Identity Theft Information
Identity theft affects nearly ten million Americans annually and is a growing crime in Maryland. Thieves may use your personal information to open credit accounts or avoid criminal charges.
How We Can Help
The Consumer Protection Division of the Attorney General's Office offers tools to help you. We provide:
- Step-by-step advice to protect yourself from identity thieves
- Assistance with issues like dealing with credit card companies or collection agencies
- An ID Theft Passport
- A database of breaches reported to our office
Contact Information
Phone: (410) 576-6491
Fax: (410) 576-6566
Mail: 200 St. Paul Place, 25th Floor, Baltimore, MD 21202
Identity Theft Recovery
What to Do If You're a Victim of Identity Theft
Identity theft can be overwhelming, but taking prompt action can help you recover. Follow these steps to protect yourself and resolve the situation.
Step 1: Identify What Happened
Account Compromise
If someone accessed your existing accounts:
- Contact the financial institution immediately
- Request new account numbers or replacement cards
- Ask what documentation you'll need for the dispute process
New Account Fraud
If someone opened new accounts in your name:
-
Get Your Credit Reports
-
Place a Fraud Alert or Credit Freeze
Option 1: Fraud Alert (easier but less protection)
- Lasts one year and is renewable
- Free and requires businesses to verify your identity
- Contact just one bureau (they'll notify the others)
Option 2: Credit Freeze (Stronger protection)
- Blocks access to your credit reports until lifted
- Won't affect existing accounts or credit score
- Must contact each bureau separately
Other Types of Identity Theft
For specialized cases like medical, tax, or benefits fraud:
- Contact the OAG (Office of Attorney General) for expert guidance
Step 2: Start the Dispute Process
When contacting companies about fraudulent activity:
- State clearly that you're an identity theft victim
- Document the name of representatives you speak with
- Ask about their specific dispute procedures
- Request written confirmation of closed accounts
Need help with dispute letters? Contact the Identity Theft Program for templates and assistance.
Step 3: File Official Reports
Local Police Report
- Maryland law allows you to file where you live OR where the crime occurred
- Police must take your report and provide you a copy
- Bring identification, evidence of the theft, and FTC Identity Theft Report if available
Additional Reporting
Step 4: Submit Dispute Documentation
- Send all materials by certified mail when possible
- Include a clear dispute letter summarizing the fraud
- Keep copies of everything you submit
- Follow up if you don't receive a response within 30 days
Need Additional Help?
If you encounter difficulties during this process, contact the Identity Theft Program for specialized assistance.
Credit Bureau Contacts
Nationwide Credit Bureaus
Contact the three nationwide credit bureaus - Equifax, Experian, and TransUnion - to request free fraud alerts, credit freezes, active duty military credit monitoring, and opt outs from prescreened credit offers.
Equifax
Experian
TransUnion
Identity Theft Prevention Guide
How to Protect Yourself from Identity Theft
Taking proactive steps can significantly reduce your risk of becoming an identity theft victim. Here are effective strategies to safeguard your personal information.
General Prevention Measures
While no solution is foolproof, these practices can help protect your identity:
-
Place credit freezes for yourself and family members
(extremely effective at preventing new account fraud, even if your Social Security number is compromised)
-
Monitor financial statements and health records regularly for suspicious activity
-
Opt out of junk mail and pre-screened credit card offers
-
Enroll in the Do Not Call Registry to reduce unwanted calls
-
Shred documents containing personal information before disposal
-
Verify the source of calls or emails before providing personal information
-
Strengthen your digital security by:
- Updating privacy settings on your accounts
- Using strong, unique passwords
- Keeping virus protection software current
- Monitoring online purchases
Enhanced Account Protection
Many financial institutions offer additional security features upon request:
- Verbal passwords to confirm your identity
- Restrictions on online account access
- Text or email alerts for account activity
Responding to Data Breach Notifications
The Maryland Personal Information Protection Act requires businesses to notify Maryland residents if their personal information is compromised.
If You Receive a Data Breach Letter:
- Consider credit monitoring services offered by the affected company
- Place a fraud alert or credit freeze and review your credit reports
- Assess what data was compromised and take appropriate action
- Make necessary changes to affected accounts
- Change usernames and passwords
- Request new credit/debit card numbers
- Close compromised accounts if necessary
- Keep detailed records of all communications related to the breach
- Contact authorities for additional assistance
- Maryland Office of the Attorney General
- Federal Trade Commission
If You've Shared Information with Scammers
-
Evaluate what information was shared and how it might be used
-
Be extremely cautious of incoming calls and messages
- Scammers often create urgency to prompt quick, unthinking reactions
- They may use accurate information from previous scams
- They can spoof trusted phone numbers on caller ID
- They might research you online to make their scam more convincing
-
Place a fraud alert or credit freeze immediately
-
Check relevant accounts for unauthorized activity
-
Review credit reports from all three bureaus
Data Breach Guidelines for Businesses
Maryland's Personal Information Protection Act (PIPA)
Maryland law requires businesses that keep electronic records containing personal information of Maryland residents to notify those residents if their information is compromised. The law also requires notification to the Office of the Attorney General.
For complete information about your legal obligations, please review the
official guidance from the Maryland Attorney General.
How to Submit a Data Breach Notice
Required Steps
Before notifying consumers, businesses must first notify the Office of the Attorney General with:
- A brief description of the security breach
- The number of Maryland residents being notified
- A sample copy of the notice being sent to consumers
- What information has been compromised
- Steps the business is taking to restore system integrity
Submission Methods
You can submit your data breach notification through any of these channels:
By U.S. Mail:
Office of the Attorney General
Attn: Security Breach Notification
200 St. Paul Place
Baltimore, MD 21202
By Fax:
Attn: Security Breach Notification
(410) 576-6566
By Email:
[email protected]
Questions?
Please direct any questions to Jeff Karberg, administrator of the Identity Theft Program, at (410) 576-6574.
Other Resources
Passport application
The Office offers Identity Theft Passports, a tool that may help you resolve financial issues caused by identity theft, and to help prevent a wrongful arrest if a thief uses your personal identifying information during the commission of a crime.
Click
for more information and apply for a passport.
ID Theft Resource Guide
The Office of the Attorney General offers a comprehensive resource guide on ID theft. You can access this publication
here.
ID Theft Breach Notices
Businesses collecting and retaining personal information about Maryland residents are required by Maryland law to notify residents if their information is compromised. Click here to view our database of breach notices:
Breach Notices.