How do I know if my identity has been stolen?

Signs of identity theft include: receiving credit cards, loans, or financial statements you did not apply for; credit applications being refused when your credit history is good; unfamiliar accounts or transactions on your credit report; bills or letters for accounts you do not recognise; being contacted by debt collectors about debts that are not yours; mail stopping unexpectedly (a fraudster may have redirected it).

How do I freeze my credit file in the UK?

Contact each of the three UK credit reference agencies separately: Equifax (equifax.co.uk), Experian (experian.co.uk), and TransUnion (transunionuk.com). Each offers a protective notice or credit freeze service. You can also apply for a CIFAS Protective Registration at cifas.org.uk (£25), which flags your identity as a known fraud risk and requires extra verification before any credit is approved in your name.

Can I recover from identity theft?

Yes, in most cases — but it takes time and consistent action. The faster you respond, the less damage occurs. Most fraudulent credit accounts opened in your name can be closed and removed from your credit file once you have reported the fraud to the lender and the credit reference agencies. CIFAS registration and credit file monitoring help prevent further fraud while you recover.

Where do I report identity theft in the UK?

Report to Action Fraud at actionfraud.police.uk or call 0300 123 2040. Also notify each financial institution where fraud has occurred. Place a CIFAS protective registration. Report to CIFAS directly if you believe your identity has been stolen. If your documents (passport, driving licence) were stolen, report to the issuing authority and the police.

Identity Theft: What to Do in the First 24 Hours

Identity theft is the use of your personal information — name, date of birth, address, financial credentials — to commit fraud in your name. It can result in fraudulent credit accounts, loans, phone contracts, and financial products opened without your knowledge.

The damage compounds over time: a fraudulent account left open for months creates debt, damaged credit history, and potential legal complications that become progressively harder to unwind. Speed in the first 24 hours is the most important variable in how much long-term harm occurs.

175,000

Identity fraud cases recorded by CIFAS in 2025. The majority involve fraudulent applications for financial products — credit cards, loans, mobile phone contracts — using stolen personal details.

How to recognise identity theft

Identity theft is often discovered later than it should be because there are no immediate obvious symptoms. By the time a victim notices, significant fraud may have already occurred. Watch for:

Credit applications being refused when you have no known credit issues
Receiving financial statements, credit cards, or correspondence for accounts you did not open
Unfamiliar accounts or hard searches on your credit report
Being contacted by debt collectors about debts you do not recognise
Mail stopping (a fraudster may have submitted a mail redirect)
DVLA, HMRC, or other official correspondence about activity you did not initiate
Being told your National Insurance number or driving licence is already registered at a different address

The easiest ongoing protection is to check your credit report regularly. All three UK credit reference agencies (Equifax, Experian, TransUnion) offer free report access. Set a monthly reminder to review it.

The first 24-hour action plan

Contact your bank and any affected financial institutions immediately. Call the fraud number on the back of your card. Explain that you are a victim of identity theft. Ask them to flag your account, review for fraudulent applications, and add a note requiring additional verification for any future changes.
Place a protective notice on your credit file. Contact Equifax, Experian, and TransUnion — all three — to place a fraud alert or protective notice. This means any lender must take extra steps to verify your identity before opening any new account. You can do this online with each agency. It takes under 15 minutes per agency.
Apply for a CIFAS Protective Registration. Visit cifas.org.uk. Cost: £25 for two years. This is the most powerful identity fraud protection available in the UK — it specifically flags your identity as being at risk of fraud, triggering enhanced identity verification across all CIFAS member organisations (which include virtually all major UK lenders and financial institutions).
Change passwords for all key accounts. Start with email (your email is the master key to every other account — if someone has access, they can reset passwords elsewhere). Then online banking, then any account using the compromised details. Use a different, strong password for each account.
Check and dispute your credit report. Log in to each credit reference agency and review your full report. Identify any accounts, applications, or hard searches you do not recognise. Each agency has a dispute process for fraudulent entries — use it. Fraudulent accounts can be removed and your credit history corrected.
Report to Action Fraud. Go to actionfraud.police.uk or call 0300 123 2040. You will receive a crime reference number. Keep this — it may be needed by lenders, insurance companies, and CIFAS when processing your case. If your physical documents (passport, driving licence) were stolen, also report to the issuing authority and your local police station.
If a mail redirect was made without your consent, report to Royal Mail. Call 08457 740 740 and ask them to investigate. A fraudulent mail redirect is a common method for intercepting financial correspondence. Ask Royal Mail to cancel the redirect and flag the application.

✅ After the first 24 hours

Set a recurring monthly reminder to check your credit report. Enable account alerts on all financial accounts (most banking apps allow this). Review your credit file at 30, 60, and 90 days after the initial incident — fraudulent applications can take weeks to appear.

Preventing identity theft before it happens

Most identity theft begins with data breaches. Your personal information has likely appeared in at least one data breach — enter your email at haveibeenpwned.com to check. The breach is not your fault; what matters is what you do with the information.

Use a unique, strong password for every account — a password manager makes this practical
Enable two-factor authentication on your email, banking, and key accounts
Shred financial documents before disposing of them — bin-raiding for financial documents is a real tactic
Do not share your National Insurance number unless there is a legitimate legal reason (employer, HMRC, DWP)
Check your credit report monthly — free accounts available at Experian, Equifax, and TransUnion
Register to vote at your current address — discrepancies in the electoral roll are used by fraudsters
Consider a CIFAS Protective Registration as a preventive measure if you have had personal data compromised

The identity theft protection system

The Scam Protection Blueprint includes a full chapter on identity protection — the preventive setup, the recovery plan, and done-for-you scripts for disputing fraudulent entries with credit reference agencies and financial institutions.

Get the Blueprint — $27 Free cheat sheet →

How to recognise identity theft

The first 24-hour action plan

Preventing identity theft before it happens

The identity theft protection system

Keep reading