Protecting yourself from identity theft


  1. Do not disclose your full nine-digit Social Security number unless absolutely necessary, and never use it as an identifier or password. Question those who ask for it.
  2. Avoid paper billing by requesting secure electronic statements instead. If you require hard copies, you can print and store them safely without risking mail theft.
  3. Lock your mailbox if it's lockable.
  4. Shred documents containing personal information (name, account numbers, social security number, birth date) before throwing them away. 
  5. Configure your computer and/or smartphone to require a password for use, and set another password for sensitive files. Use unique passwords that include a combination of letters, numbers, and symbols. Do not use your birth date, a close relative's birth date, or a combination of letters and numbers on Splashdata's annual list of the most stolen passwords.
  6. Avoid using the same password for different accounts, and change your passwords once or twice per year.
  7. Install and update antivirus, anti-malware, and security programs on all computers, tablets, and smartphones.
  8. Don’t disclose information commonly used to verify your identity on social networking sites, such as date of birth, city of birth, mother’s maiden name, name of high school, etc. If you do, don't use that information to verify your identity.
  9. Avoid using credit or debit cards or conducting online banking transactions or making purchases, paying bills, or sending sensitive information over unsecured WiFi networks (e.g., any network without a password log-in, such as on trains, at airports, coffee shops, or hotels).
  10. Disable Bluetooth connections on devices when not in use.
  11. Watch out for “phishing” and other “social engineering” scams. Phishing is when identity thieves request personal information by pretending to be a legitimate entity, such as a bank or the IRS. Ignore unsolicited requests for personal information by email or over the phone, and only contact entities by means you know to be authentic. Do not contact an entity by clicking a link sent as part of an email requesting personal information, because phishers often link to authentic-looking, fake webpages. You can also call the phone number on the back of a card previously issued to you, or call the phone number on an old statement from that issuer. 
  12. Fight “skimmers.” Do not give your debit card to a restaurant server or anyone who could have a hand-held skimming device out of sight. When using an ATM, look for suspicious cameras and holes, and touch to confirm that extra parts (loose or slightly different colors) have not been installed over the card reader. Always cover your hand while hand typing a PIN, and avoid using ATMs in secluded locations.
  13. When accessing financial information on your smartphone, only use apps authorized by your bank or published by reputable app makers. Apps that show thousands of downloads are probably safe. Do not access apps on public open wi-fi.
  14. Place security, or credit freezes, on your credit report. Our separate “security freeze” tips explain how to guarantee peace of mind against new account identity theft by freezing your credit reports, then thawing them only when you are in the credit markets. A creditor will deny credit to an imposter who applies for credit using the name and Social Security Number of a consumer who has placed a freeze.


  1. Check your monthly statements for unauthorized charges. Be suspicious of phone calls about surprise debts.
  2. Sign up to receive email and/or text notifications of account activity and changes to account information.
  3. Instead of paying for over-priced subscription credit monitoring, use your free annual credit reports by law as your own credit monitoring service. Every 12 months, federal law gives you the right to receive one free credit report from each of the three main consumer reporting agencies, Equifax, Experian and TransUnion. Instead of requesting three at the same time, request one credit report from one of the bureaus every four months. Verify that the information is correct, and an account has not been opened without your knowledge. Free credit reports are available online at or by calling 1-877-322-8228. Seven states – Colorado, Georgia, Maine, Massachusetts, Maryland, New Jersey and Vermont also provide an additional free report by state law, available by contacting each bureau directly.

Types of Identity Theft:

Federal law recognizes two sorts of identity theft—existing account fraud and new account (account takeover) identity theft.

Existing Account Fraud: Victims of data breaches where only their account numbers were taken are well-protected by law, although victims of lost debit card numbers may face bounced checks and cash flow problems until the bank replaces their funds. The Electronic Funds Transfer Act (EFTA) provides for no liability if you notify the financial institution within 60 days if only your debit card numbers are stolen. However, if you actually llose a debit card or other device that can access your bank account, your liability could be up to $500 if you fail to notify the bank within 2 days of finding out about the loss and could increase even higher if you fail to notify the bank within 60 days. Under the separate Truth In Lending Act, credit card customers are always well protected by law, never facing liability of greater than $50 for fraudulent use of a card.

New Account Identity Theft: A thief who obtains your Social Security Number may attempt to open new accounts in your name. This form of identity theft is difficult to clear up. A thief who obtains your email address may contact you in a phishing scam to try and trick you into providing your SSN and birth date, which are the keys to new account identity theft. Thieves apply for credit with your name, your SSN and their own address. The creditor then obtains a credit report and issues credit to the thief.

Be Wary of New Types of Identity Theft: Note that online tax preparers and the IRS itself have been hacked, resulting in tax refund fraud. Health insurance data breaches may result in medical services theft. A federal agency, the Office of Personnel Management (OPM), has recently been breached. Detailed security clearance dossiers that were taken provide thieves with the opportunity to commit new account identity theft and could subject victims to reputational risk and emotional harms, since information on possible marital affairs, drug and alcohol abuse treatment, previous arrests even without convictions, may have been taken.


Step 1: Notify your financial institutions.

If you discover that your wallet, checkbook, credit card or other sensitive information has been lost or stolen, immediately notify the issuing bank, credit card issuer, or relevant institution to close all existing accounts. 

Step 2: Get an Identify Theft Affidavit.

If you suspect identity theft, report it to the Federal Trade Commission using the online complaint form or by calling 1-877-ID-THEFT. When making the report, you will be given an option to receive an Identity Theft Affidavit. This document, together with the police report, will be critical to minimizing the damage.

Step 3: File a police report.

If you believe you are a victim of identity theft, file a report with your local police department. When you make the report, bring a copy of the Identity Theft Affidavit. The police report will be important for insurance purposes. Keep copies of the police report and Identity Theft Affidavit.

Step 4: Contact the three major credit reporting companies and place a fraud alert on your accounts. If you haven’t already, it’s time to place a security freeze.

An important next step is to place a fraud alert and a security freeze on your credit report. Placing a fraud alert tells businesses checking your credit rating that there may be fraud involved in the account. The fraud alert must be renewed after 90 days, and it entitles you to receive one free credit report from each of the main agencies. The security freeze stops anyone from seeing your credit report without your permission. Alerts and freezes can be placed by contacting the toll-free fraud number of any of the three consumer reporting companies noted below. Initiating a credit freeze does not impact your credit score.

  • TransUnion: 1-800-680-7289;; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
  • Equifax: 1-800-525-6285;; P.O. Box 740241, Atlanta, GA 30374-0241
  • Experian: 1-888-EXPERIAN (397-3742);; P.O. Box 9554, Allen, TX 75013

Step 5: If your social security number was stolen, contact the Social Security Administration.

File a report and access resources at You can also call 1-800-772-1213.



Issue updates

Blog Post | Consumer Protection

CFPB Report Finds 1 In 4 Consumers Feel "Threatened" By Debt Collector Tactics | Ed Mierzwinski

We joined Consumer Financial Protection Bureau Director Richard Cordray and Washington, DC Attorney General Karl Racine for release of new CFPB data on debt collector abuses. Fully 1 in 4 consumers feel "threatened" by abusive, possibly illegal, debt collector tactics. The release also included an emphasis on problems with the "debt buyer" industry, comprised of firms that buy older, uncollected debt for as little as less than a penny on the dollar.

> Keep Reading
Blog Post | Consumer Protection

This New Year, Celebrate the CFPB | Ed Mierzwinski

This month, we published our 8th report based on analyzing consumer complaints collected in the CFPB's Public Consumer Complaint Database. The release of "Big Banks, Big Overdraft Fees" provides a good year-end opportunity to summarize a few of the reasons to be thankful for the Consumer Financial Protection Bureau, which took over in July 2011 as the first federal regulator with just one job: protecting consumers from unfair financial practices. The idea of the CFPB needs no defense, only more defenders.

> Keep Reading

Statement on Procter & Gamble’s New Preservative Tracker in Personal Care Products

Personal care product giant Procter & Gamble (P&G) recently unveiled a new preservative tracker, which lets consumers know which preservatives are included in various categories of P&G’s products, such as baby wipes, skin care, and hair care products. Consumers can search the tracker by ingredient or by product type.

> Keep Reading
News Release | Consumer Protection

Yahoo Data Breach Presents Opportunity for Strong Response

Statement by Mike Litt at the U.S. PIRG Education Fund, on the latest announced Yahoo data breach.

> Keep Reading


News Release | Maryland PIRG Foundation | Public Health, Consumer Protection

30th Annual Survey Finds Dangerous Toys on Store Shelves

– Dangerous or toxic toys can still be found on America’s store shelves, according to Maryland PIRG’s 30th annual Trouble in Toyland report. The survey of potentially hazardous toys found that, despite recent progress, consumers must still be wary when shopping this holiday season.

> Keep Reading
News Release | U.S. PIRG | Consumer Protection

PIRGs, Others Ask CFPB & FTC To Investigate Experian/T-Mobile Data Breach

In a letter sent today, a number of state PIRGs and other leading privacy and consumer groups urged the CFPB and FTC to fully investigate the recent breach of an Experian subsidary that exposed 15 million T-Mobile customer and applicant records to the threat of new account identity theft. The letter asked whether the regulators could require Experian and the other two nationwide credit bureaus -- TransUnion and Equifax -- to give victims free security freezes to protect their credit reports.

> Keep Reading
News Release | Maryland PIRG | Consumer Protection

Maryland PIRG Demands Real Penalties for Volkswagen and Full Rebates for Customers

“VW once was a company that brought us iconic cars like the Beetle and the flower-powered microbus, but now VW is just a big cheater,” said Maryland PIRG Director Emly Scarr. “VW CEO Martin Winterkorn resigned today while claiming he committed “no wrongdoing” but VW stills needs to pay full penalties under law and grant full rebates to the customers it deceived into buying pollution-spewing cars that led to massive, undeserved profits.”

> Keep Reading
News Release | Maryland PIRG | Consumer Protection, Safe Energy

Maryland PIRG Applauds DC PSC for Rejecting Exelon Pepco Merger

We are thrilled that the D.C. Public Service Commission voted to reject the merger between Chicago-based nuclear power giant Exelon Corp. and Pepco Holdings Inc. Today they stood up for D.C. ratepayers and rejected the anti-consumer merger, in so doing they also helped ratepayer in MD, NJ, DE and VA.

> Keep Reading


Report | Maryland PIRG Foundation | Consumer Protection

Mixed Signals

One year from now 22 million Americans who rely on free over-the-air analog broadcasting will be at risk of losing access to TV. On February 17, 2009, analog televisions that receive over-the-air signals will go dark, unless they are retrofitted with digital converter boxes.

> Keep Reading

Baby's Toxic Bottle

Bisphenol A, a hormone-disrupting chemical that is the building block of polycarbonate plastic, has been found to leach out of six major brands of popular baby bottles sold in the United States and Canada.

> Keep Reading

Toxic Pollution and Health

Industries across the United States pump billions of pounds of toxic chemicals into our air, land, and water each year, many of which can cause cancer and other severe health effects. The Environmental Protection Agency’s Toxics Release Inventory (TRI) program provides Americans with the best information about toxic chemicals released in their communities.

> Keep Reading


Blog Post | Consumer Protection, Financial Reform

100+ Groups Oppose Provisions That Threaten Public Protections | Mike Litt

The White House is expected to release its fiscal year 2017 budget proposal tomorrow. U.S. PIRG and various state PIRGs joined a coalition of more than 100 groups that sent the following letter calling on President Barack Obama and all 535 members of Congress to oppose any federal appropriations bill that contains ideological policy riders. 

> Keep Reading
Blog Post | Consumer Protection, Make VW Pay

House Tees Up VW Bailout and Other Attacks on Public Protections, Consumer Rights | Ed Mierzwinski

(Updated 8 January to add vote results): You've probably heard that the House is soon planning to again repeal the Affordable Care Act (Obamacare). That bill will certainly be vetoed. But the House has other anti-consumer, anti-environmental bills scheduled for floor action this week and next. The bills take aim at agency health, financial and safety regulations and also consumer rights to band together as a class to take their grievances against corporate wrongdoers to court. That last bill would immunize Volkswagen from having to compensate VW Diesel owners for being deceptively sold cars designed to "defeat" air pollution requirements.

> Keep Reading
Blog Post | Consumer Protection

30 Years of "Trouble in Toyland," 30 Years of Safety Improvements | Anna Low-Beer

Every year, U.S. PIRG Education Fund releases Trouble in Toyland, a report on toy safety which examines toys bought at major national retailers, looking for safety hazards including toxic toys, choking hazards, labeling violations, powerful magnets, and excessibely loud toys. We continue to find these hazards on store shelves, which indicates the need for continued vigilance and adequate enforcement of safety regulations. But despite lingering dangers, in the last 30 years, we've come a long way in terms of both policy and compliance with standards.

> Keep Reading
Blog Post | Consumer Protection

As CFPB Advances Consumer Protection, Attacks on CFPB Escalate | Ed Mierzwinski

This week, the CFPB took a major step toward establishing a regulation restricting the use of forced arbitration clauses in consumer financial contracts, which give companies what the CFPB's director said was a "free pass from being held accountable by their customers." Meanwhile, on Capitol Hill, powerful bank interests escalated their campaign to defund and defang the bureau, because it works for consumers, not them.

> Keep Reading
Blog Post | Consumer Protection

Why is Experian/T-Mobile Giving 15 Million Experian Breach Victims Credit Monitoring, Since Only the Credit Freeze Stops Identity Theft | Emily Scarr

How can all of the 200 million consumers with Experian credit reports trust that Experian is really protecting them?

> Keep Reading


View AllRSS Feed

Defend the CFPB

Tell your senators to oppose the “Financial CHOICE Act,” which would gut Wall Street reforms and destroy the Consumer Financial Protection Bureau as we know it.

Support us

Your donation supports Maryland PIRG's work to stand up for consumers on the issues that matter, especially when powerful interests are blocking progress.

Consumer Alerts

Join our network and stay up to date on our campaigns, get important consumer updates, and take action on critical issues.
Optional Member Code