“Identity theft victims spend an average of 200 hours and £1,000+ recovering their identity. Early action cuts both figures dramatically.”
— Cifas Fraudscape 2026Days 1-2: Stop the Bleeding (Emergency Actions)
The first 48 hours determine how much damage criminals can do with your stolen identity. In the UK, identity theft costs victims an average of £1,203 and 200 hours to resolve according to Cifas data. Acting within the first 48 hours can reduce both figures by up to 80%.
Priority actions for first 48 hours: Prevent further damage before starting recovery.
- • Your bank — freeze all accounts
- • Credit card companies — cancel cards
- • Action Fraud (0300 123 2040) — get a crime reference
- • All three credit agencies — place fraud alerts
- • Change passwords on all accounts — start with email
- • Enable 2FA everywhere possible
- • Request new debit and credit cards
- • Check recent transactions for unauthorised activity
Create a detailed incident log immediately. Record: date/time of each call, person's name and direct number, reference numbers issued, and actions promised. UK banks must provide a full reply to fraud complaints within 15 business days under PSR 2017 regulations, but only if you provide complete documentation. Missing call logs can delay resolution by weeks.
Days 3-5: File Disputes & Repair Credit
Once you’ve stopped the immediate damage, it’s time to start repairing. Contact all three UK credit bureaus to dispute fraudulent entries and request detailed reports showing any accounts opened without your knowledge.
UK Credit Bureau Contacts
Action: File fraud alerts with all three agencies, request detailed credit reports, and dispute every account you didn’t open. They have 28 days to investigate and respond.
UK credit agencies typically investigate disputes within 28-30 days under industry standards and Data Protection Act 2018 requirements. Always dispute in writing and send by recorded delivery. Include your Action Fraud reference number (this proves you've reported the crime), copies of relevant documents, and a clear timeline of events. Phone disputes can be ignored; written disputes with recorded delivery create legal obligations for the agencies.
Protect Your Documents Going Forward
AES-256 encrypted upload links. Documents auto-delete after download. No accounts needed.
Days 6-7: Lock Down & Future-Proof
With the immediate crisis managed and disputes filed, it’s time to build long-term defences. These steps ensure your identity stays protected even if criminals attempt to use stolen data months later.
Final Security Steps
Use an authenticator app (not SMS) for critical accounts like email and banking
Enable notifications for login attempts, password changes, and new device access
£25 for 2 years — adds extra identity checks whenever someone tries to use your details
Set a calendar reminder to check all three bureaus — criminals may wait months before using stolen data
Document everything from your recovery in a secure location. Keep copies of all correspondence, reference numbers, and timeline notes. If criminals attempt to use your identity again in the future, this documentation proves you’re a victim and accelerates the resolution process.
Your Documents Are the Key to Recovery
Recovery success depends on documentation. The faster you can provide evidence to banks, credit agencies, and authorities, the faster your recovery. Keep certified copies of your passport, driving licence, and utility bills ready — you’ll need them repeatedly to prove your identity.
Essential recovery documents to keep secure
Going forward, never email identity documents as attachments. Use encrypted sharing links that auto-delete after download — this prevents your documents from sitting in email inboxes, backup systems, and servers indefinitely where they can be compromised in future breaches.
Stop Emailing Sensitive Documents
AES-256 encryption. Auto-delete after download. No client accounts needed. GDPR compliant.
Written by the FileSeal security and compliance team. We specialise in document security, GDPR compliance, and data protection for UK professionals. Our guides are reviewed by industry practitioners and updated regularly.