For individuals, identity theft is a difficult crime to deal with - it is emotionally draining, expensive and time consuming. However, by following an organized plan, heeding the advice of law enforcement and the government, and learning from others, you can resolve the situation and move on with your life.

The websites of the Federal Trade Commission, the Identity Theft Resource Center, and the Better Business Bureau provide a wealth of information to help you. The highlights are summed up below:

1. Gather The Facts - Determine and document which credit cards, bank accounts, and passwords were compromised or if you social security number or other private information was stolen.
2. Contact The Police - File a report with your local police or police in the community where the identity theft took place.
3. Contact The Credit Reporting Agencies - Contact the fraud departments of any one of the three credit reporting companies to place a fraud alert on your credit report. Then obtain copies of your credit report and review them carefully for any inaccuracies.
4. Contact Your Financial Institutions - Close the accounts that you know or believe have been tampered with or opened fraudulently. Change passwords and PINs on other accounts.
5. Contact The Government - File a complaint with the appropriate federal agencies as follows:
   • For all incidents, contact the Federal Trade Commission (FTC).
   • If you suspect that an identity thief has filed a change-of-address to redirect your mail or has used the mail to commit frauds involving your identity, contact the Postal Inspection Service.
   • If you suspect that your Social Security number is being used fraudulently, contact the Social Security Administration.
   • If you suspect improper use of identification information in connection with tax violations, contact the Internal Revenue Service.

Depending on the severity of the incident, you may also wish to do one or more of the following:

• Consider implementing a "credit freeze" if you live in a state with such a law.
• Complete an ID Theft Affidavit.
• File a "Victim Statement" with your creditors and the credit reporting companies.
• Enroll in a credit monitoring service.

 For businesses, a system breach, data leak, and the exposure of confidential employee or customer information can be devastating - primarily for the affected individuals but also legally and financially for the company. By following the steps below (provided by the Federal Trade Commission) and referring to the specified resources, you can minimize the damage and speed the resolution of an incident.

• Gather The Facts  - Before acting, gather as much information as possible to determine who was affected, what information was leaked, when the breach occurred, and what systems and processes were affected. If you are still at risk for further loss, determine what steps are necessary to "stop the bleeding" and develop and execute an emergency action plan to perform the necessary remediation.
• Notify Law Enforcement  - Contact local Police, the FBI, and/or the Secret Service, as appropriate. Follow all guidelines and regulations for evidence handling if you plan to initiate legal proceedings in the future.
• Notify Affected Businesses - If data was compromised on your internal systems, there is a chance that partners and suppliers connected to your networks could also be affected. Additionally, the institutions that own, process, or use the compromised data such as banks, credit card issuers, or other third-parties that rely on that information, should also be notified.
• Notify Affected Employees and Customers- In many cases you are legally obligated to inform affected individuals but you should be sure to coordinate with law enforcement during active investigations. As specified in the prevention tips you should designate a single point of contact for releasing information and enable hotlines and e-mail addresses to answer questions and handle complaints.
• Assist Affected Individuals - By law, identity theft victims are entitled to receive a copy of the business transaction records relating to their identity theft. Details of businesses rights and obligations are detailed in the Fair Credit Reporting Act, section 609(e).
• Conduct A Post-Mortem On The Incident - Once the crisis has passed, investigations are underway, and all appropriate parties have been informed, it is necessary to determine why the incident happened and what can be done to prevent it, or similar breaches, in the future. Businesses should also review how well their response process worked covering communication at all levels, technical work, legal proceedings, and other relevant activities.
• Update Affected Systems, Policies, and Plans - Based on the outcome of the post-mortem process, it will be necessary to update a variety of policies, procedures, and plans. If the data loss involved a system compromise, it may be necessary to update technical standards, change auditing methodologies, implement new tools and techniques, and/or replace hardware and software.