The Federal Trade Commission (‘FTC’) has made available a sample template that you can use for drafting removal requests.

6.     Change Passwords for Affected Accounts

Change the passwords for any accounts affected by the identity theft. Be sure to use established best practices when creating passwords including the use of diverse alphanumeric combinations, avoiding obvious or identifying information (like your date of birth), and not reusing duplicate passwords across accounts.

There are several secure password managers available for purchase that can assist you in generating and keeping track of best-practice passwords and eliminating the use of duplicate passwords across accounts.

Helpful Tips and Resources

  • You may need to file a report with your local law enforcement agency. Even if your local police department or sheriff’s office doesn’t have jurisdiction over the crime, your banks, creditors, other businesses, credit bureaus and debt collectors may need to be provided a copy of the police report.
  • If your personal information has been stolen through a corporate data breach you will likely be contacted by the business or agency whose data was compromised with additional instructions as appropriate. Depending on the type of PII obtained, these letters may include free credit monitoring and services. You may also contact the organization’s IT security officer for more information.
  • IdentityTheft.Gov is a great resource, made available by the FTC and IRS, that lets people report tax-related identity theft to the IRS online. The site also help victims make an identity theft recovery plan, with guidance including how to place a fraud alert on your credit files, check your credit reports, and take other steps to stop the identity theft from harming other of your accounts.

Additional Resources



Cybersecurity questions: CommonwealthCISO@mass.gov
Risk management questions: ERM@mass.gov
Report cybersecurity or data breach: eotss-soc@mass.gov


McCormack Building
1 Ashburton Place, 8th Floor
Boston, MA 02108