Avoiding and Recovering from Business Identity Theft

🔒 Avoiding Business Identity Theft

1. Safeguard Business Records

• Secure EIN: Protect your Employer Identification Number (EIN) as you would a Social Security number. Share it only when absolutely necessary.
• Limit access: Restrict who within your company can access sensitive information.
• Shred or securely dispose: Destroy old business documents, checks, or invoices that contain identifying data.

2. Strengthen Cybersecurity

• Use strong, unique passwords and multifactor authentication (MFA).
• Keep business software, firewalls, and anti-virus programs up to date.
• Encrypt sensitive files and communications.
• Train employees on phishing and social engineering tactics.

3. Monitor Business Credit & Records

• Business credit reports: Check your company’s reports with Dun & Bradstreet, Experian, and Equifax regularly.
• Secretary of State records: Periodically review your business filings to ensure no unauthorized changes.
• Bank & vendor accounts: Reconcile statements frequently to catch fraudulent activity early.

4. File Taxes Early

• Just as with individuals, filing your business tax returns as early as possible reduces the risk that a fraudster could use your EIN to file first.

5. Protect Online Presence

• Secure your company’s domain names, even variations.
• Monitor social media for fake profiles impersonating your brand.

🛠 Recovering from Business Identity Theft

If you suspect your business identity has been compromised:

1. Confirm & Contain

• Contact your bank and creditors immediately to freeze or close fraudulent accounts.
• Notify your IT/security team if the breach was electronic.

2. Report the Theft

• IRS: File Form 14039-B (Business Identity Theft Affidavit).
• Local police: File a police report for documentation.
• Federal Trade Commission (FTC): Report at IdentityTheft.gov.
• State agencies: Notify your Secretary of State if false business filings were made.
• Credit bureaus: Place a fraud alert on your business credit files.

3. Review & Repair

• Audit financial accounts and close unauthorized ones.
• Correct fraudulent filings with your Secretary of State and IRS.
• Update business security practices to prevent repeat incidents.

4. Communicate Transparently

• Notify lenders, vendors, and key customers if fraud might affect them.
• Issue public statements if impersonation (e.g., fake invoices or scams) could damage your reputation.

5. Consider Professional Help

• Business identity theft cases often require specialized help:
  • CPA/tax advisor: Assist with IRS and state tax issues.
  • Attorney: Help resolve fraudulent contracts or filings.
  • Cybersecurity experts: Assess and fix vulnerabilities.

✅ Key takeaway: Prevention is far less costly than recovery. Strong cybersecurity, careful monitoring of business filings and credit, and rapid response protocols are the most effective defenses against business identity theft.

🛑 Business Identity Theft Response Checklist

Step 1: Confirm & Contain

• 🔍 Verify the fraud (unauthorized accounts, filings, or tax activity).
• 📞 Contact your bank(s), lenders, and credit card issuers immediately: freeze or close fraudulent accounts.
• 🖥️ Alert your IT/security team if it’s a cyber breach.
• 🔐 Change passwords and enable MFA for all key accounts (banking, payroll, tax portals, email).

Step 2: Report the Theft

• 📝 IRS: File Form 14039-B (Business Identity Theft Affidavit).
• 🏛️ Local Police: File a police report—keep a copy for creditors and agencies.
• 🕵️ FTC: Report at IdentityTheft.gov (document case number).
• 🗂️ State Secretary of State: Check/correct fraudulent business filings.
• 🏦 Credit Bureaus: Place a fraud alert with Experian, Equifax, and Dun & Bradstreet.

Step 3: Notify Stakeholders

• 📢 Inform vendors, lenders, and key customers if they may be impacted.
• ⚠️ Issue a fraud alert memo internally so employees are aware of risks.
• 🌐 If impersonation occurred (fake invoices, websites, or accounts), notify clients and consider a public statement.

Step 4: Repair & Recover

• ✅ Close fraudulent accounts and open new ones if needed.
• ✅ Correct IRS and state filings (with police/FTC reports attached).
• ✅ Monitor all accounts and credit reports weekly until stable.
• ✅ Conduct a post-incident security audit to identify vulnerabilities.

Step 5: Strengthen Future Protection

• 🔒 Tighten access controls to EIN, bank accounts, and sensitive data.
• 💻 Update firewalls, anti-virus, and employee cybersecurity training.
• 🗂️ Enroll in a business credit monitoring service (Experian, Equifax, Dun & Bradstreet).
• 📅 Set reminders to regularly review Secretary of State records and credit reports.

✅ Quick Tip: Keep a binder (or secure digital file) with:

• IRS, FTC, police report copies
• Contact list for banks, credit bureaus, state agencies, attorney, CPA
• Copies of corrected filings and affidavits

Business identity theft is a nightmare for any business owner. The costs associated with having a business’s identity stolen are huge and the impacts of business identity theft could just be enough to put you out of business. The best defense is a good offense, and this is especially true when it comes to protecting your business’s identity. There are some basic steps you can take to protect your business from identity theft.

Maintain a Low Profile

As obvious as this sounds it is extremely important. Maintaining a low profile includes avoiding publicly sharing anything that has the potential to put the company at risk. You should have guidelines in place for employees, especially when it comes to social media—both personal and professional. Properly train all of your team members in common business identity theft practices and things to watch out for.

Remain Vigilant

Always being prepared is the best thing you can do to avoid becoming a victim. You should be regularly reconciling and reviewing all financial statements, business registration information, credit reports, and others—even for closed accounts. If you have the budget, it may be in your best interest to hire a good accountant.

Invest in Security

You may be able to trust your staff when it comes to your business’s security; but there are many other potential weak spots for your business’s identity to be stolen. Investing in good cybersecurity software and technology can save your business thousands of dollars by avoiding a data breach. Cyber liability insurance is another way business owners can protect themselves and their business from the damaging effects of business identity theft and data breaches.

Talk to Other Business Owners

Your business is not alone in its quest for security. Talk to other business owners in your area or industry and learn about the measures they are taking to protect their businesses from identity theft. If you have been the victim of business identity theft, talking about your experiences with other business owners may help them to avoid the same fate. Conversely, you may want to talk to a business owner that has been the victim to learn about ways in which you can avoid it.

What to do if You are a Victim of Business Identity Theft

Remain calm, do not panic. You can recover from this if you take the right steps. Here is what you need to know if you believe you are the victim of business identity theft.

Collect All of the Information that You Can

Firstly, if you believe that your business has been compromised, collect all of the information that you possibly can. Understanding the full extent of the fraud and damage to your business is the first step in fixing the problem.

Document Everything

After you have gathered all of the information possible, file a police report, and submit a complaint with the FTC. Once you have filed a police report and submitted a claim, the next step is to close any accounts that have been illegally opened or affected by the fraudulent activity.

Alert Business Credit Bureaus

Finally, you need to alert at least one of the three major business credit bureaus of fraudulent activity. This will ensure you are notified of any credit requests, stopping the ability for the identity thief to open credit account’s in the name of the business.

Business identity theft is an increasingly common problem: criminals impersonate legitimate companies to open lines of credit, file fraudulent tax returns, or exploit a business’s reputation for financial gain.