FTC Identity Theft Report: Filing, Usage, and Limitations

The FTC Identity Theft Report is a formal document generated through the Federal Trade Commission's IdentityTheft.gov platform, serving as a foundational recovery instrument for identity theft victims across the United States. It functions as both a legal declaration and a case management tool, enabling access to specific protections under federal law that are not available without it. This page covers what the report is, how it is generated and used, the contexts in which it applies, and the circumstances where it is insufficient as a standalone remedy.

Definition and scope

The FTC Identity Theft Report is produced when a victim completes a structured complaint through IdentityTheft.gov, the Federal Trade Commission's dedicated recovery portal (FTC IdentityTheft.gov). The completed report constitutes a sworn statement — by submitting it, the individual affirms under penalty of perjury that the information is accurate. The FTC does not investigate individual complaints or pursue criminal prosecution on behalf of victims, but it uses the aggregated complaint data to track fraud patterns nationally.

Under the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681c-2, a completed FTC Identity Theft Report carries specific statutory weight. It entitles victims to an extended fraud alert (lasting 7 years), triggers obligations on consumer reporting agencies to block fraudulent information from credit files, and requires creditors and debt collectors to honor certain requests for documentation. These protections are distinct from those available through an informal complaint or verbal dispute alone.

The report's scope covers identity theft in its broadest regulatory definition — unauthorized use of another person's identifying information to obtain credit, goods, services, or government benefits. This encompasses financial identity theft, tax identity theft, medical identity theft, and account takeover fraud, among the primary categories documented through the FTC's system.

How it works

Generating an FTC Identity Theft Report involves a structured intake process through IdentityTheft.gov. The platform walks a victim through a categorized complaint form that captures the type of fraud, the accounts or agencies affected, and the personal information believed to have been compromised. Upon completion, the system generates a personalized recovery plan and a downloadable PDF version of the report with a unique reference number.

The process unfolds in three functional phases:

1. Complaint submission — The victim identifies the type of identity theft, lists affected creditors or agencies, and submits the sworn statement. The FTC assigns a complaint ID.
2. Report generation — A printable FTC Identity Theft Report is produced, which carries the same legal standing as an affidavit for purposes of the FCRA's blocking and dispute provisions.
3. Deployment — The victim presents the report to credit bureaus (Equifax, Experian, and TransUnion), creditors, debt collectors, or government agencies to trigger specific statutory obligations.

The report does not expire in the sense of losing its legal basis, but the extended fraud alert it supports must be renewed after 7 years (FCRA § 605A). Victims can return to IdentityTheft.gov to update or amend their complaint if additional fraudulent accounts are discovered after the initial submission.

For a broader view of how this document fits into the recovery process, the identity theft victim recovery roadmap outlines the sequential steps in which the FTC report plays a part.

Common scenarios

The FTC Identity Theft Report is applicable across a wide range of fraud types, though its utility varies by context.

Credit file disputes — When fraudulent accounts appear on a credit report, victims present the FTC report to the three major bureaus to invoke the FCRA's block provision. ftc.gov/legal-library/browse/statutes/fair-credit-reporting-act)). This is one of the report's most consistently recognized applications. For context on the dispute process, see credit bureau dispute process.

Tax fraud remediation — Victims of tax identity theft may need to submit the FTC report alongside IRS Form 14039 (Identity Theft Affidavit) to establish a documented claim with the Internal Revenue Service. The FTC report alone does not resolve tax account issues but supports the broader documentation package.

Debt collection interference — Under the FCRA and the Fair Debt Collection Practices Act, debt collectors are required to cease collection on debts the victim can demonstrate resulted from identity theft. The FTC report serves as the primary instrument for making that demonstration. See identity theft and debt collection for the applicable framework.

Government benefits fraud — For cases involving government benefits identity theft, the report provides the documentation basis for disputing fraudulent claims made to agencies such as the Social Security Administration or state unemployment systems.

Employment fraud — In employment identity theft cases, the report supports disputes with the Social Security Administration and with employers who have received fraudulent W-2 information tied to the victim's Social Security number.

Decision boundaries

The FTC Identity Theft Report carries significant statutory authority in specific civil and administrative contexts, but it has defined boundaries that practitioners and victims must recognize.

FTC report vs. police report — The FTC Identity Theft Report is not a police report and does not substitute for one in all circumstances. Some creditors, employers, and courts require a law enforcement report — specifically, a report filed with a local, state, or federal law enforcement agency — before they will take action. The identity theft police report guide addresses when law enforcement documentation is necessary and how the two reports function together.

Criminal prosecution — The FTC does not investigate or prosecute individual identity theft cases. Criminal referrals may be made to the FBI, the Secret Service, or U.S. Attorneys' offices depending on the nature and scale of the fraud, but the FTC report does not initiate that process. Federal criminal statutes governing identity theft, including 18 U.S.C. § 1028 and § 1028A, are enforced by the Department of Justice — not the FTC. See identity theft laws — federal for the statutory framework.

International scope — The report's legal provisions apply exclusively within U.S. jurisdiction. Fraudulent activity originating from or affecting accounts in foreign jurisdictions is not addressed by the FCRA or FTC enforcement mechanisms.

Identity theft affidavit comparison — The identity theft affidavit (IRS Form 14039 and similar instruments) serves narrow, agency-specific purposes. The FTC Identity Theft Report is broader in scope and recognized across more creditor and bureau contexts, but neither document is universally sufficient without supplementary evidence in complex fraud cases.

Synthetic identity fraud — For synthetic identity theft, where a fabricated identity constructed from partial real data is used, the FTC report may have limited immediate effect because the synthetic profile may not appear on the victim's own credit file. The standard blocking mechanism under FCRA § 605B applies to the victim's file — not to a separately constructed synthetic file.

References

• Federal Trade Commission — IdentityTheft.gov
• Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq. — FTC Legal Library
• FTC — Identity Theft Consumer Information
• IRS Form 14039 — Identity Theft Affidavit
• Fair Debt Collection Practices Act (FDCPA) — FTC Legal Library
• 18 U.S.C. § 1028 — Identity Theft Statutes, Cornell Legal Information Institute
• Consumer Financial Protection Bureau — Credit Reporting