Risk Management

Identity Theft Recovery: A Step-by-Step Guide

Here are actions to take if you suspect you or a family member may be at risk of identity theft or a cybersecurity breach.
May 8, 2026  |  4 min read
Share
article-header

The costs of identity theft and cyberattacks cannot be measured purely monetarily. The emotional distress and time-consuming recovery process can be disruptive. If you suffered a cybersecurity incident or believe your identity has been compromised, these actions can help you mitigate any damages, take back control, and begin to restore peace of mind.
 

Four Immediate Actions to Take


What Would I do If I Suspect My Identity Has Been Compromised?


1. Freeze credit lines with each credit bureau and place a fraud alert. A credit freeze prevents bad actors from accessing your credit report and opening new accounts in your name. Should you need to access your credit, freezes can be independently and temporarily lifted. You must initiate a credit freeze with each of the credit bureaus separately, which can be done through their dedicated online portals.

Fraud alerts notify creditors to take extra steps in verifying your identity before extending credit. A fraud alert typically lasts one year, but you may request an extension. A fraud alert only needs to be placed with one of the three major credit bureaus.

Primary Credit Bureaus & Reporting Agencies in the US

Equifax: Credit Freeze | Fraud Alert | (800) 685-1111
Experian: Credit Freeze | Fraud Alert | (888) 397-3742
TransUnion: Credit Freeze | Fraud Alert | (888) 909-8872
 

2. Report the incident to your financial service providers, government bureaus, and law enforcement (as applicable). Notify your bank, investment firm, credit card companies, and other financial service providers about the incident to kick off any protective procedures on their side (e.g., monitoring your accounts; canceling and sending a replacement credit card). 

Depending on jurisdiction, there may be specific government agencies to report to (e.g., the FTC and the FBI1 in the US; Royal Mail, Cifas, and Report Fraud in the UK). 

Contact your wealth advisor for more information on reporting an incident.
 

3. Enroll in a credit monitoring service. Credit monitoring services watch for changes in your credit file to help identify potentially fraudulent activity. Credit monitoring cannot prevent identity theft (like a credit freeze can), but their alerts can help you take action in a timely manner. Consider signing up for a monitoring service such as Equifax, Experian, TransUnion, LifeLock, or Kroll.
 

4. Request an IRS Identity Protection Pin (IP PIN). An IP Pin is a six-digit number that is used to verify your identity and prevent someone else from filing a tax return using your social security number. Be sure to securely share this IP Pin with your tax preparer when they file your taxes.

 

Additional Steps You Can Take


How Can I Monitor My Accounts? 


Scan for threats

If the attack occurred via online or digital methods, your device could be compromised. Secure your accounts by changing passwords and enabling multi-factor authentication from a trusted, uncompromised device. Engage a professional service to scan for any remaining, persistent threats on the affected device(s) before returning them to regular use.


Practice strong password hygiene

Consider these best practices for password management: 

  • Use unique, complex passwords, such as a favorite song lyric. 
  • Enable MultiFactor Authentication (MFA) or Two-Factor Authentication (2FA) on all critical accounts wherever available, as it adds a significant layer of security even if a password is compromised. 

Consider a password manager like 1Password or Dashlane to help manage and securely share multiple passwords across your family.


Protect personal devices

There are a number of ways to safeguard your devices:

  • Ensure your software (and security) is up to date and enable automatic updates to ensure timely security.
  • Enable automatic screen locks and disable notification previews when locked.
  • Use a difficult-to-guess passcode as a backup to biometric security, such as a thumbprint or Face ID, to unlock devices.


Leverage secure WiFi access

Use your ‘personal hotspot’ or virtual private network (VPN) rather than public WiFi in airports, libraries, hotels, and coffee shops— especially if you are accessing financial or sensitive information. Ensure automatic connectivity is turned off.


Review emails, texts, and phone calls for red flags

The items below are important to keep in mind immediately after an incident and in the future. 

  • Avoid ‘phishing’ or email hacking attempts by carefully reviewing unexpected email messages, particularly those with aggressive subject lines, attachments, links, or spelling and grammatical mistakes. 
  • Before clicking any link, hover over the URL to review the web address and ensure you recognize it and that it looks correct. 
  • Be vigilant against ‘smishing’ (phishing via text messages) and ‘vishing’ (phishing via phone calls), as these are increasingly common tactics used by cybercriminals.
  • EMAIL HACKING CASE
  • What it is
    Email hacking is the unauthorized access of email accounts to steal sensitive information, impersonate users, or compromise digital security.
  • What happened
    Steve saved an email draft with his login credentials/PINs. An attacker successfully hacked his email and used this information to access his phone account and set up call forwarding.
  • How this impacted Steve
    After compromising Steve’s phone, the attacker was able to pass multi-factor authentication and log in to his bank account. They then sent multiple fraudulent wires from Steve’s account. Steve did not realize his account was compromised until he received a notification that the wires had been sent.
  • Key Takeaway
    Do not send or store any sensitive information, including login credentials, via email.

Consider professional solutions

While it is important to regularly monitor your accounts, it can be time-consuming. There are Lifestyle Services available through your Goldman Sachs team to monitor your accounts and alert you to suspicious activity. This can add a layer of protection that provides time savings and peace of mind.

Taking preventative measures going forward is critical to safeguarding your identity and accounts against any potential future threats.

Related Tags
More Insights
View All

1 For internet-related incidents. 

This material is intended for educational purposes only and is provided solely on the basis that it will not constitute investment advice and will not form a primary basis for any personal or plan’s investment decisions. While it is based on information believed to be reliable, no warranty is given as to its accuracy or completeness and it should not be relied upon as such. Information and opinions provided herein are as of the date of this material only and are subject to change without notice. Goldman Sachs is not a fiduciary with respect to any person or plan by reason of providing the material herein. Information and opinions expressed by individuals other than Goldman Sachs employees do not necessarily reflect the view of Goldman Sachs. Information and opinions are as of the date of the event and are subject to change without notice.

© 2026 Goldman Sachs. All rights reserved.

 

Goldman Sachs & Co. LLC is registered with the Securities and Exchange Commission (“SEC”) as both a broker-dealer and an investment adviser and is a member of the Financial Industry Regulatory Authority (“FINRA”) and the Securities Investor Protection Corporation (“SIPC”).