Identity Theft Directory: Purpose and Scope

The National Identity Theft Authority directory catalogues verified service providers, legal professionals, consumer protection agencies, and support organizations operating within the identity theft response and prevention sector across the United States. This reference establishes the structural scope of directory coverage, the criteria governing entry inclusion, and the geographic boundaries that define the listing population. Understanding directory architecture is foundational to using the Identity Theft Listings effectively as a research or service-navigation instrument.

Purpose of this directory

Identity theft in the United States is a federally recognized consumer harm category, tracked by the Federal Trade Commission through its Consumer Sentinel Network. The FTC's IdentityTheft.gov platform, authorized under the Identity Theft Enforcement and Restitution Act (18 U.S.C. § 1028), functions as the federal recovery framework — yet the broader service ecosystem extends well beyond federal programs. Consumers, researchers, and professionals navigating post-incident recovery or preventive planning must traverse a fragmented landscape of credit bureaus, legal aid organizations, forensic accounting firms, cybersecurity consultancies, state attorneys general offices, and nonprofit advocacy groups.

This directory exists to structure that landscape into a navigable reference. It does not endorse any listed provider, adjudicate disputes, or rank services by quality. The function is classification and coverage — mapping the service sector by provider type, jurisdiction, and scope so that researchers and service seekers can identify qualified entities without relying on informal or commercially motivated referral sources.

The directory operates under a public-interest reference model, consistent with neutral sector mapping practiced by institutions such as the Consumer Financial Protection Bureau's complaint database and the Federal Trade Commission's business guidance publications. Entries describe what organizations do and under what regulatory or professional framework they operate.

What is included

Directory entries span the full operational range of the identity theft sector. Coverage includes both remediation-oriented services and preventive service providers. The following structured breakdown defines the included categories:

1. Federal agencies — FTC, Social Security Administration (SSA), Internal Revenue Service (IRS), and the Consumer Financial Protection Bureau (CFPB), each of which administers identity theft-specific programs or complaint intake functions.
2. Credit reporting agencies — Equifax, Experian, and TransUnion, as the three nationwide consumer reporting agencies regulated under the Fair Credit Reporting Act (15 U.S.C. § 1681), which administer fraud alerts and credit freezes.
3. State-level consumer protection offices — Attorneys general and state-level identity theft units, which vary in statutory authority across the 50 states plus the District of Columbia.
4. Legal services providers — Licensed attorneys and accredited legal aid organizations specializing in identity theft disputes, debt collection defense, and credit remediation.
5. Cybersecurity firms — Organizations providing personal data monitoring, breach response, and dark web surveillance services, operating under frameworks including NIST Cybersecurity Framework (CSF) and applicable state data protection statutes.
6. Nonprofit advocacy organizations — Entities such as the Identity Theft Resource Center (ITRC), a named national nonprofit that provides direct victim assistance and publishes annual breach data reports.
7. Financial institutions — Banks, credit unions, and card issuers operating fraud resolution units under Regulation E (12 C.F.R. Part 1005) and Regulation Z (12 C.F.R. Part 1026).

A key distinction applies between recovery services (post-incident) and monitoring services (ongoing preventive). Recovery services include dispute filing, affidavit preparation, and account restoration. Monitoring services include credit score alerts, Social Security number tracking, and account activity notifications. The directory classifies each entry under one or both categories to support targeted navigation. For full detail on navigating these distinctions, see How to Use This Identity Theft Resource.

How entries are determined

Entry inclusion follows a structured qualification standard applied uniformly across provider types. An organization qualifies for listing when it meets at least one of the following objective criteria:

• Holds a verifiable federal or state charter, license, or registration relevant to identity theft services
• Operates under a named regulatory framework (e.g., FCRA compliance for credit bureaus, Gramm-Leach-Bliley Act obligations for financial institutions, or FTC Act Section 5 enforcement jurisdiction)
• Maintains documented public intake or service access for identity theft victims (not limited to commercial clients)
• Is recognized by a named federal agency as a partner, resource, or approved entity in identity theft response programs

Entries are excluded when the organization's primary function is unrelated to identity theft, when claimed credentials cannot be verified against public licensing databases, or when the entity operates exclusively as a lead-generation or referral intermediary without direct service delivery.

Commercial identity protection products — subscription-based services offered by private companies — are classified separately from government and nonprofit providers. This classification boundary prevents conflation of fee-based monitoring subscriptions with federally mandated free resources such as the one free credit freeze available to all consumers under 15 U.S.C. § 1681c-1.

The directory does not accept paid placement. Entry determination is editorial, not commercial. Disputes regarding entry status may be submitted through the Contact page.

Geographic coverage

Coverage is national in scope, encompassing all 50 states, the District of Columbia, and the five US territories — Puerto Rico, Guam, the US Virgin Islands, American Samoa, and the Northern Mariana Islands — where federal identity theft statutes apply. Federal agencies are listed without state qualification, as their jurisdiction is national by statutory authority.

State-level entries are organized by jurisdiction. Coverage depth varies by state based on the presence or absence of a dedicated identity theft statutory framework. As of the most recent legislative session tracked, 47 states maintain active credit freeze laws independent of the federal FCRA freeze provision — states without standalone statutes default to federal coverage under the Economic Growth, Regulatory Relief, and Consumer Protection Act (Public Law 115-174, enacted 2018), which made free credit freezes a permanent federal right.

Cross-border cases — including tax identity theft routed through the IRS Identity Protection Specialized Unit and synthetic identity fraud investigated by the Social Security Administration's Office of Inspector General — are listed under federal jurisdiction with state cross-references where applicable. For a full listing organized by state and provider type, see the Identity Theft Listings.