My ID just got leaked on social media

Find every copy and screenshot it.

Original post, every reshare, every quote. URL, account name, timestamp, follower count. Save before anything gets deleted — you will need the record.

Identify which kind of leak this is.

Duty ID (badge, agency card, hospital badge, department headshot) goes to your chain of command or employer immediately. Personal ID (license, passport, SSN card) goes to the issuing agency.

Do not engage the poster.

No replies, no DMs, no quote-posts. Engagement boosts reach and gives them new material. Document and route to the right channel instead.

Notify chain of command if it is a duty ID.

Supervisor and PIO — or for non-LE, supervisor and the agency or hospital communications office. A leaked badge or work credential creates impersonation risk and an OPSEC issue for the department or employer, not just for you.

File platform takedowns.

Cite the specific policy — most platforms have a personal-information or doxxing policy that covers ID images. Add the impersonation policy if the post implies you said or did something. File on every reshare too.

Lock down your own accounts.

Profiles to private, location off, comment filters on. The next move from a poster who has your ID is usually to dig through your accounts for more.

Contact the issuing agency for any compromised credential.

DMV for license, State Department for passport, your department or employer for the badge or work ID. Get a fraud alert on the credential and a reissue underway. Most agencies have a same-day process for confirmed compromise.

Place a fraud alert with the credit bureaus.

A leaked license is enough for someone to attempt loans or accounts in your name. One call to any of the three bureaus places the alert on all three.

File a formal report.

Even if you are on the job yourself. Local jurisdiction for the personal layer, your department or employer for the duty layer. The report supports federal charges if the leak is part of a coordinated campaign.

Run a free scan on yourself and household.

See the free scan. Most ID-leak incidents start with someone identifying you on a broker page first, then matching the face to the credential. Closing the broker pages cuts the upstream lookup.

Start broker cleanup as the upstream protection.

A leaked ID becomes a real-world threat when the data behind the name is easy to find. Removing the address, phone, and relatives from broker pages takes the leak from dangerous to inert.

Set up impersonation monitoring.

Search your name and any visible badge number weekly. Set Google alerts. The next move after a leak is often a fake account using the ID image — catch it before it gets traction.

For NJ residents, file Daniel's Law demands.

See Daniel's Law. Covered officers and family members get $1,000 per violation if a broker fails to remove within ten business days.

Push platform escalation through your PIO or comms office.

Most major platforms have law-enforcement and institutional liaison contacts. A PIO or hospital comms request through that channel moves faster than the standard takedown queue.

Federal charges if the leak is part of a campaign.

Coordinated doxxing across multiple platforms or accounts is a federal matter. Local FBI field office handles it when there is a clean local report behind it.

Move temporary if impersonation produces threats.

Some departments and agencies have a relocation protocol for personnel under sustained credible threat. Use it without shame.

Continuous broker cleanup.

A one-time opt-out is a delay. Most brokers re-list within 3-6 months from public records. Continuous coverage re-checks every two weeks and re-files the day you reappear.

Audit what is actually visible online.

Department photo on the agency site, hospital staff page, gym profile picture, LinkedIn headshot. Each one is another way to match a leaked ID to your real life. Remove what you can.

Sweep the household.

Brokers link you to spouse, parents, adult kids. A leaked ID combined with a still-listed family page is what produces the family-targeting incident next.