This article contains affiliate links. If you buy through them, we may earn a commission — at no extra cost to you.
Identity theft cost Americans $12.7 billion in 2024. One in three US adults has been affected. These seven steps — most taking under ten minutes — close the main pathways that account for the majority of cases.
1. Check if your email is already in a breach
Visit haveibeenpwned.com: free, instant, no account needed. Most people who check find at least one breach they weren't aware of. Takes 30 seconds. Do this first.
2. Use unique passwords everywhere
Credential stuffing — trying breached passwords against other accounts — is responsible for the majority of account compromises. A password manager (NordPass, Bitwarden) generates and stores unique passwords automatically.
Your email account is the master key to everything else. Enable 2FA there first. Use an authenticator app (Google Authenticator, Authy) rather than SMS — SMS codes can be intercepted via SIM swap attacks.
4. Remove yourself from data broker databases
Data brokers aggregate your name, address, phone, relatives, and more — and sell it. This enables targeted social engineering attacks. Incogni sends opt-out requests to hundreds of brokers automatically and monitors for re-addition.
A credit freeze prevents anyone — including identity thieves — from opening new credit accounts in your name. Free at all three bureaus (Equifax, Experian, TransUnion). Can be temporarily lifted when you need to apply for credit. Takes about 15 minutes total.
6. Don't overshare on social media
Your mother's maiden name, where you went to school, your first pet — these are security question answers that social media makes publicly available. Criminals use them for account recovery fraud. Check your public profile settings.
7. Set up breach monitoring
Even after doing the above, new breaches happen constantly. Have I Been Pwned offers free monitoring — it emails you when your address appears in any new breach added to its database. Know immediately rather than months later.
You don't have to do all seven today. Start with the breach check and the credit freeze — those two alone close two of the biggest pathways. The rest can follow over the next week.
Frequently asked questions
What is a data broker and why does it matter for identity theft?+
Data brokers legally aggregate and sell personal information — your name, address, phone, relatives, and more. This data is the raw material for social engineering attacks and targeted phishing, which are primary pathways to identity theft.
How do I remove myself from data broker databases?+
You can manually opt out of each broker individually, which takes many hours and requires re-submission as brokers re-add your data. Services like Incogni automate this process — sending removal requests to hundreds of brokers and monitoring for re-addition.
How common is identity theft in the US?+
Approximately 33% of US adults have experienced identity theft, per research from IPX1031 and Demandsage. The FTC received over 1.13 million identity theft reports in 2024. Losses totalled $12.7 billion that year, according to Experian.
Automate step 4 — remove yourself from data brokers
Incogni sends removal requests to hundreds of data brokers, monitors for re-addition, and handles it automatically. One-time setup, ongoing protection.