How to File a Cybercrime Complaint for Lost Personal Identification

I. Introduction

Losing a personal identification document is not merely an inconvenience. In the Philippines, a lost government ID, employee ID, school ID, passport, driver’s license, Unified Multi-Purpose ID, PhilSys ID, tax identification document, or similar credential may expose the owner to identity theft, unauthorized online transactions, fraudulent account creation, SIM registration misuse, loan applications, phishing, social engineering, and other cyber-enabled crimes.

When the lost identification is suspected to have been used online or in any technology-assisted fraud, the matter may fall within the broader framework of Philippine cybercrime law. Filing a cybercrime complaint is appropriate when the loss of personal identification is connected to online impersonation, unauthorized account access, digital fraud, fake profiles, online scams, or misuse of personal data through computer systems, mobile devices, social media, messaging platforms, financial applications, or electronic communications.

This article discusses the Philippine legal context, the agencies involved, the documents to prepare, the complaint process, and the practical steps a complainant should take when lost personal identification may lead to or has already resulted in cybercrime.

II. Legal Framework

A. Cybercrime Prevention Act of 2012

The primary law governing cybercrime in the Philippines is Republic Act No. 10175, also known as the Cybercrime Prevention Act of 2012. It penalizes offenses committed through or involving computer systems, information and communications technology, and electronic data.

Relevant cybercrime-related offenses may include:

  1. Computer-related fraud This may apply when a person uses lost identification details to deceive another person or system for financial or personal gain.

  2. Computer-related identity theft This is especially relevant when another person acquires, uses, misuses, transfers, possesses, alters, or deletes identifying information belonging to another person through computer systems, without right.

  3. Illegal access This may apply when the lost ID is used to gain access to the victim’s online accounts or digital services.

  4. Data interference or system interference These may apply if the misuse involves alteration, deletion, or disruption of electronic data or accounts.

  5. Cyber-squatting or online impersonation-related acts Depending on the facts, fake accounts or profiles using another person’s name, image, or identifying information may be investigated under cybercrime, fraud, unjust vexation, libel, identity theft, or related laws.

B. Revised Penal Code

Traditional crimes under the Revised Penal Code may also apply when committed through digital means. These may include:

  1. Estafa or swindling, if the lost ID is used to defraud another person.
  2. Falsification, if the ID or personal information is altered, fabricated, or used in false documents.
  3. Usurpation of authority or official functions, in certain cases involving false representation.
  4. Unjust vexation, where the conduct causes harassment or disturbance but may not clearly fall under a more specific offense.
  5. Grave coercion, threats, or harassment, if the lost identity is used to intimidate or pressure the victim.

Where a traditional crime is committed through information and communications technology, the penalty may be affected by cybercrime law.

C. Data Privacy Act of 2012

The Data Privacy Act of 2012, or Republic Act No. 10173, may also be relevant because lost identification involves personal information and, in many cases, sensitive personal information.

The law protects personal data such as:

  1. Name, address, date of birth, contact details, and photograph.
  2. Government-issued identification numbers.
  3. Biometrics or unique identifiers.
  4. Financial account details.
  5. Health, education, employment, and tax-related information.

If a company, school, employer, bank, online platform, or government office mishandled the ID or failed to protect personal data, a complaint may also be filed with the National Privacy Commission.

D. SIM Registration Act and Financial Consumer Protection Rules

If the lost ID is used for SIM registration, e-wallet verification, online lending, banking, or financial transactions, the complaint may involve telecommunications providers, electronic money issuers, banks, lending platforms, or financial institutions.

Relevant agencies may include the National Telecommunications Commission, Bangko Sentral ng Pilipinas, Securities and Exchange Commission, and the cybercrime units of law enforcement agencies.

III. When a Lost ID Becomes a Cybercrime Matter

Losing an ID alone is not automatically a cybercrime. A cybercrime complaint becomes appropriate when there is evidence or reasonable suspicion that the lost identification was used, attempted to be used, or is likely to be used in an online or technology-assisted offense.

Examples include:

  1. A fake Facebook, TikTok, Instagram, X, LinkedIn, or messaging account is created using the victim’s name or photo.
  2. Someone uses the lost ID to verify a digital wallet or online banking account.
  3. The victim receives debt collection messages for an online loan never applied for.
  4. The lost ID is used to register a SIM card.
  5. The victim’s email, social media, or financial account is accessed without permission.
  6. Scammers use the victim’s identity to solicit money.
  7. A stranger sends screenshots showing the victim’s ID being circulated online.
  8. The victim receives OTP requests, password reset emails, account verification messages, or transaction alerts.
  9. The victim’s identity is used in phishing, fake job offers, fake marketplace transactions, or romance scams.
  10. The victim discovers that personal information from the lost ID appears in suspicious online transactions.

In these situations, the complainant should preserve evidence and file the appropriate complaint promptly.

IV. Immediate Steps After Losing Personal Identification

A. Prepare an Affidavit of Loss

The first legal document usually needed is an Affidavit of Loss. It should state:

  1. The full name and address of the owner.
  2. The type of ID lost.
  3. The ID number, if known.
  4. The approximate date, time, and place of loss.
  5. The circumstances of the loss.
  6. A statement that diligent efforts were made to find the ID.
  7. A declaration that the ID was not confiscated, surrendered, sold, pledged, or intentionally transferred.
  8. A statement that the affidavit is executed for replacement, reporting, and legal purposes.

The affidavit should be notarized.

B. Report the Loss to the Issuing Agency

The owner should report the lost ID to the issuing office or agency. Depending on the ID, this may include:

  1. Philippine Statistics Authority for PhilSys-related concerns.
  2. Land Transportation Office for driver’s license.
  3. Department of Foreign Affairs for passport.
  4. Social Security System for SSS-related ID.
  5. Government Service Insurance System for GSIS-related ID.
  6. Pag-IBIG Fund for Pag-IBIG loyalty or membership cards.
  7. PhilHealth for PhilHealth ID.
  8. Bureau of Internal Revenue for tax-related identification concerns.
  9. Employer, school, or professional organization for institutional IDs.
  10. Bank or financial institution for debit cards, credit cards, ATM cards, or account-linked identification.

This step helps create an official record that the ID was lost before any fraudulent use.

C. Notify Banks, E-Wallets, and Financial Apps

The owner should immediately notify banks, credit card issuers, e-wallet providers, online lending platforms, cryptocurrency platforms, payment apps, remittance services, and other financial service providers where the lost ID may be used for verification.

The owner should request:

  1. Account monitoring.
  2. Temporary restrictions, where appropriate.
  3. Re-verification alerts.
  4. Disabling of compromised cards or credentials.
  5. Written acknowledgment of the report.
  6. Investigation of suspicious transactions.

D. Secure Digital Accounts

Because lost IDs are often used to bypass identity checks, the owner should secure online accounts by:

  1. Changing passwords.
  2. Enabling two-factor authentication.
  3. Reviewing login history.
  4. Revoking unknown devices.
  5. Updating recovery email addresses and phone numbers.
  6. Checking financial apps for unauthorized activity.
  7. Monitoring email for password reset attempts.
  8. Reviewing social media privacy and security settings.

E. Preserve Evidence

Evidence should be preserved before reporting content, deleting messages, or blocking suspicious accounts. Useful evidence includes:

  1. Screenshots of fake accounts.
  2. URLs or profile links.
  3. Usernames, account IDs, email addresses, or phone numbers used by the suspect.
  4. Chat logs.
  5. Transaction records.
  6. OTP requests.
  7. Email headers, where available.
  8. Bank or e-wallet notifications.
  9. Loan demand messages.
  10. Photos or copies of the lost ID if circulated online.
  11. Witness statements.
  12. Device logs or account login records.

Screenshots should show the date, time, username, profile URL, and relevant content. It is best to save the original files and not merely cropped images.

V. Where to File a Cybercrime Complaint

A. Philippine National Police Anti-Cybercrime Group

A complaint may be filed with the Philippine National Police Anti-Cybercrime Group, commonly referred to as the PNP-ACG. This office investigates cybercrime complaints, including identity theft, online scams, hacking, phishing, cyber harassment, and computer-related fraud.

Complainants may file personally at the appropriate office or contact the nearest police station for referral to the cybercrime unit.

B. National Bureau of Investigation Cybercrime Division

A complaint may also be filed with the National Bureau of Investigation Cybercrime Division, commonly referred to as the NBI Cybercrime Division. The NBI handles cybercrime investigations and may assist in digital evidence preservation, tracing, and case build-up.

C. Local Police Station

A local police station may receive the initial complaint, blotter the incident, and refer the matter to the cybercrime unit. A blotter entry may be useful to establish the timeline of the loss and suspected misuse.

D. City or Provincial Prosecutor’s Office

A criminal complaint may ultimately be filed with the prosecutor’s office for preliminary investigation. Law enforcement agencies may assist in preparing the complaint-affidavit and evidence package.

E. National Privacy Commission

If the complaint involves mishandling, unauthorized disclosure, or misuse of personal information by an entity that had custody of the ID or personal data, a separate privacy complaint may be filed with the National Privacy Commission.

This may be relevant where:

  1. A company lost a copy of the ID.
  2. An online platform exposed or leaked personal data.
  3. A collector or lender shared the ID publicly.
  4. A person or entity processed the ID without consent or legal basis.
  5. Personal data was used for unauthorized verification.

F. Financial Regulators and Service Providers

Where the lost ID is used in financial transactions, complaints may also be directed to:

  1. The bank or electronic money issuer involved.
  2. The Bangko Sentral ng Pilipinas, for banks and BSP-supervised financial institutions.
  3. The Securities and Exchange Commission, for lending or financing companies.
  4. The platform’s fraud, trust and safety, or legal compliance team.

VI. Documents and Information to Prepare

A cybercrime complaint should be organized and evidence-based. The complainant should prepare:

  1. Valid remaining government-issued ID, if available.
  2. Notarized Affidavit of Loss.
  3. Complaint-affidavit narrating the cybercrime incident.
  4. Screenshots and printouts of online evidence.
  5. URLs, account links, usernames, phone numbers, email addresses, or transaction references.
  6. Proof of ownership of the lost ID, such as a photocopy or photo of the ID, if available.
  7. Police blotter, if already filed.
  8. Reports made to the ID-issuing agency.
  9. Correspondence with banks, e-wallets, telecoms, platforms, or institutions.
  10. Proof of unauthorized transactions or attempted transactions.
  11. Demand letters, collection messages, or notices for accounts the victim did not create.
  12. Device logs, login alerts, OTP messages, and email warnings.
  13. Names and contact details of witnesses.
  14. Chronology of events.
  15. Any admission, threat, or communication from the suspect.

Where the suspect is unknown, the complaint may still be filed against unidentified persons. The complaint should identify all known digital traces.

VII. Drafting the Complaint-Affidavit

The complaint-affidavit is the main narrative document. It should be clear, chronological, and factual. It should avoid exaggeration and focus on verifiable facts.

A typical complaint-affidavit includes:

A. Personal Circumstances of the Complainant

This section states the complainant’s full name, age, civil status, citizenship, address, occupation, and contact details.

B. Statement of Ownership and Loss

The complainant should identify the lost ID and explain how, when, and where it was lost.

Example points:

  1. Type of ID.
  2. ID number, if remembered.
  3. Date and place of loss.
  4. Steps taken to search for it.
  5. Date of execution of Affidavit of Loss.
  6. Date the issuing agency was notified.

C. Discovery of Cybercrime or Suspected Misuse

This section explains how the complainant discovered the misuse.

Examples:

  1. Receiving OTP messages.
  2. Being contacted by victims of a scam.
  3. Seeing a fake online profile.
  4. Receiving collection notices.
  5. Receiving bank alerts.
  6. Discovering an account opened using the lost ID.
  7. Receiving a platform verification notice.

D. Evidence

The complaint-affidavit should refer to each piece of evidence as an annex.

For example:

  1. Annex “A” – Affidavit of Loss.
  2. Annex “B” – screenshot of fake profile.
  3. Annex “C” – screenshot of messages from scam victim.
  4. Annex “D” – email from bank regarding suspicious verification attempt.
  5. Annex “E” – police blotter.

E. Legal Allegations

The complainant may state that the acts appear to constitute computer-related identity theft, computer-related fraud, unauthorized use of personal information, estafa, falsification, or other offenses, subject to the prosecutor’s determination.

A complainant does not need to perfectly classify the offense. The facts matter most.

F. Prayer or Request

The complainant may request the investigating authority to:

  1. Investigate the matter.
  2. Preserve digital evidence.
  3. Identify the person responsible.
  4. Coordinate with platforms, banks, telecoms, or service providers.
  5. File appropriate charges if warranted.

VIII. Sample Complaint-Affidavit Structure

Republic of the Philippines City/Municipality of ________ S.S.

COMPLAINT-AFFIDAVIT

I, [Name], of legal age, Filipino, [civil status], and residing at [address], after having been duly sworn, state:

  1. I am the lawful owner of [type of ID] bearing number [ID number, if known].
  2. On or about [date], at approximately [time], I lost the said identification card at or near [place].
  3. I exerted diligent efforts to locate the said identification card but was unable to recover it.
  4. On [date], I executed an Affidavit of Loss, attached as Annex “A.”
  5. On [date], I discovered that my identity and/or the information appearing on my lost identification card was being used without my authority through [platform, app, website, financial service, or digital channel].
  6. Specifically, [describe the incident in detail: fake account, loan application, OTP request, scam, account opening, transaction, etc.].
  7. I did not authorize any person to use my name, photograph, ID number, signature, address, or other personal information.
  8. Attached as Annexes are screenshots, messages, notices, transaction records, and other evidence showing the unauthorized use of my identity.
  9. I believe that the acts described above may constitute computer-related identity theft, computer-related fraud, and/or other offenses punishable under Philippine law.
  10. I am executing this Complaint-Affidavit to request investigation, identification of the responsible person or persons, preservation of digital evidence, and the filing of appropriate charges if warranted.

IN WITNESS WHEREOF, I have signed this affidavit on [date] at [place].

[Signature] [Name of Complainant]

Subscribed and sworn to before me this [date], affiant exhibiting competent proof of identity.

IX. Filing Procedure

Step 1: Gather and Preserve Evidence

Before going to law enforcement, the complainant should collect screenshots, messages, links, transaction records, and written reports. Digital evidence should be preserved in original format whenever possible.

The complainant should not rely solely on screenshots if downloadable logs, emails, transaction histories, or platform reports are available.

Step 2: Execute an Affidavit of Loss

The affidavit should be notarized. This document establishes that the ID was lost and that later use may have been unauthorized.

Step 3: Prepare a Chronology

A simple timeline is highly useful. It should include:

  1. Date and place of loss.
  2. Date of discovery of suspicious activity.
  3. Date reports were made to banks, platforms, or agencies.
  4. Date fake accounts or unauthorized transactions were discovered.
  5. Date law enforcement complaint is filed.

Step 4: File with PNP-ACG, NBI Cybercrime Division, or Local Police

The complainant may personally appear and submit the complaint-affidavit and supporting documents. Law enforcement may conduct an initial assessment, request additional evidence, or refer the case to the appropriate unit.

Step 5: Submit Digital Evidence Properly

Evidence may be submitted in printed and digital form. A complainant should prepare:

  1. Printed screenshots.
  2. USB or storage device containing screenshots, videos, emails, PDFs, logs, and other files.
  3. A list describing each file.
  4. Original URLs and metadata, where available.

Step 6: Request Case Reference or Acknowledgment

The complainant should ask for a reference number, receiving copy, blotter entry, or acknowledgment of submission.

Step 7: Cooperate with Investigation

The complainant may be asked to:

  1. Provide additional documents.
  2. Execute a supplemental affidavit.
  3. Identify suspicious accounts.
  4. Appear for clarification.
  5. Coordinate with banks or platforms.
  6. Attend preliminary investigation if the case reaches the prosecutor.

X. Digital Evidence Considerations

A. Screenshots

Screenshots are useful but should be complete. They should show:

  1. The account name.
  2. Username or handle.
  3. Profile URL.
  4. Date and time.
  5. Full conversation thread where relevant.
  6. Transaction reference numbers.
  7. Sender and recipient details.

B. URLs and Links

For fake profiles or posts, the URL may be more useful than a screenshot alone. Investigators may need the URL to issue preservation requests or coordinate with the platform.

C. Metadata

Where available, metadata may help prove date, time, device, sender, recipient, or file origin. The complainant should avoid editing original files.

D. Chain of Custody

In criminal cases, evidence should be handled carefully. The complainant should keep original files, avoid tampering, and make backup copies.

E. Platform Reports

Reports submitted to Facebook, Google, TikTok, X, Instagram, banks, e-wallets, or telecoms should be saved. Confirmation emails or ticket numbers should be included as evidence.

XI. Special Situations

A. Lost ID Used for Online Loans

This is common. Victims may receive demand letters, text messages, calls, or harassment from online lending applications despite never applying for a loan.

Steps to take:

  1. File a cybercrime complaint.
  2. File an Affidavit of Loss.
  3. Dispute the loan with the lending company.
  4. Request copies of the application, verification documents, phone number used, device information, disbursement account, and transaction logs.
  5. File a complaint with the SEC if the lender is under its jurisdiction.
  6. Preserve collection messages and harassment evidence.
  7. Notify credit bureaus or financial institutions if the fraudulent loan affects credit standing.

B. Lost ID Used for E-Wallet Verification

If the lost ID is used to verify a wallet account, the victim should:

  1. Report immediately to the e-wallet provider.
  2. Request freezing or investigation of the account.
  3. Ask for a ticket number.
  4. Submit the Affidavit of Loss.
  5. File with cybercrime authorities if fraud occurred.
  6. Preserve OTPs, emails, screenshots, and transaction alerts.

C. Lost ID Used for SIM Registration

If a lost ID is suspected to have been used for SIM registration:

  1. Report to the telecom provider.
  2. Ask whether any number is registered using the victim’s identity.
  3. File a complaint if unauthorized registration is discovered.
  4. Preserve suspicious text messages and calls.
  5. File with cybercrime authorities if the SIM was used in scams or account takeovers.

D. Lost ID Used for Fake Social Media Accounts

For impersonation:

  1. Take screenshots of the fake profile.
  2. Copy the profile URL.
  3. Screenshot posts, messages, friend lists, or scam solicitations.
  4. Report the account to the platform.
  5. File a cybercrime complaint if the account is used to defraud, harass, threaten, or misrepresent.
  6. Inform friends, family, employer, or school to prevent further victimization.

E. Lost ID Used for Bank or Credit Card Fraud

The victim should:

  1. Notify the bank immediately.
  2. Request account restriction or replacement cards.
  3. Dispute unauthorized transactions in writing.
  4. Ask for investigation documents.
  5. File a police or cybercrime complaint.
  6. Monitor statements and credit records.
  7. Preserve bank alerts and transaction histories.

F. Lost Company or Employee ID

If an employee ID is lost and used for unauthorized access or impersonation, the employee should notify the employer immediately. If company systems, credentials, email accounts, or access cards are involved, the incident may also be treated as an information security matter.

XII. Remedies Available

Depending on the facts, remedies may include:

  1. Criminal investigation.
  2. Filing of criminal charges.
  3. Takedown or disabling of fake accounts.
  4. Freezing or investigation of fraudulent financial accounts.
  5. Correction of records with banks, lenders, or agencies.
  6. Blocking or replacement of compromised IDs or cards.
  7. Privacy complaint before the National Privacy Commission.
  8. Civil action for damages, where appropriate.
  9. Administrative complaint against negligent institutions.
  10. Coordination with platforms for evidence preservation.

XIII. Important Legal Concepts

A. Identity Theft

Identity theft involves unauthorized acquisition, possession, use, misuse, transfer, or alteration of identifying information belonging to another. In the digital context, this can happen through fake accounts, unauthorized verification, online loans, account takeovers, or digital wallet registrations.

B. Fraud

Fraud involves deceit. If the lost ID is used to convince another person, platform, bank, or institution that the suspect is the ID owner, this may support a fraud complaint.

C. Unauthorized Processing of Personal Information

Under data privacy principles, personal information should be processed fairly, lawfully, and for legitimate purposes. Unauthorized use of lost ID information may violate privacy rights.

D. Electronic Evidence

Digital records may be admissible, but they must be authenticated. Proper preservation, documentation, and presentation are important.

E. Good Faith Reporting

A person who lost an ID should report promptly. Prompt reporting helps show that any later use of the ID was unauthorized.

XIV. Preventive Measures

After filing a complaint, the victim should continue protecting their identity by:

  1. Replacing the lost ID.
  2. Monitoring financial accounts.
  3. Setting alerts for banking and e-wallet transactions.
  4. Using strong passwords.
  5. Enabling multi-factor authentication.
  6. Avoiding sharing ID photos through unsecured channels.
  7. Watermarking ID copies when submitted online.
  8. Limiting the information visible on social media.
  9. Keeping records of where ID copies were submitted.
  10. Reporting suspicious verification attempts immediately.

When submitting ID photos online, it is prudent to place a visible watermark stating the date, recipient, and purpose, such as: “For account verification with [Company] only, [date].” This may discourage reuse.

XV. Common Mistakes to Avoid

  1. Waiting too long before reporting the loss.
  2. Deleting messages or blocking suspects before preserving evidence.
  3. Submitting cropped screenshots that omit usernames, dates, or URLs.
  4. Failing to notify banks and e-wallets.
  5. Assuming a police blotter alone is enough.
  6. Not executing an Affidavit of Loss.
  7. Ignoring OTP messages or verification emails.
  8. Publicly accusing a suspected person without sufficient evidence.
  9. Sending additional personal data to unknown “verification” links.
  10. Failing to follow up with agencies and platforms.

XVI. Relationship Between Police Blotter, Affidavit of Loss, and Cybercrime Complaint

These are related but distinct.

A. Police Blotter

A blotter is an official record that an incident was reported to the police. It does not automatically start a full cybercrime case, but it helps establish the date and circumstances of the incident.

B. Affidavit of Loss

An Affidavit of Loss is a sworn statement that a document or ID was lost. It is commonly required for replacement and for proving that later use was unauthorized.

C. Cybercrime Complaint

A cybercrime complaint is a request for investigation and prosecution of an offense involving computer systems, digital platforms, or electronic data. It requires factual allegations and supporting evidence.

The best practice is to have all three where cyber misuse is suspected.

XVII. Practical Checklist

Before filing, prepare the following:

Item Purpose
Notarized Affidavit of Loss Proves the ID was lost
Complaint-affidavit Main sworn narrative
Valid remaining ID Confirms complainant’s identity
Screenshots Shows fake accounts, messages, transactions
URLs and usernames Helps investigators trace online activity
Bank/e-wallet reports Shows financial misuse
OTPs and login alerts Shows attempted account access
Police blotter Establishes early reporting
Reports to issuing agency Shows official notice of loss
Timeline of events Helps investigators understand the case
Platform ticket numbers Shows reporting to online services
Witness statements Supports facts

XVIII. Possible Outcomes

After filing, the case may proceed in several ways:

  1. The cybercrime unit may evaluate the complaint.
  2. Investigators may request more evidence.
  3. Preservation requests may be sent to platforms or service providers.
  4. The suspect may be identified through account records, phone numbers, IP logs, financial accounts, or communications.
  5. A complaint may be referred for preliminary investigation.
  6. The prosecutor may require counter-affidavits from respondents.
  7. The prosecutor may dismiss the case, require further investigation, or file an information in court.
  8. The victim may separately pursue privacy, administrative, financial, or civil remedies.

Cybercrime investigations can be technical and may depend heavily on platform cooperation, quality of evidence, and timeliness of reporting.

XIX. Legal and Practical Importance of Prompt Reporting

Prompt reporting is important because online evidence can disappear quickly. Fake accounts may be deleted, messages may be unsent, logs may expire, SIMs may be discarded, and fraudulent accounts may be emptied.

Early reporting helps:

  1. Establish the timeline.
  2. Preserve evidence.
  3. Reduce financial loss.
  4. Prevent further identity misuse.
  5. Support disputes with banks and lenders.
  6. Protect the victim from liability for unauthorized transactions.
  7. Assist law enforcement in tracing the offender.

XX. Conclusion

In the Philippines, a lost personal identification document should be treated seriously, especially when there is any sign of online misuse. The proper response is both preventive and legal: execute an Affidavit of Loss, notify the issuing agency, secure digital and financial accounts, preserve evidence, and file a cybercrime complaint with the appropriate authorities when identity theft, online fraud, unauthorized verification, account takeover, or digital impersonation is suspected.

The strongest complaint is one that is timely, organized, factual, and supported by evidence. A lost ID may begin as a simple administrative problem, but when used through digital platforms, financial apps, telecom services, or social media, it may become a cybercrime requiring immediate legal action.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login