IdentityTheft.gov Explained: What the FTC Portal Offers Victims

IdentityTheft.gov is the Federal Trade Commission's centralized online portal for identity theft victims, functioning as the primary federal intake mechanism for theft reports and the primary generator of personalized recovery plans. The portal consolidates functions that previously required victims to contact multiple agencies separately, spanning report creation, affidavit generation, and step-by-step dispute documentation. Understanding what the portal does — and what it does not do — is essential for victims, advocates, and professionals navigating the post-theft recovery landscape.

Definition and scope

IdentityTheft.gov is operated by the Federal Trade Commission under authority granted by the Identity Theft and Assumption Deterrence Act of 1998 (15 U.S.C. § 1028), which designated the FTC as the federal clearinghouse for identity theft complaints. The portal replaced earlier phone-based intake processes and has served as the unified federal point of contact for identity theft reporting since its launch.

The portal's scope covers personal identity theft — situations where an individual's identifying information (Social Security number, financial account credentials, name and date of birth, government ID numbers) has been used without authorization. The portal does not handle business identity theft, does not initiate criminal investigations, and does not directly contact creditors or agencies on the victim's behalf. Those distinctions matter: IdentityTheft.gov is a documentation and planning tool, not an enforcement or recovery agent.

Victims who submit a report receive an official FTC Identity Theft Report, a document that carries legal weight under the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act (FACTA). Creditors, credit bureaus, and debt collectors are legally required to honor that report in specific ways, including placing extended fraud alerts and blocking fraudulent accounts from appearing on credit files.

How it works

The portal operates as a structured intake and output system with four discrete phases:

1. Information intake — The victim provides details about the type of theft, what information was compromised, how the theft was discovered, and what fraudulent accounts or activity have been identified. The portal does not require police report numbers to generate an FTC report.

2. Theft classification — Based on entered information, the system categorizes the incident by theft type, which may include tax identity theft, medical identity theft, account takeover fraud, or Social Security identity theft, among other categories. Each classification generates a differentiated recovery plan.

3. Document generation — The portal produces a completed Identity Theft Report (IRS Form 14039 equivalents are handled separately; the FTC report is its own document) and, where applicable, an Identity Theft Affidavit. These documents are formatted for submission to creditors, credit bureaus, the IRS, and other agencies.

4. Recovery plan delivery — A personalized, itemized checklist is generated with institution-specific instructions. The plan identifies which credit bureaus to contact, which agencies require notification, and which letters are pre-populated for download. The FTC updates these templates when regulatory requirements change.

Victims can return to their account to update information, mark steps as completed, or generate additional letters as new fraudulent activity surfaces. The system stores case data under a personal account tied to the victim's email address.

Common scenarios

IdentityTheft.gov handles a wide range of theft situations. The following scenarios represent the most frequently reported categories processed through the portal, based on the FTC's published Consumer Sentinel Network data:

Tax refund fraud — A thief files a fraudulent federal or state tax return using the victim's Social Security number. The portal generates specific IRS notification letters and directs victims to the IRS Identity Protection PIN program.

Credit card and loan fraud — New accounts opened in the victim's name generate portal recovery steps targeting the three major credit bureaus (Equifax, Experian, and TransUnion) and the specific creditor. This intersects directly with the credit freeze and fraud alert process.

Government benefits fraud — Fraudulent unemployment insurance, Social Security benefits, or Medicaid claims filed using stolen identity data are addressed through agency-specific steps the portal generates, covering the Social Security Administration and relevant state agencies.

Employment identity theft — A thief uses stolen identification to obtain employment, which can affect the victim's tax records and employment history. The portal's recovery plan for this scenario includes IRS Form 14039 filing instructions and Social Security Administration contact steps.

Data breach-linked theft — Victims who discover theft following a known data breach can reference the breach as the suspected source during intake, and the portal adjusts recovery guidance accordingly.

Decision boundaries

IdentityTheft.gov is not a substitute for all reporting and recovery actions a victim must take. Three structural comparisons clarify where the portal's authority ends:

FTC report vs. police report — An FTC Identity Theft Report is sufficient for invoking most FCRA rights with credit bureaus and creditors. A police report is required for some state-level protections, certain creditor disputes, and some insurance claims. The two documents serve different functions and are not interchangeable.

FTC portal vs. IRS reporting — Tax-related identity theft requires separate action with the IRS, including Form 14039 submission. The portal directs victims to those steps but does not file with the IRS directly.

FTC portal vs. CFPB complaints — The Consumer Financial Protection Bureau (CFPB) handles complaints against specific financial institutions. If a creditor refuses to honor an FTC Identity Theft Report, a CFPB complaint is the appropriate escalation — not a repeat FTC report.

The portal is the appropriate starting point for any identity theft victim recovery roadmap, but victims with criminal identity theft, child identity theft, or synthetic identity theft may require agency contacts and legal steps that fall outside the portal's automated guidance.

References

• Federal Trade Commission — IdentityTheft.gov
• FTC Consumer Sentinel Network
• Identity Theft and Assumption Deterrence Act, 15 U.S.C. § 1028
• Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq.
• IRS Identity Theft Central — Form 14039
• Consumer Financial Protection Bureau (CFPB) — Complaint submission
• Social Security Administration — Identity Theft