Identity Theft Protection

What is identity theft? A complete guide to how it works, what it costs, and how to protect yourself

Rianna Last | Identity Safety Writer
Rianna Last | Identity Safety Writer Author
Updated on 12 min read

What is identity theft? Identity theft is a crime in which someone obtains and uses another person's personal information, without their knowledge or consent, to commit fraud, access financial accounts, obtain services, or assume that person's identity for personal gain. It is one of the most widespread financial crimes in the United States, affecting millions of people every year across every age group, income level, and demographic.

The damage from identity theft extends well beyond stolen money. Victims often spend months, sometimes years, correcting fraudulent records, disputing unauthorized charges, and rebuilding credit that took a lifetime to establish. Understanding what identity theft is, how it happens, and what forms it takes is the first step toward meaningful protection.

Quick definitions

Definition

Identity theft: The unauthorized acquisition of another person's personally identifiable information (PII) for the purpose of fraud or financial gain.

Definition

Personally identifiable information (PII): Any data that can be used to identify a specific individual, including Social Security numbers, dates of birth, financial account numbers, login credentials, medical ID numbers, and driver's license numbers.

Definition

Identity fraud: The use of stolen personal information to commit a crime. Identity theft and identity fraud are closely related; theft refers to the acquisition of the information, while fraud refers to its misuse.

How identity theft happens

Identity theft begins with the acquisition of personal information. Thieves use a range of methods, some highly technical and others surprisingly low-tech, to obtain what they need.

Common methods include:

  • Phishing: Fraudulent emails, text messages, or websites designed to trick people into surrendering login credentials, Social Security numbers, or financial account information. Phishing remains the most frequently reported contact method for fraud, according to FTC data1.
  • Data breaches: Large-scale exposures of consumer information from corporations, healthcare providers, government agencies, and financial institutions. When trusted organizations are compromised, individual consumers become collateral damage, even if they did nothing wrong.
  • Mail theft: Stolen financial statements, pre-approved credit card offers, tax documents, or medical bills can give thieves enough information to open accounts in a victim's name.
  • Social engineering: Criminals pose as bank representatives, government officials, or tech support agents to manipulate victims into disclosing sensitive information over the phone or online.
  • Skimming: Physical devices installed on ATMs or gas station payment terminals capture card numbers and PINs without the cardholder's awareness.
  • Dark web purchases: Stolen personal data, including Social Security numbers, credit card numbers, and login credentials, is routinely bought and sold on dark web marketplaces long after the original breach occurred.
An example Social Security card

The scale of identity theft in the United States

The scope of identity theft in the United States is significant and growing. In 2024, the Federal Trade Commission2 received more than 1.1 million identity theft reports and over 2.6 million fraud complaints, with total reported losses exceeding $12.5 billion. That figure represents a 25 percent increase over 2023. Identity theft represented 18 percent of all consumer reports submitted to the FTC's Consumer Sentinel Network that year.

Those numbers likely understate the true scale of the problem. Many victims never report incidents, and many instances of identity theft go undetected for months or even years.

The median financial loss per fraud case was approximately $497 in 2024. For older Americans, losses tend to be considerably higher. Median losses for victims aged 70 to 79 were around $1,000, and losses for those 80 and older averaged $1,650.

Key statistics at a glance:

  • 1.1+ million identity theft reports filed with the FTC in 2024
  • $12.5 billion in total reported fraud losses in 2024, up 25% from 2023
  • Identity theft made up 18% of all FTC Consumer Sentinel Network reports in 2024
  • Median loss per fraud case: approximately $497
  • Median loss for victims aged 80 and older: $1,650

Types of identity theft

Identity theft is not a single crime. It encompasses a wide range of schemes that target different aspects of a person's identity. Understanding each type helps individuals recognize warning signs earlier and respond more effectively.

Financial identity theft

Definition

Financial identity theft occurs when someone uses stolen personal information to make unauthorized purchases, open new credit accounts, take out loans, or drain existing bank or investment accounts.

Financial identity theft is the most common form of the crime. Victims often discover it only after receiving unfamiliar collection notices, unexplained charges on statements, or a credit score drop that appears without a clear cause. The stolen information may include credit card numbers, bank account credentials, Social Security numbers, or combinations of all three.

Credit card fraud

Definition

Credit card fraud is a form of financial identity theft in which a criminal uses stolen card information to make unauthorized purchases or withdrawals.

Credit card fraud was the single most reported type of identity theft in the United States throughout 2024 and into 2025, according to FTC data. Criminals obtain card information through phishing, skimming, or data breaches and use it to make purchases before the cardholder notices.

Medical identity theft

Definition

Medical identity theft occurs when someone uses another person's name, Social Security number, health insurance details, or Medicare number to obtain medical care, prescription drugs, or insurance reimbursements without authorization.

This type of theft carries consequences beyond financial loss. A thief's medical history may become intertwined with the victim's records, which can affect future care decisions. The FTC's consumer guidance3 recommends requesting medical records from all providers where your information may have been used if you suspect medical identity theft.

Tax identity theft

Definition

Tax identity theft happens when someone files a fraudulent tax return using another person's Social Security number to claim a refund before the legitimate taxpayer files.

Victims typically discover this type of theft only when they attempt to file their own return and learn that one has already been submitted in their name. The IRS offers an Identity Protection PIN (IP PIN) program that assigns a six-digit code to verified taxpayers, which must be included on any return filed under that Social Security number.

Child identity theft

Definition

Child identity theft occurs when a criminal uses a minor's Social Security number or personal information to open credit accounts, apply for loans, or access government benefits.

Children are particularly attractive targets because minors typically have clean credit histories and no existing financial accounts that might trigger fraud alerts. A thief can use a child's Social Security number, and the fraud may go undetected for a decade or more, until the child becomes an adult and applies for credit. By then, significant damage may already exist on a credit file the child never knew they had.

Synthetic identity theft

Definition

Synthetic identity theft is a type of fraud in which a criminal combines a legitimate Social Security number with fabricated personal details, such as a false name, address, and date of birth, to construct a fictional identity.

Synthetic identity theft is one of the fastest-growing and most difficult-to-detect forms of the crime. Thieves often target Social Security numbers belonging to children, elderly individuals, or people with little credit activity. According to TransUnion5, synthetic identity fraud attempts grew 153 percent from the second half of 2023 to the first half of 2024 alone.

Fraudsters often spend months or years building credit files for synthetic identities, establishing account histories to make the identities appear legitimate, before ultimately maxing out available credit and abandoning the accounts. Because the synthetic identity does not fully correspond to any real person, it frequently evades traditional fraud detection systems.

Criminal identity theft

Definition

Criminal identity theft occurs when someone arrested or stopped by law enforcement provides a victim's name and personal information rather than their own, resulting in a false criminal record being attached to the victim's identity.

This type of theft can affect employment background checks, housing applications, and professional licensing. Victims often have no idea a false record exists until they are denied employment or receive legal correspondence for citations or warrants they never incurred.

Account takeover fraud

Definition

Account takeover fraud occurs when a criminal gains unauthorized access to an existing account, such as a bank account, email account, or social media profile, and uses it for financial gain or further fraud.

Rather than opening a new account, account takeover criminals use stolen login credentials, often obtained through phishing or data breaches, to change passwords, transfer funds, or use stored payment methods. Because these transactions involve established accounts with existing histories, they can be harder for financial institutions to flag immediately.

Senior identity theft

Definition

Senior identity theft refers to schemes that disproportionately target adults aged 65 and older, who tend to have higher savings, stronger credit scores, and greater accumulated assets than younger demographics.

Older adults may be less familiar with digital fraud tactics or more susceptible to phone-based social engineering. Median financial losses for elderly victims are consistently higher than those reported by other age groups, according to FTC data. Florida, which has one of the highest concentrations of adults 65 and older, also has the highest identity theft report rate per 100,000 residents in the country.

Warning signs your identity may have been stolen

Recognizing identity theft early can significantly reduce its impact. The sooner a victim identifies and reports fraud, the more limited the financial and credit damage tends to be.

Common warning signs include:

  • Unfamiliar accounts or hard inquiries appearing on your credit report
  • Bills or collection notices for debts you do not recognize
  • Missing mail or expected financial statements that never arrive
  • Being denied credit for no apparent reason, despite a good credit history
  • Medical explanation-of-benefits statements listing care you never received
  • Notices from the IRS about duplicate tax returns or income from employers you do not recognize
  • Alerts from your bank or creditors about activity you did not authorize
  • Calls or letters from collection agencies about accounts you did not open

What to do if your identity is stolen: A step-by-step guide

Acting quickly limits the extent of the damage. If you believe your identity has been compromised, take the following steps:

  1. Place a fraud alert with one of the three major credit bureaus: Equifax, Experian, or TransUnion. The bureau you contact is required to notify the other two. A fraud alert requires creditors to take additional verification steps before opening new accounts in your name.
  2. Review your credit reports for any accounts or inquiries you do not recognize. Free reports are available at AnnualCreditReport.com from all three bureaus.
  3. Consider a credit freeze, which restricts new creditors from accessing your credit file entirely. Unlike a fraud alert, a freeze stays in place until you lift it and is the stronger of the two protections.
  4. File a report with the FTC at IdentityTheft.gov. The site generates a personalized recovery plan based on the specific type of theft you have experienced.
  5. File a police report if your identity was used to commit a crime or if creditors require documentation to support your fraud claim.
  6. Contact affected financial institutions directly to dispute fraudulent charges and close or secure compromised accounts.
  7. Change passwords on any accounts that may have been accessed, and enable two-factor authentication wherever it is available.

Why identity theft is harder to resolve than most people expect

The popular assumption is that identity theft victims quickly dispute fraudulent charges and move on. In practice, resolution is often far more complicated. According to research from the Identity Theft Resource Center4, nearly half of victims who sought professional assistance reported that their issues remained unresolved twelve months after discovery.

The complexity varies substantially by theft type. Financial fraud tied to existing accounts tends to be resolved more quickly because financial institutions have established dispute processes. Synthetic identity theft, medical identity theft, and criminal identity theft can require extensive documentation and coordination across multiple institutions, government agencies, and credit bureaus before a victim is made whole.

How to protect yourself from identity theft

Prevention does not guarantee immunity. Large-scale data breaches can expose your information regardless of your personal security habits. Reducing your attack surface, however, meaningfully lowers your exposure and shortens the window between when fraud begins and when you discover it.

Practical protective measures include:

  • Monitoring your credit reports regularly for unauthorized accounts or inquiries
  • Placing a credit freeze on your file if you are not actively seeking new credit
  • Using strong, unique passwords for each account and a password manager to store them securely
  • Enabling multi-factor authentication on financial accounts, email accounts, and any platform storing sensitive information
  • Being cautious about what you share on social media, which can supply thieves with answers to common security questions
  • Shredding sensitive physical documents before disposal, including pre-approved credit card offers and financial statements
  • Staying alert to phishing attempts, particularly messages that create urgency or request personal information
  • Enroll in dark web monitoring to receive alerts if your information appears in known breach databases
  • Using real-time credit and identity monitoring tools that alert you to changes as they happen, rather than requiring you to check manually

The role of data breaches in identity theft

A significant portion of identity theft originates not from individual targeting but from the downstream effects of large-scale data breaches at major organizations. When banks, healthcare networks, social media platforms, or retailers suffer security incidents, the exposed data, including names, addresses, Social Security numbers, and login credentials, often makes its way onto dark web markets. That data is then purchased and used by identity thieves months or years after the original breach.

The Identity Theft Resource Center's 2024 Annual Data Breach Report found that 2024 had the second-highest number of data compromises in U.S. history. Five "mega breaches" alone generated between 100 million and 560 million victim notices each. This means that even careful, security-conscious consumers can find their information circulating without any action on their part.

Ongoing monitoring, rather than reactive measures taken only after fraud is detected, provides meaningfully stronger protection.

Identity theft vs. identity fraud: What is the difference?

These terms are often used interchangeably, but they describe slightly different elements of the same crime.

  • Identity theft refers to the unauthorized acquisition of personal information.
  • Identity fraud refers to the use of that stolen information to commit a crime, such as opening accounts, filing false tax returns, or obtaining medical care.

In practice, the two almost always occur together, which is why most laws, reporting systems, and protection services treat them as a unified issue.

Frequently asked questions about identity theft

Q: What is identity theft?

A: Identity theft is the unauthorized acquisition and use of another person's personal information to commit fraud or financial crimes. It is one of the most commonly reported crimes in the United States, with more than 1.1 million reports filed with the FTC in 2024 alone.

Q: What information do identity thieves typically target?

A: Social Security numbers are the most valuable piece of data for identity thieves because they serve as a universal identifier across financial, medical, and government systems. Beyond Social Security numbers, thieves target dates of birth, mother's maiden name, financial account numbers, login credentials, driver's license numbers, passport numbers, and health insurance or Medicare ID numbers.

Q: What are the most common types of identity theft?

A: The most common types of identity theft are financial identity theft, credit card fraud, medical identity theft, tax identity theft, child identity theft, synthetic identity theft, criminal identity theft, account takeover fraud, and senior identity theft.

Q: Can identity theft happen to children?

A: Yes. Children are specifically targeted because their Social Security numbers are clean and unused, with no existing accounts to generate fraud alerts. Child identity theft frequently goes undetected until the child reaches adulthood and applies for credit for the first time.

Q: How long does it take to recover from identity theft?

A: Recovery time varies widely depending on the type and scope of the theft. Some victims resolve issues within weeks; others deal with consequences for a year or more. The Identity Theft Resource Center found that nearly half of victims who sought professional assistance reported unresolved issues twelve months after first discovering the theft.

Q: Does credit monitoring prevent identity theft?

A: Credit monitoring does not prevent theft from occurring. It significantly reduces the window between when fraud begins and when a victim learns about it. Faster detection generally results in less financial damage and a shorter recovery process.

Q: What is the difference between a fraud alert and a credit freeze?

A: A fraud alert notifies creditors to take extra verification steps before extending credit, but it does not block credit applications outright. A credit freeze restricts access to your credit file entirely, preventing new accounts from being opened until you lift the freeze. A credit freeze is the stronger protection of the two.

Q: What should I do immediately if I suspect identity theft?

A: Place a fraud alert with one of the three major credit bureaus, review your full credit reports at AnnualCreditReport.com, and file a report at IdentityTheft.gov to receive a personalized recovery plan. Contact any financial institutions where unauthorized activity occurred as quickly as possible.

Q: Is identity theft covered by insurance?

A: Many identity theft protection services include insurance that covers expenses incurred while recovering from theft, such as lost wages, legal fees, and direct financial losses. Coverage amounts and claim terms vary significantly by provider.

Q: How do I know if my information is on the dark web?

A: Dark web monitoring services scan known breach databases and illicit marketplaces for your personal information, including email addresses, Social Security numbers, and financial account details, and alert you when a match is found. These services provide earlier warning than most people would otherwise receive.

What to remember about identity theft
  • Identity theft is the unauthorized acquisition and misuse of another person's personal information to commit fraud or access accounts and services.
  • It takes many forms, including financial identity theft, credit card fraud, medical identity theft, tax identity theft, child identity theft, synthetic identity theft, criminal identity theft, and account takeover fraud.
  • The FTC received more than 1.1 million identity theft reports in 2024, with total fraud losses across all categories exceeding $12.5 billion.
  • Warning signs include unfamiliar credit inquiries, unexpected bills or collection notices, missing mail, and denied credit.
  • Early detection through real-time monitoring and dark web scanning dramatically reduces the financial and credit impact of identity theft.
  • Recovery timelines vary widely; nearly half of the victims who sought professional help reported issues were still unresolved twelve months after discovery.

This guide is maintained and published by OmniWatch, a provider of comprehensive identity protection covering credit monitoring, dark web scanning, real-time alerts, and up to $4 million in identity theft insurance. Follow OmniWatch on LinkedIn for ongoing guidance on identity protection, digital safety, and scam awareness.

1 FTC Consumer Sentinel Network Data Book 2024

2 FTC Press Release: Fraud Losses Reach $12.5 Billion in 2024

3 FTC: What to Know About Medical Identity Theft

4 Identity Theft Resource Center 2024 Annual Data Breach Report

5 TransUnion 2024 Synthetic Identity Fraud Data

6 The Motley Fool: Identity Theft and Credit Card Fraud Statistics 2025