Q: I received my W-2 in the mail today with a large portion of it missing. It was in an envelope from the post office saying they were sorry about the damage, but these things happen and they hope I understand.

Part of the form that was missing included my full name, Social Security number, address, employer and salary.  I immediately froze all three of my credit reports. I also checked my bank statements and will continue to monitor them daily.  Any other suggestions?

S.A., Parma

A: I applaud you being proactive. I asked the Internal Revenue Service to weigh in. You should also file a police report, just to get that on the record, the IRS said. You could also file a report with the Federal Trade Commission.

After you’ve filed the police report, the IRS said, you should file IRS Form 14039, which is an Identity Theft Affidavit. You can print the form and mail it or fax it, according to the instructions.

You would check one of two boxes:

1. Federal tax records affected and I am a victim of identity theft.

OR

2. Federal tax records not affected and I am a victim of identity theft, or an event has affected/compromised my personal information placing me at-risk to be a future victim of identity theft.

You would fall into the second category — your personal information has been compromised and places you at risk.

After that, “certain tax-related identity theft victims will be placed into the Identity Protection PIN program and annually receive a new, six-digit IP PIN that must be entered on the tax return,” the IRS said. “The IP PIN adds an extra layer of identity protection. Some taxpayers will be given the option of getting an IP PIN, using the IRS.gov/getanippin tool.”

If, when it’s time to file your tax return, your electronic return is rejected because a return has already been filed or whatever, then go ahead and file it by mail, the IRS said.

For more information on the tax side, go to

https://www.irs.gov/individuals/how-irs-id-theft-victim-assistance-works

I’d recommend a few other things:

  • Watch out for suspicious emails or phone calls that try to trick you into disclosing personal information, based on already having some information about you that may have been disclosed as part of this incident. Whoever calls may know your name or address or all of your information.

    Consider that someone ?lbet may call you posing as the IRS or even local law enforcement.

    Stores, banks and investigators will never contact you out of sky blue and ask for personal information such as account numbers, Social Security numbers, passwords, etc. Never. Ever. And they’ll never contact you by email and ask you to change your password by clicking on an unknown link. Don’t click on links or reply with any information. Never. Ever. If someone contacts you, call them back at a trusted phone number you look up independently.

  • Consider you could see a broader attack on your identity. Contact your banks and investment accounts first, then credit cards and other types of financial accounts. Tell them your Social Security number and other personal information were compromised in the mail. Don’t tell them the details. They don’t care. Ask whether you can put additional verbal passwords on your accounts that don’t involve any public record data such as your date of birth. We’re talking about PINs or random words (like oak tree or paint brush). You want to make sure someone can’t access your accounts for wire transfers or to change your contact information without your secret password.

  • Monitor your primary bank accounts, credit cards, investments, etc., more carefully than ever. Every week is good. Every day is better. Remember the credit freeze doesn’t prevent fraud with existing accounts, which constitutes 88 percent of identity theft.

  • Watch out for anything odd — a medical explanation of benefits for a service you didn’t have or from a provider you don’t recognize, a rejection letter for an account you didn’t apply for, a missing credit card statement that is more than a few days late. These could be signs of identity theft.

  • Check your credit reports regularly. You’re entitled to one free credit report per year from each of the three major credit bureaus. Go to annualcreditreport.com or call 1-877-322-8228. Or you can fill out a paper request and mail it to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, Georgia 30348-5281. You’ll be asked to provide your name, address, Social Security number, date of birth and which bureau you want a report from (Equifax, TransUnion or Experian).

    Best advice: Order a credit report from one of the bureaus every four months.

  • Put every type of protection you can on your financial accounts. If you can use two passwords, do it. If you can require codes to be sent to your phone in order for you to log in, do it. If you can request email or text alerts for purchases or bank account withdrawals or changes to your contact information, then do it. While you’re at it, make sure that companies you do business with have all of your current contact information in their files.

  • Watch out for anyone who calls you and claims to be calling about an existing relationship or account you have. Never talk to them. Always hang up and call back using the number on the back of your credit card or your bank statement or that you look up independently online.

    This same warning applies to anyone who calls you and claims to be from Microsoft or Apple support and says you have a problem with your computer and the caller needs access to your computer to fix it. Just don’t. Ever. Just hang up without saying bye.

  • Be more cautious about anything you post on social media — Facebook, Twitter, Instagram, etc. You can provide thieves with a lot of information without meaning to. This is especially troubling if you post the name of your sister and photos of your cat online, and then use that information as the answers for security questions for bank accounts.
  • Our editors found this article on this site using Google and regenerated it for our readers.