Identity theft is among the fastest-growing fraud issues faced by the Internal Revenue Service. Online thieves have been capturing Social Security numbers and other tax filing data to file fraudulent returns, principally for the purpose of stealing refunds.

In 2014, TurboTax – one of the leading tax preparation software companies – had to stop transmitting state returns and introduce new safeguards after a run of suspicious activities. Last year, the Treasury Department reported more than 2.9 million incidents of tax-related identity theft (also based on 2014 data), up from 1.8 million a few years earlier.

Most taxpayers don’t find out they’ve been hacked until they receive a letter in the mail – the IRS never sends taxpayer-specific correspondence via email; if this happens, report it at www.irs.gov/uac/Report-Phishing. Typically, a significant amount of time will have passed between the hack and the taxpayer learning about the problem.

Electronic filers should find out sooner because their return will likely bounce back if a fraudulent one was successfully filed earlier.

Recent reports quote the IRS as saying it tries to settle such cases within 4-6 months, but news reports have indicated wait times are longer. This is why anyone dealing with any type of identity theft needs to move fast and be actively involved in containing the damage. Regulators can’t do it for the victim and advertised services that boast they can handle everything probably won’t.

If you’ve been hit, first go to the identity theft action pages on both the Federal Trade Commission (www.consumer.ftc.gov/articles/0008-tax-related-identity-theft) and the IRS (www.irs.gov/Individuals/Identity-Protection) websites for information and recommended steps to deal with the problem. The suggested actions include the following:

• Order current credit reports and set a fraud alert on each at the three major consumer credit rating agencies – Equifax, Experian and TransUnion. Follow up to make sure those alerts are active.

• Set up a physical or computer-based file to organize all contacts, communications and paperwork associated with the case and keep track of any fraudulent transactions that occur.

• Create an identity theft report (www.consumer.ftc.gov/articles/0277-create-identity-theft-report) with the FTC and the local police department. This will help victims document their contacts with regulators and law enforcement if there is an arrest.

• Make a call list for all creditors, banks, investment companies, utilities and employers to let them know about the breach. Those who work with qualified financial and tax experts should ensure they’re aware of the situation as well.

• If a fraudulent account is spotted, contact the crediting agency and request a freeze on it; thereby limiting potential losses.

Even if you have never experienced this type of identity theft, don’t take your luck for granted. It’s never a bad idea to set up a personal IRS e-services account (www.irs.gov/uac/Step-1-Create-an-IRS-e-services-Account) because it’s a way to get ahead of some identity thieves who use that approach to gain access and information with stolen taxpayer data.

Also remember the free credit report taxpayers are entitled to once a year from each of the previously cited agencies. It’s an ideal way to monitor your credit picture and identify accounts that have been opened without your knowledge.

Bottom line – anywhere your Social Security number goes, identity thieves follow. Recent tax filing seasons proved that. Safeguard data and check your credit reports several times a year for irregularities.