What Should You Do First If Your Identity Is Stolen?

Updated July 9, 2026 5 min read

The moment identity theft is confirmed, it can feel like there are a dozen urgent things to do at once. In practice, a few steps done in a sensible order tend to matter more than doing everything simultaneously.

The short answer

The general priority after confirming identity theft is: stop further damage first by restricting access to credit and affected accounts, then document what happened, then file the formal reports that support disputes and future protection. Acting in roughly that order — contain, document, report — tends to be more effective than jumping straight into disputes before the bleeding has stopped.

Step one: limit further damage

The first move is usually to prevent new accounts from being opened or existing ones from being used further. That can mean placing a freeze on credit files with each bureau, changing passwords on financial accounts, and contacting the bank or card issuer directly about any account already showing unauthorized activity. None of this fixes what’s already happened, but it closes the door before more damage accumulates while the rest of the process unfolds.

Step two: write everything down

Before contacting anyone else, it helps to record what’s known so far: the date the fraud was noticed, which accounts or documents are affected, and any warning signs that led to the discovery. This record becomes useful almost immediately, since institutions, bureaus, and any report filed later will generally ask for the same details repeatedly. Keeping copies of statements, letters, and confirmation numbers as they come in saves considerable time later, when the same information might need to be provided three or four times over.

Step three: file the formal reports

Once the immediate damage is contained and the details are documented, the next step is typically filing an identity theft report, which is different from a general police report and is what many institutions require to treat fraudulent charges or accounts as disputes rather than debts. Depending on what was affected, this might also mean contacting the Social Security Administration, the postal service if mail was redirected, or specific creditors where fraudulent accounts appear. Each report becomes part of the documentation trail that supports removing fraudulent items from a credit file down the line.

Where people often go wrong

A common misstep is trying to dispute every fraudulent charge or account before the source of the exposure is contained — for example, disputing a charge on a card that’s still active and could be used again. Another is skipping documentation because the situation feels urgent, then struggling weeks later to remember precise dates and amounts an institution is asking for. Working through contain, then document, then report, in that order, tends to avoid both problems.

A practical habit

Keeping a single folder — physical or digital — dedicated to the incident, with dates, contact names, reference numbers, and copies of every letter sent or received, turns a chaotic process into a manageable one. It also makes it far easier to escalate if a dispute is denied or a report needs to be referenced again months later, since identity theft recovery is rarely resolved in a single phone call.