According to law enforcement officials, identity thieves have been using the Colorado Secretary of State’s (the “Secretary”) website to engage in business identity theft. By accessing the Secretary’s website, identity thieves are able to obtain public information about Colorado registered entities, and then for a nominal fee are able to change the registered agent of a registered entity to themselves. Once the identity thieves have implemented the change, they will use the registered entity’s name to apply for fraudulent lines of business credit for their own personal use. By some accounts, this scheme has affected at least twenty-five Colorado registered entities and allowed identity thieves to steal over $750,000.
Identity thieves are able to engage in this crime due to the lack of procedural safeguards to check the authenticity of forms implementing changes to the records of registered entities as they come into the Office of the Secretary. Oftentimes, a registered entity will not even know that a change has been made to its entity records upon the submission of a form to the Office of the Secretary.
An entity registered in Colorado can combat these identity attacks by listing an email address for the registered entity with the Office of the Secretary. Thereafter, an email notification will be sent to the listed email address upon any change to the records of the registered entity, thereby alerting it of any unwarranted changes. However, the option to list an email address for a registered entity is only a recent development and remains completely voluntary. As a result, a majority of Colorado’s registered entities do not have an email address listed and may not be notified of identity theft attacks.
Therefore, an entity registered in Colorado should consider subscribing for email notifications from the Office of the Secretary to try to protect the entity against identity theft. A registered entity can subscribe to email notifications by visiting the Secretary’s website. Additional information and resources about identity theft and protecting registered entities against identity theft attacks can also be found here.