IdentityTheft.gov Explained: What the FTC Portal Offers Victims

IdentityTheft.gov is the Federal Trade Commission's centralized online portal for identity theft victims in the United States. The portal consolidates reporting, recovery planning, and documentation generation into a single federal web property, distinguishing it from general consumer complaint systems. Understanding the structure and scope of this portal is essential for professionals directing victims toward appropriate federal resources, as well as for researchers mapping the identity theft response landscape.

Definition and scope

IdentityTheft.gov operates under the authority of the Federal Trade Commission (FTC), the federal agency charged with consumer protection under 15 U.S.C. § 45. The portal was formally positioned as the primary federal resource for identity theft response following the FTC's mandate to serve as the central federal agency for identity theft complaints, a designation established under the Identity Theft and Assumption Deterrence Act of 1998 (18 U.S.C. § 1028) and reinforced by the Fair and Accurate Credit Transactions Act of 2003 (FACTA, Pub. L. 108-159).

The portal's scope covers all major categories of identity theft as defined by the FTC's Consumer Sentinel Network taxonomy, including:

  1. Government documents and benefits fraud — misuse of Social Security numbers, Medicare or Medicaid accounts, and tax filings
  2. Credit card and financial account fraud — unauthorized opening or takeover of financial accounts
  3. Employment or tax-related fraud — use of a victim's identity to obtain employment or file fraudulent tax returns with the IRS
  4. Medical identity theft — use of insurance credentials or personal identifiers to obtain healthcare services
  5. Loan or lease fraud — fraudulent applications for auto loans, student loans, or rental agreements
  6. Phone or utilities fraud — unauthorized account creation with telecommunications or utility providers

This classification structure aligns with the FTC's annual data reporting in the Consumer Sentinel Network Data Book, which compiles complaint data submitted through IdentityTheft.gov alongside other intake channels.

For a broader view of how identity theft response resources are organized nationally, the identity theft provider network purpose and scope page outlines the landscape of public and private service providers operating in this sector.

How it works

The portal operates through a structured intake and case management sequence:

  1. Complaint intake — The victim answers a series of guided questions identifying the type and scope of identity theft experienced.
  2. Identity Theft Report generation — The system produces a personalized Identity Theft Report, which carries the legal weight of a declaration under 18 U.S.C. § 1028. This document is accepted by credit bureaus, creditors, debt collectors, and law enforcement as formal evidence of the reported theft.
  3. Personalized recovery plan — Based on the complaint inputs, the portal generates a step-by-step recovery checklist tailored to the specific fraud types reported. Steps are tracked and marked complete within the account.
  4. Pre-filled dispute letters — The system generates pre-populated letters addressed to creditors, credit bureaus (Equifax, Experian, TransUnion), and government agencies, reducing the documentation burden on the victim.
  5. Affidavit production — The portal produces an FTC Identity Theft Affidavit, a standardized document that can be submitted to financial institutions as part of formal dispute processes.

The portal maintains victim account records, allowing users to return, update their status, and generate additional documentation as the recovery process evolves. The FTC does not conduct criminal investigations through this portal; law enforcement referrals are channeled to the appropriate agency (FBI, IRS Criminal Investigation, or local authorities) depending on the fraud type.

Common scenarios

Three high-volume scenarios illustrate how the portal's tools are applied in practice:

Tax identity theft: A victim discovers a fraudulent federal tax return was filed using their Social Security number. The portal generates an Identity Theft Report accepted by the IRS, and directs the victim to file IRS Form 14039 (Identity Theft Affidavit) — a separate federal process coordinated with the IRS (IRS Identity Theft Central). The FTC and IRS maintain distinct but parallel systems for this scenario.

Credit account fraud: Unauthorized credit accounts appear on a victim's credit report. The portal produces pre-filled dispute letters addressed to all 3 major credit bureaus and the fraudulent creditor, and advises placement of a fraud alert or credit freeze under FACTA rights.

Government benefits fraud: A victim's Social Security number is used to fraudulently claim unemployment benefits. The portal routes the complaint to the relevant state workforce agency and the Social Security Administration (SSA), generating supporting documentation for each.

Professionals working with victims across these scenarios can cross-reference available service providers through identity theft providers to identify legal, financial, or counseling support coordinated with federal reporting.

Decision boundaries

IdentityTheft.gov is not a universal resolution mechanism. Clear operational limits define when the portal is sufficient and when additional resources are required:

Portal-appropriate use: Initial reporting, document generation, credit bureau disputes, affidavit production, and structured recovery tracking for the fraud categories verified in the FTC taxonomy.

Portal limitations: The FTC does not prosecute identity theft crimes. Criminal matters require referral to the FBI's Internet Crime Complaint Center (IC3), IRS Criminal Investigation, the Social Security Administration Office of Inspector General (SSA-OIG), or local law enforcement. The portal generates no subpoenas, court orders, or enforcement actions.

Comparison — IdentityTheft.gov vs. IC3: IdentityTheft.gov is a civil recovery and documentation platform administered by a consumer protection agency. IC3 is a criminal complaint intake platform administered jointly by the FBI and the National White Collar Crime Center (NW3C). Victims with financial losses traceable to criminal actors — particularly cybercrime-linked identity theft — may need to file with both systems independently.

Victims whose cases involve data breaches at covered entities should also be aware that HIPAA (45 C.F.R. Parts 160 and 164) and the FTC's Health Breach Notification Rule impose separate obligations on the breaching entity, not on the victim portal. The portal's scope remains victim-side documentation and recovery, not regulatory enforcement against third parties.

Professionals or researchers seeking to understand the full service infrastructure surrounding this portal can review the framework described on the how to use this identity theft resource page.

 ·   · 

References

Read Next

How to Report Identity Theft: Federal, State, and Local Procedures ANA › Professional Services Authority › National Cyber › National Identity Theft How to Report Identity Theft: Federal, State, and Local... FTC Identity Theft Report: Filing, Usage, and Limitations ANA › Professional Services Authority › National Cyber › National Identity Theft FTC Identity Theft Report: Filing, Usage, and... Identity Theft Victim Recovery Roadmap: Step-by-Step Process ANA › Professional Services Authority › National Cyber › National Identity Theft Identity Theft Victim Recovery Roadmap: Step-by-Step...