Protecting yourself from identity theft


  1. Do not disclose your full nine-digit Social Security number unless absolutely necessary, and never use it as an identifier or password. Question those who ask for it.
  2. Avoid paper billing by requesting secure electronic statements instead. If you require hard copies, you can print and store them safely without risking mail theft.
  3. Lock your mailbox if it's lockable.
  4. Shred documents containing personal information (name, account numbers, social security number, birth date) before throwing them away. 
  5. Configure your computer and/or smartphone to require a password for use, and set another password for sensitive files. Use unique passwords that include a combination of letters, numbers, and symbols. Do not use your birth date, a close relative's birth date, or a combination of letters and numbers on Splashdata's annual list of the most stolen passwords.
  6. Avoid using the same password for different accounts, and change your passwords once or twice per year.
  7. Install and update antivirus, anti-malware, and security programs on all computers, tablets, and smartphones.
  8. Don’t disclose information commonly used to verify your identity on social networking sites, such as date of birth, city of birth, mother’s maiden name, name of high school, etc. If you do, don't use that information to verify your identity.
  9. Avoid using credit or debit cards or conducting online banking transactions or making purchases, paying bills, or sending sensitive information over unsecured WiFi networks (e.g., any network without a password log-in, such as on trains, at airports, coffee shops, or hotels).
  10. Disable Bluetooth connections on devices when not in use.
  11. Watch out for “phishing” and other “social engineering” scams. Phishing is when identity thieves request personal information by pretending to be a legitimate entity, such as a bank or the IRS. Ignore unsolicited requests for personal information by email or over the phone, and only contact entities by means you know to be authentic. Do not contact an entity by clicking a link sent as part of an email requesting personal information, because phishers often link to authentic-looking, fake webpages. You can also call the phone number on the back of a card previously issued to you, or call the phone number on an old statement from that issuer. 
  12. Fight “skimmers.” Do not give your debit card to a restaurant server or anyone who could have a hand-held skimming device out of sight. When using an ATM, look for suspicious cameras and holes, and touch to confirm that extra parts (loose or slightly different colors) have not been installed over the card reader. Always cover your hand while hand typing a PIN, and avoid using ATMs in secluded locations.
  13. When accessing financial information on your smartphone, only use apps authorized by your bank or published by reputable app makers. Apps that show thousands of downloads are probably safe. Do not access apps on public open wi-fi.
  14. Place security, or credit freezes, on your credit report. Our separate “security freeze” tips explain how to guarantee peace of mind against new account identity theft by freezing your credit reports, then thawing them only when you are in the credit markets. A creditor will deny credit to an imposter who applies for credit using the name and Social Security Number of a consumer who has placed a freeze.


  1. Check your monthly statements for unauthorized charges. Be suspicious of phone calls about surprise debts.
  2. Sign up to receive email and/or text notifications of account activity and changes to account information.
  3. Instead of paying for over-priced subscription credit monitoring, use your free annual credit reports by law as your own credit monitoring service. Every 12 months, federal law gives you the right to receive one free credit report from each of the three main consumer reporting agencies, Equifax, Experian and TransUnion. Instead of requesting three at the same time, request one credit report from one of the bureaus every four months. Verify that the information is correct, and an account has not been opened without your knowledge. Free credit reports are available online at or by calling 1-877-322-8228. Seven states – Colorado, Georgia, Maine, Massachusetts, Maryland, New Jersey and Vermont also provide an additional free report by state law, available by contacting each bureau directly.

Types of Identity Theft:

Federal law recognizes two sorts of identity theft—existing account fraud and new account (account takeover) identity theft.

Existing Account Fraud: Victims of data breaches where only their account numbers were taken are well-protected by law, although victims of lost debit card numbers may face bounced checks and cash flow problems until the bank replaces their funds. The Electronic Funds Transfer Act (EFTA) provides for no liability if you notify the financial institution within 60 days if only your debit card numbers are stolen. However, if you actually llose a debit card or other device that can access your bank account, your liability could be up to $500 if you fail to notify the bank within 2 days of finding out about the loss and could increase even higher if you fail to notify the bank within 60 days. Under the separate Truth In Lending Act, credit card customers are always well protected by law, never facing liability of greater than $50 for fraudulent use of a card.

New Account Identity Theft: A thief who obtains your Social Security Number may attempt to open new accounts in your name. This form of identity theft is difficult to clear up. A thief who obtains your email address may contact you in a phishing scam to try and trick you into providing your SSN and birth date, which are the keys to new account identity theft. Thieves apply for credit with your name, your SSN and their own address. The creditor then obtains a credit report and issues credit to the thief.

Be Wary of New Types of Identity Theft: Note that online tax preparers and the IRS itself have been hacked, resulting in tax refund fraud. Health insurance data breaches may result in medical services theft. A federal agency, the Office of Personnel Management (OPM), has recently been breached. Detailed security clearance dossiers that were taken provide thieves with the opportunity to commit new account identity theft and could subject victims to reputational risk and emotional harms, since information on possible marital affairs, drug and alcohol abuse treatment, previous arrests even without convictions, may have been taken.


Step 1: Notify your financial institutions.

If you discover that your wallet, checkbook, credit card or other sensitive information has been lost or stolen, immediately notify the issuing bank, credit card issuer, or relevant institution to close all existing accounts. 

Step 2: Get an Identify Theft Affidavit.

If you suspect identity theft, report it to the Federal Trade Commission using the online complaint form or by calling 1-877-ID-THEFT. When making the report, you will be given an option to receive an Identity Theft Affidavit. This document, together with the police report, will be critical to minimizing the damage.

Step 3: File a police report.

If you believe you are a victim of identity theft, file a report with your local police department. When you make the report, bring a copy of the Identity Theft Affidavit. The police report will be important for insurance purposes. Keep copies of the police report and Identity Theft Affidavit.

Step 4: Contact the three major credit reporting companies and place a fraud alert on your accounts. If you haven’t already, it’s time to place a security freeze.

An important next step is to place a fraud alert and a security freeze on your credit report. Placing a fraud alert tells businesses checking your credit rating that there may be fraud involved in the account. The fraud alert must be renewed after 90 days, and it entitles you to receive one free credit report from each of the main agencies. The security freeze stops anyone from seeing your credit report without your permission. Alerts and freezes can be placed by contacting the toll-free fraud number of any of the three consumer reporting companies noted below. Initiating a credit freeze does not impact your credit score.

  • TransUnion: 1-800-680-7289;; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
  • Equifax: 1-800-525-6285;; P.O. Box 740241, Atlanta, GA 30374-0241
  • Experian: 1-888-EXPERIAN (397-3742);; P.O. Box 9554, Allen, TX 75013

Step 5: If your social security number was stolen, contact the Social Security Administration.

File a report and access resources at You can also call 1-800-772-1213.



Issue updates

News Release | U.S. PIRG Education Fund | Consumer Protection

Target Removes Lead-Laden Fidget Spinner From Website, But Still Available For Sale In-Store

Since late yesterday afternoon, Target appears to have made the 33,000 ppm-lead containing Fidget Wild Premium Spinner Brass unavailable for sale on its website. U.S. PIRG Education Fund staff went to a Target store today and found the Fidget Wild Premium Spinner Brass was still available for sale in-store, despite the website saying it was unavailable there. Also yesterday, one of the CPSC’s Commissioners, Elliot F. Kaye, re-stated his opposition to the CPSC’s guidance and the acting chairman's statement when he tweeted, “Seems obvious fidget spinners are toys and should comply with all applicable federal safety standards.”

> Keep Reading
Report | U.S. PIRG Education Fund | Consumer Protection

Lead In Fidget Spinners

While lead in toys has become less prevalent in recent years, U.S. PIRG Education Fund tested several models of one of today’s hottest toys, fidget spinners, for the toxic heavy metal. Laboratory results indicated that two fidget spinners purchased at Target and distributed by Bulls i Toy, L.L.C. contained extremely high levels of lead. U.S. PIRG Education Fund calls on Target and Bulls i Toy to immediately recall these two fidget spinners and investigate how such high levels of lead were found in these toys. Also, we call on the U.S.

> Keep Reading
News Release | Consumer Protection


Our Consumer Advocate, Mike Litt, was invited by Congresswoman Maxine Waters, Ranking Member of the House Financial Services Committee, to testify this week at a Congressional hearing on the Equifax data breach. This was a continuation of the committee's previously held hearing on October 5th entitled "Examining the Equifax Data Breach."

> Keep Reading

Maryland PIRG 2017 State Legislative Scorecard

Do your legislators support the public interest? Our 2017 State Legislative Scorecard reviews their votes on key public interest issues.

> Keep Reading

California’s new drug price law is a win for consumers nationwide

Today, California Governor Jerry Brown signed Senate Bill 17 into law, a groundbreaking measure to increase transparency and accountability for the prescription drug industry. We celebrate the new law—passed with support and hard work from CALPIRG—as a landmark victory for consumers, not just in California, but nationwide.

> Keep Reading


Agency votes to begin rulemaking process to protect American children, firefighters from hazardous flame retardant chemicals

Today, the U.S. Consumer Product Safety Commission (CPSC) took three critical steps toward protecting consumers and firefighters from the hazards posed by a class of flame retardant chemicals (known as “organohalogens”). The CPSC directed the Commission’s staff to begin the rulemaking process to ban the sale of four categories of consumer products if they contain these chemicals. Once again, the CPSC has made an important action for consumers.

> Keep Reading
News Release | Maryland PIRG Foundation | Consumer Protection

Today’s Equifax News Beyond Troubling

The Equifax breach was already so bad for so many reasons. Reports today that Equifax failed to install Apache Struts security updates it was told about two months before its breach are beyond troubling.

> Keep Reading

Statement on Unilever Starting to Disclose Fragrances via SmartLabel

Statement from Maryland PIRG Toxics Advocate Dev Gowda on Unilever Starting to Disclose Fragrances via SmartLabel

> Keep Reading
News Release | Maryland PIRG Foundation | Consumer Protection


Consumers should know the risks and limits of what Equifax is offering and consider getting credit freezes with all three national credit bureaus instead.

> Keep Reading
News Release | Maryland PIRG Foundation | Consumer Protection

Equifax Breach Puts Millions at Risk of New ID Theft

The Equifax breach affecting over 140 million Americans appears to be the largest of its kind and is beyond troubling. The types of stolen information, including social security numbers and dates of birth, can be used to commit new account identity theft against all of these people. Additionally, stolen credit cards affecting over 200,000 people in this breach can also be used to commit existing account identity theft. 

> Keep Reading


Eliminating Toxic Mercury

In 2009, we played a role in addressing the largest manufacturing source of mercury in the state.

> Keep Reading

Despite Big Tobacco, winning smoke-free restaurants

In 2007, Maryland PIRG Foundation and Maryland PIRG Citizen Lobby helped lead the campaign to make all Baltimore workplaces, including restaurants and bars, smoke-free.

> Keep Reading


Report | Maryland PIRG Foundation | Consumer Protection

Predatory Loans & Predatory Loan Complaints

This is the seventh in a series of reports that review complaints to the Consumer Financial Protection Bureau. In this report, we explore consumer complaints about predatory loans, categorized in the database as payday loans, installment loans, and auto title loans.

> Keep Reading

Letter: Protecting the FTC from Special Interest Attacks

While much of our work has been in defense of the Consumer Financial Protection Bureau (CFPB), we also support the efforts of the over-100 year old Federal Trade Commission.

> Keep Reading
Report | Maryland PIRG Foundation | Public Health, Consumer Protection

2015: Potentially Hazardous Toy List

This year's list of potentially dangerous toys.

> Keep Reading
Report | Maryland PIRG Foundation | Consumer Protection

Why You Should Get Security Freezes Before Your Information is Stolen

A never ending stream of news reports about data breaches – including T-Mobile, Target Corporation, the IRS, numerous Blue Cross Blue Shield and other health plans, the University of Maryland, and the U.S. Office of Personnel Management (OPM) - is a constant reminder that we're at risk of a data breach and therefore, identity theft.

> Keep Reading
Report | Maryland PIRG Foundation | Consumer Protection

Mortgages and Mortgage Complaints

Our sixth report analyzing complaints in the CFPB's Public Consumer Complaint Database evaluates mortgage complaints, the number one source of complaints to the CFPB, totaling 38% of nearly 500,000 complaints posted since 2011.

> Keep Reading


Blog Post | Public Health, Consumer Protection

#KickTheCan: BPA still found in many grocery stores’ canned foods | Dev Gowda

We’re all told to watch out for BPA in drinking bottles and baby products. But how about BPA in the cans that contain our food? A recent study by Center for Environmental Health (CEH) reveals that the toxic chemical BPA is readily found in canned foods. BPAs are often used in the liners of canned food to keep the aluminum from interacting with the food.

> Keep Reading
Blog Post | Public Health, Antibiotics, Consumer Protection

We have a lot to celebrate | Emily Scarr

This week marks the end of Maryland’s legislative session – and we have a lot to celebrate!

> Keep Reading
Blog Post | Consumer Protection

Will the Maryland Senate restore internet privacy protections? | Emily Scarr

As you may have heard, Congress recently rolled back consumer privacy protections for internet activity. With less than a week left in the legislative session, the Maryland Senate is considering a bill, SB1200, to restore those protections and protect Marylander consumers.

> Keep Reading
Blog Post | Consumer Protection

Testimony on HB1270 to stop predatory lending | Emily Scarr

We strongly support HB1270 as an essential measure to stop predatory lenders from harming our state’s citizens by closing a loophole the lenders are using to bypass our usury cap.

> Keep Reading
Blog Post | Consumer Protection

CFPB Is On The Job Protecting Consumers | Ed Mierzwinski

While powerful special interests, Senators, the Chairman of the House Financial Services Committee and the White House call for dismantling the CFPB, firing its excellent director, or worse, CFPB continues to be an agency that is on the job, conducting business as usual to protect consumers. Its latest "Monthly Complaint Snapshot" is an open window into the many reasons we need a strong CFPB.

> Keep Reading


View AllRSS Feed

Defend the CFPB

Tell your senators to oppose the “Financial CHOICE Act,” which would gut Wall Street reforms and destroy the Consumer Financial Protection Bureau as we know it.

Support us

Your donation supports Maryland PIRG's work to stand up for consumers on the issues that matter, especially when powerful interests are blocking progress.

Consumer Alerts

Join our network and stay up to date on our campaigns, get important consumer updates, and take action on critical issues.
Optional Member Code