In 2005, the Legislature passed the ConnPIRG-backed Identity Theft Prevention law allowing consumers to place a "Security Freeze" on their credit files. This prevents credit bureaus from releasing your credit report to new creditors unless you first give the bureau a secret password to verify your identity. The result? An identity thief who steals your identity is prevented from also stealing your good credit.

Click here for information from Attorney General Blumenthal about how to apply a Security Freeze and tips for preventing identity theft.

Credit bureaus collect information about consumers. This information includes everything from bank account information to tax liens and credit card account information. Credit files on individual consumers are sold to creditors, employers, insurers and others who want information regarding an individual's financial status. Usually, consumers don't know who is purchasing their credit information or when they are purchasing it.

Identity thieves exploit the fact that businesses with a "permissible purpose" can purchase a consumer's credit report for the purpose of issuing credit. Therefore, ID Thieves are able to open credit accounts using their victim's information and the victim is unaware of the crime until weeks and even months have passed. A 2003 survey by the FTC showed that over 27 million Americans fell victim to identity theft in the previous 5 years. (9.9 million in 2002 alone.) FTC estimated the financial impact of ID Theft, for 2002 alone, to be $48 billion in costs to businesses and another $5 billion in out-of-pocket expenses to consumers.

In 2005, ChoicePoint revealed that their massive database of consumer information had been compromised, revealing sensitive information to an ID Thief about hundreds of thousands of people nationwide. This included over 5,000 Connecticut residents. ChoicePoint was only required to reveal this information because California has a law requiring businesses to notify consumers when their security has been breached and the consumer's information has been compromised. Without such a requirement, consumers can remain unaware of such breaches until after long after the fact. Connecticut does not have a law requiring notification to consumers of security breaches.

Connecticut has adopted a number of ConnPIRG-supported laws addressing the problem of identity theft. A 2003 law provided greater protections and assistance to victims, and placed some restrictions on how businesses use and handle consumer's social security numbers. The 2003 law also increased penalties for ID theft. In 2005, ConnPIRG worked with Attorney General Blumenthal and legislators to enact identity theft prevention legislation by allowing consumers to place a security freeze on their credit files to stop identity thieves in their tracks. The law also requires businesses to notify consumers when their systems are breached and the consumers' personal information may have been revealed to identity thieves.