Identity Theft Abroad: What to Do in Canada, the UK & Australia

If your identity is stolen while you are in or dealing with Canada, the UK, or Australia, the core playbook is the same everywhere: act fast, write everything down, report to the right national body, and lock down your credit. What changes is who you call and which laws protect you. The U.S. system runs through the Federal Trade Commission (FTC) and the credit bureaus, while Canada, the UK, and Australia each have their own national fraud-reporting agency and their own credit-reporting rules.

This article walks through the first 48 hours, then the specific reporting bodies and protections in each of the three countries. It is general information, not legal advice, but it should help you move quickly and know exactly where to go.

First, the steps that are the same everywhere

No matter which country you are in, the early moves are identical. Do these before anything else:

• Write down a timeline. Note when you noticed the problem, what looks wrong (unfamiliar accounts, charges, mail, or login alerts), and every contact you make. Keep a running log with dates, names, and reference numbers. This record is what banks, police, and credit bureaus will rely on.
• Contact the affected bank or company immediately. Report fraudulent transactions, freeze or cancel compromised cards, and ask for the dispute or fraud process in writing.
• Change passwords and turn on two-factor authentication on email first (it is the master key to everything else), then banking, then anything reused.
• Save evidence. Screenshots, letters, statements, and emails. Do not delete the fraudulent messages.
• Report to the national fraud agency for the country involved (covered below) and get a reference number.
• Place a fraud alert or freeze on your credit file with that country's credit bureaus.

The faster you report, the easier it is to recover money and stop new accounts being opened. Most banks have time limits for disputing unauthorized transactions, so do not wait.

How the U.S. system works (the baseline most readers know)

For U.S. consumers, identity theft recovery centers on IdentityTheft.gov, run by the FTC. Filing there generates an FTC Identity Theft Report and a personalized recovery plan. Your rights come mainly from the Fair Credit Reporting Act (FCRA), enforced by the FTC and the Consumer Financial Protection Bureau (CFPB).

Under the FCRA you can place a free fraud alert or a credit freeze (also called a security freeze) with the three nationwide bureaus, Equifax, Experian, and TransUnion. The freeze itself is free nationwide. You also have the right to dispute fraudulent items and to get them blocked from your report once you submit an identity theft report. Many state laws add stronger protections on top of the federal floor, such as extra notification duties or remedies. Those specifics vary by state, so check your own state Attorney General's office rather than assuming a single rule applies everywhere. If a debt collector pursues you for an account a thief opened, the Fair Debt Collection Practices Act (FDCPA) lets you dispute the debt in writing and demand it stop until validated.

Keep this U.S. structure in mind, because Canada, the UK, and Australia each solve the same problems with different agencies and different names.

Identity theft in Canada: what to do

In Canada the central reporting body is the Canadian Anti-Fraud Centre (CAFC), run jointly by the RCMP, the Competition Bureau, and the Ontario Provincial Police. The CAFC collects fraud reports nationally and feeds law-enforcement intelligence. Report online or by phone, and keep the file number.

Your concrete steps in Canada:

• Report to the CAFC and to your local police (a police report is often required by banks and creditors to reverse charges).
• Contact Canada's two credit bureaus, Equifax Canada and TransUnion Canada. Ask each to place a fraud alert on your file and request your credit reports. Canada does not have a single nationwide freeze law like the U.S.; freeze availability and exact terms vary by province and by bureau, so ask each bureau what it offers in your province.
• Notify your bank and card issuers. Canadian banks follow Financial Consumer Agency of Canada (FCAC) guidance on unauthorized transactions.
• If a government ID was stolen, contact the issuer: Service Canada for your Social Insurance Number (SIN), and your provincial body for a driver's licence or health card. Service Canada will note the compromise; a SIN is normally only reissued in limited circumstances.
• Report a stolen passport to Passport Canada / Immigration, Refugees and Citizenship Canada.

Privacy of your personal data in Canada is governed federally by PIPEDA (the Personal Information Protection and Electronic Documents Act), overseen by the Office of the Privacy Commissioner of Canada, which can help if a company mishandled your data in a breach.

Identity theft in the UK: what to do

In the United Kingdom (England, Wales, and Northern Ireland), the national reporting center for fraud and cybercrime is Action Fraud. Report online or by phone and you will receive a crime reference number, which banks and creditors will ask for. (Scotland is different: report fraud to Police Scotland directly rather than Action Fraud.)

Your concrete steps in the UK:

• Report to Action Fraud (or Police Scotland) and keep the reference number.
• Tell your bank straight away. Under UK rules, unauthorized payments are generally refundable if reported promptly, and banks must investigate. If a payment was made through your own bank, raise it immediately.
• Contact the UK credit reference agencies, Experian, Equifax, and TransUnion (UK). Check your reports for accounts or searches you do not recognize.
• Consider CIFAS Protective Registration. CIFAS is the UK's fraud prevention service; a Protective Registration flag asks lenders to take extra steps to verify identity before granting credit in your name. It is a paid service but widely used after identity theft.
• Report a lost or stolen passport to HM Passport Office, and a stolen driving licence to the DVLA.

Data protection in the UK is governed by the UK GDPR and the Data Protection Act 2018, regulated by the Information Commissioner's Office (ICO). If an organization leaked your data, you can complain to the ICO.

Identity theft in Australia: what to do

Australia's standout resource is IDCARE, the national identity and cyber support service for both Australia and New Zealand. IDCARE is a not-for-profit that gives free, personalized case management, walking you through exactly which documents to replace and which agencies to contact. For most identity theft victims, IDCARE is the best first call.

Alongside IDCARE, report the crime to ReportCyber (formerly ACORN), the Australian Cyber Security Centre's online police-referral portal. Scams specifically can also be reported to Scamwatch, run by the ACCC.

Your concrete steps in Australia:

• Contact IDCARE for a tailored response plan and report the incident through ReportCyber.
• Notify your bank and card providers.
• Contact Australia's credit bureaus, Equifax, illion, and Experian. You can request a ban (credit ban or freeze) on your credit report, which stops new credit being granted using your details. This is an important right in Australia and is generally free for an initial period.
• If your tax or government identity is at risk, contact the Australian Taxation Office (ATO) about your Tax File Number, and Services Australia / your myGov account for Medicare and Centrelink details.
• Replace compromised documents (driver's licence through your state or territory road authority, passport through the Australian Passport Office). IDCARE can tell you the order to do this in.

Privacy in Australia is governed by the Privacy Act 1988, regulated by the Office of the Australian Information Commissioner (OAIC), which oversees the Notifiable Data Breaches scheme.

Cross-border identity theft: when more than one country is involved

If you are a U.S. consumer whose data was stolen abroad, or a traveler hit while overseas, report in both places. File with IdentityTheft.gov (FTC) at home and with the relevant national agency where the fraud occurred. Each country's banks and bureaus can usually only act on accounts and credit files within their own borders, so a fraud alert in Canada will not protect your U.S. credit file, and vice versa. Keep one master timeline and reference every report number in your correspondence.

If a debt later appears, deal with it under the system where the account exists. In the U.S., the FDCPA and FCRA give you written dispute rights; in Canada, the UK, and Australia, similar fair-lending and credit-reporting rules apply, and the national fraud agency or credit bureau can guide you. When the amounts are large or a collector or court is involved, talk to a lawyer or a free consumer advice service in that country.

Protect yourself going forward

• Use a unique password and two-factor authentication on every financial and email account.
• Check your credit reports periodically in each country where you have a credit history.
• Keep a freeze or ban in place if you are not actively applying for credit.
• Be cautious with unsolicited calls, texts, and emails asking for personal details, no matter how official they look.

Know the law

Federal law limits your liability and gives you tools — fraud alerts, freezes, and an official FTC recovery plan at IdentityTheft.gov.

Key federal laws:

• Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq.

Where to get help or file a complaint:

• IdentityTheft.gov — official FTC recovery plan

Your state matters too. Federal law is the floor — your state sets the statute of limitations on debt, garnishment and exemption limits, payday and repossession rules, and has its own Attorney General and consumer-protection laws. Always check your state’s rules. This is general legal information, not legal advice.