Close Sign Up Share Page Print Take Poll Provide Feedback

Sign Up

Share Page



Maine State Victim Resources:

Security Freeze Law:

State law allows all consumers to place security freezes on their consumer credit reports to prevent identity thieves from opening new accounts in their names. Such a freeze enables the consumer to prevent anyone from looking at his/her credit file for the purpose of granting credit unless the consumer chooses to allow a particular business look at the information. To request a freeze, a consumer must request one in writing by certified mail to the credit reporting agencies.

The agency may charge up to $10 to place, lift, or temporarily lift a security freeze. In addition, it may charge $12 to lift the freeze for one particular creditor. However, the credit reporting agency may not charge identity theft victims who provide a police report. The reporting agency must place the freeze within five business days after receiving the request, and within ten business days must send a written confirmation of the freeze and provide the consumer with a unique personal identification number or password to be used by the consumer when providing authorization for the release of his credit for a specific party or period of time.

Requests for a temporary unlocking of the freeze must be completed within three business days.
Statute: 10§1313-C.

How to Place a Security Freeze:

Mandatory Police Report Law for Identity Theft Victims:

A person who knows or reasonably believes that the person’s personal information has been misused may report the misuse and obtain a police report by contacting the local law enforcement agency that has jurisdiction over the person’s actual residence or place of business. That law enforcement agency must make a police report of the matter and provide the complainant with a copy of that report. At its discretion, the law enforcement agency may undertake an investigation of the matter or refer it to another law enforcement agency. If the suspected crime was committed in a jurisdiction outside of the state, the local law enforcement agency must refer the report to the law enforcement agency where the suspected crime was committed. Statute: 10§1350-B:

Identity Theft Passport Law:

No State law at this time.

Identity Theft Laws:

A person is guilty of misuse of identification if, in order to obtain confidential information, property or services, the person intentionally or knowingly:

  • Presents or uses a credit or debit card that is stolen, forged, canceled, or obtained as a result of fraud or deception.
  • Presents or uses an account, credit or billing number that that person is not authorized to use or that was obtained as a result of fraud or deception.
  • Presents or uses a form of legal identification that that person is not authorized to use. “Legal identification” includes a Social Security card, Social Security number, birth certificate, driver’s license, government-issued identification card, oral statement of full name and date of birth, or any other means of identifying a person that is generally accepted as accurate and reliable. Misuse of identification is a Class D crime, punishable by up to a year in jail and/or a $2000 fine.

Statute: 17A§905-A:

Other Related Laws:

Scanning Device:

It is illegal to use a scanning device or a re-encoder without the permission of the authorized payment card user whose card information is scanned or re-encoded and with the intent to defraud or deceive the authorized payment card user, the issuer of the authorized payment card user’s payment card or another person. A re-encoder is an electronic device that places encoded information from the computer chip or magnetic strip or stripe of a payment card onto the computer chip or magnetic strip or stripe of another payment card or any electronic medium that allows an authorized transaction to occur. A scanning device means a scanner, reader or any other electronic device that is used to access, read, scan, obtain, memorize or store, temporarily or permanently, information encoded on the computer chip or magnetic strip or stripe of a payment card. Misuse of a scanning device or re-encoder is a Class D crime.
Statute: 17A§905-B:

Credit Block:

If a security freeze is in place, a consumer reporting agency must expunge any information in the file of a consumer that resulted from identity theft.
Statute: 10§1313-D.

Security Breaches:

State law requires state government agencies, businesses operating in the state, and private and public universities that collect and maintain computerized records containing consumers’ personal information to notify consumers when their personal information is compromised during a security breach, putting them at risk of identity theft. A security breach is defined as the “unauthorized acquisition of an individual’s computerized data that compromises the security, confidentiality, or integrity of personal information maintained by a person.”

Personal information includes a individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not redacted or encrypted: Social Security number; driver’s license number or state identification card number; account number or credit or debit card number if circumstances exist wherein such a number could be used without additional identifying information, access codes, or passwords; account passwords or personal identification numbers or other access codes; or any of the data elements when not in connection with the individual’s name if the information if compromised would be sufficient to permit a person to fraudulently assume or attempt to assume the identity of the person whose information was compromised. Publicly available information is not included.

Entities must conduct reasonable and prompt investigation to determine the likelihood that personal information has been or will be misused. It must give notice of a breach following discovery or notification to any resident whose personal information has been, or is reasonably believed to have been, acquired by an unauthorized person. Disclosure must be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement and with any measures necessary to determine the scope of the breach and to restore the reasonable integrity, security, and confidentiality of the data in the system.

Notification can be provided to the affected persons by mail or e-mail. If the cost of providing regular notice would exceed $5,000, the amount of people to be notified exceeds 1,000, or the person does not have sufficient contact information, substitute notice may be provided. When substitute notice is used, it should consist of the following, as applicable: e-mail notice, conspicuous posting on the person’s publicly accessible web site, and notification to major statewide media. If notice is provided to more than 1000 residents, the consumer reporting agencies and appropriate state regulators must also be notified.
Statute: 10§1348:


Information gathered from sources including Identity Theft Resource Center and Identity Crime in partnership with International Association of Chiefs of Police and Bank of America.