Over 40 million Americans fall victim to identity theft every year. The financial damage averages over $1,000 per victim, and resolving it takes an average of 200+ hours of your time. It’s one of the fastest-growing crimes in America — and most people don’t realize how vulnerable they are until it happens to them.
But here’s what most guides won’t tell you: identity theft doesn’t start with a hacker breaking into your bank account. It starts with your personal information being freely available on data broker sites — your name, address, date of birth, phone number, and family details — all sitting there for criminals to use.
This guide explains how identity theft actually works, the most common types, and the steps you can take right now to protect yourself.
In this post:
- What identity theft actually is
- The most common types of identity theft
- How criminals steal your identity (it’s easier than you think)
- The role data brokers play in identity theft
- How to protect yourself starting today
First step: Run a free Optery scan to see how much of your personal information is publicly available on data broker sites right now. If criminals can find it, so can you — and then you can remove it.
What Is Identity Theft?
Identity theft occurs when someone uses your personal information — your name, Social Security number, date of birth, address, or financial details — without your permission, typically to commit fraud or other crimes. The thief essentially pretends to be you.
This can mean opening credit cards in your name, filing tax returns to steal your refund, using your health insurance to get medical care, or even giving your name to police during an arrest. The consequences range from damaged credit scores and drained bank accounts to criminal records you didn’t earn and medical records contaminated with someone else’s information.
The scary part is how easy it’s become. Criminals don’t need to steal your wallet or break into your home. They just need a few key pieces of personal information — most of which are available for free on the internet right now.
The Most Common Types of Identity Theft
Identity theft comes in several forms, and most people are only aware of the most obvious one. Here are the types that matter:
Financial identity theft. The most common type. Someone uses your personal information to open credit cards, take out loans, make purchases, or drain your bank accounts. You typically discover it when you see unfamiliar charges, get collection calls for debts you didn’t incur, or find unexpected drops in your credit score.
Tax identity theft. A criminal files a tax return using your Social Security number and claims your refund before you do. You discover it when the IRS rejects your legitimate tax return because one was already filed. This is especially common early in tax season.
Medical identity theft. Someone uses your identity to receive medical care, fill prescriptions, or submit insurance claims. This can be dangerous beyond the financial impact — your medical records can be contaminated with incorrect blood types, allergies, and conditions that could affect your future care.
Criminal identity theft. When someone arrested gives your name and information to law enforcement, creating a criminal record in your name. Victims often don’t discover this until they’re unexpectedly denied a job, pulled over for an outstanding warrant they know nothing about, or flagged in a background check.
Child identity theft. Criminals target children’s Social Security numbers because they have clean credit histories and the theft often goes undetected for years — until the child turns 18 and applies for their first credit card or student loan, only to discover their credit is already destroyed.
Synthetic identity theft. Instead of stealing your entire identity, criminals combine real information (like your Social Security number) with fake information (like a made-up name and address) to create a new, synthetic identity. This is harder to detect because it doesn’t directly appear on your credit report.
How Criminals Actually Steal Your Identity
Here’s where identity theft prevention starts — understanding how it happens:
Data broker sites. This is the source most people don’t know about. Data brokers publicly list your name, address, phone number, date of birth, family members, and email on sites like Whitepages, Spokeo, BeenVerified, and TruePeopleSearch. This gives criminals the foundational information they need to impersonate you — for free.
Data breaches. When companies get hacked, your personal information — emails, passwords, Social Security numbers, credit card numbers — gets leaked into criminal databases. Major breaches have exposed billions of records over the past decade. Your information has almost certainly been included in at least one.
Phishing attacks. Criminals send emails, texts, or calls that impersonate legitimate companies to trick you into revealing passwords, account numbers, or Social Security numbers. These attacks are especially effective when the criminal already knows your name and personal details from data broker sites — their messages feel legitimate because they include accurate personal information.
Mail theft. Old-fashioned but effective. Pre-approved credit card offers, bank statements, and tax documents in your physical mailbox contain enough information for identity theft. This is why your home address being publicly listed on data broker sites is a physical security risk, not just a digital one.
Social media. Your birthday, employer, pet’s name, mother’s maiden name, high school — all common security question answers that you may have voluntarily posted on social media. Combined with information from data broker sites, criminals can answer security questions and gain access to your accounts.
Skimming and card theft. Physical credit card skimmers at ATMs and gas stations, plus digital skimmers on compromised websites, capture your payment information for fraudulent use.
How Data Brokers Fuel Identity Theft
Most identity theft prevention advice focuses on strong passwords and being careful with your credit card. That’s important, but it misses the biggest vulnerability: data brokers.
Data broker sites provide criminals with the exact building blocks they need for identity theft:
Full name + date of birth + address = security question answers. With just these three pieces of information — all freely available on data broker sites — a criminal can often answer the security questions that protect your bank accounts, credit cards, and email.
Phone number = account verification bypass. Many accounts use your phone number for verification. If a criminal knows your number (from data broker sites) and uses a SIM-swapping attack to intercept your texts, they can bypass two-factor authentication.
Family members’ names = social engineering ammunition. Knowing your spouse’s name, children’s names, and parents’ names lets criminals craft convincing phone calls and emails. “Hi, this is Sarah from your bank — I see your wife Jennifer is also on the account” sounds incredibly legitimate when the criminal got those names from a people search site.
Past addresses = credit application data. Credit applications ask for current and previous addresses. Data broker sites provide this history — making it easy for criminals to fill out applications that pass verification checks.
The more of your personal information that’s publicly available on data broker sites, the easier it is for someone to steal your identity. That’s why data broker removal isn’t just a privacy measure — it’s identity theft prevention.
Run a free Optery scan to see exactly which data broker sites have your personal information listed. The less information available about you, the harder you are to impersonate.
How to Protect Yourself from Identity Theft
Here’s your complete identity theft prevention plan — in priority order:
Step 1: Remove Your Data from Data Broker Sites
This is the most impactful step most people skip. Removing your personal information from data broker sites eliminates the raw material criminals use for identity theft and phishing attacks.
Optery — Our top recommendation. Start with their free scan to see where you’re exposed. Paid plans ($39-$249/year) automate removal from 350+ data broker sites with continuous monitoring. Ranked #1 most effective by Consumer Reports.
Incogni — Best budget option. Covers 180+ data brokers for $6.49/month billed annually. Read our full Incogni review →
Or do it yourself using our removal guides: Spokeo, Whitepages, BeenVerified, TruePeopleSearch. Full guide: How to Remove Your Personal Information from the Internet.
Step 2: Freeze Your Credit
A credit freeze prevents anyone from opening new credit accounts in your name. It’s free, takes 10 minutes, and is one of the most effective identity theft prevention measures available. Freeze with all three bureaus: Equifax, Experian, and TransUnion.
Step 3: Use Strong, Unique Passwords with 2FA
Use a password manager to generate unique passwords for every account. Enable two-factor authentication on all important accounts — especially email, banking, and social media. Use an authenticator app instead of SMS codes when possible.
Step 4: Monitor Your Accounts and Credit
Check your bank and credit card statements regularly for unfamiliar charges. Pull your free credit reports from annualcreditreport.com at least once a year from each bureau. Set up transaction alerts with your bank so you’re notified immediately of any charges.
Step 5: Lock Down Your Social Media
Remove personal details (birthday, employer, phone number, address) from your social media profiles. Set everything to private. Don’t post answers to common security questions. Full guide: How to Protect Your Personal Information Online.
Step 6: Set Up Ongoing Monitoring
Set up Google Alerts for your name, phone number, and email. Use continuous data broker monitoring through Optery or Incogni to ensure your data stays removed. Consider a credit monitoring service for real-time alerts on new accounts or inquiries.
What to Do If You’re a Victim of Identity Theft
If you discover you’re a victim of identity theft, act fast:
1. Freeze your credit immediately with all three bureaus to prevent further damage.
2. File a report at IdentityTheft.gov. The FTC’s IdentityTheft.gov site creates a personalized recovery plan and generates the documents you need to dispute fraudulent accounts.
3. File a police report. Many creditors require a police report before they’ll remove fraudulent accounts. Keep a copy of the report for your records.
4. Contact affected companies. Call the fraud departments of any companies where accounts were opened or charges were made in your name. Request the accounts be closed and the fraudulent charges reversed.
5. Dispute fraudulent items on your credit reports. Contact all three credit bureaus to dispute any fraudulent accounts or inquiries on your reports.
6. Remove your data from broker sites. Use Optery or Incogni to remove your personal information from data broker sites to prevent the thief (or others) from continuing to access your details.
Protect Yourself Starting Today
Identity theft is one of those things that feels like it only happens to other people — until it happens to you. The best protection is prevention, and the best prevention starts with controlling who has access to your personal information.
- Run a free Optery scan — see exactly where your personal information is exposed on data broker sites
- Freeze your credit — 10 minutes, free, prevents new accounts being opened in your name
- Set up a password manager and 2FA — protect your existing accounts
- Consider automated data removal — Optery or Incogni keeps your information off broker sites permanently
Don’t wait until you’re one of the 40 million. Act now.
Frequently Asked Questions
What is the most common type of identity theft?
Financial identity theft — where someone uses your information to open credit cards, take out loans, or make purchases in your name. It’s the most common because it’s the most directly profitable for criminals.
How do I know if my identity has been stolen?
Warning signs include unfamiliar charges on your accounts, collection calls for debts you don’t recognize, unexpected drops in your credit score, tax returns rejected because one was already filed, medical bills for services you didn’t receive, or mail that suddenly stops arriving (which may mean a criminal changed your address).
How do data brokers contribute to identity theft?
Data brokers publicly list your name, address, phone number, date of birth, and family members on people search sites. This information gives criminals the building blocks to impersonate you, answer security questions, and pass identity verification checks. Removing your data from broker sites is one of the most effective prevention steps.
Can a credit freeze prevent identity theft?
A credit freeze prevents new credit accounts from being opened in your name — the most common form of financial identity theft. But it doesn’t prevent all types (tax fraud, medical identity theft, etc.) and doesn’t remove your personal information from data broker sites.
What should I do first if my identity is stolen?
Immediately freeze your credit with all three bureaus, file a report at IdentityTheft.gov, and file a police report. Then contact the fraud departments of any affected companies.
Can identity theft affect my children?
Yes. Child identity theft is growing because children have clean credit histories and the theft often goes undetected for years. Consider freezing your children’s credit with all three bureaus — it’s free and protects them until they’re old enough to manage their own credit.
How can I prevent identity theft?
The most effective steps are: remove your data from data broker sites using Optery or Incogni, freeze your credit, use strong unique passwords with 2FA, and lock down your social media. Full guide: How to Protect Your Personal Information Online.
This post contains affiliate links. If you purchase through our links, we may earn a commission at no extra cost to you. See our affiliate disclosure for details.