Close Sign Up Share Page Print Take Poll Provide Feedback

Sign Up

Share Page



Ohio State Victim Resources:

Attorney General
Phone: (800) 282-0515
Local (614) 466-4986

Ohio Department of Public Safety

Information for victims of Identity Theft

Free Legal Self Help Forms Online

Agencies that offer assitance to IDT victims:

Community Legal Aid Services, Inc.                                                                 
Program Phone: (330) 535-4191   
Legal Assistance: (866) 584-2350

Legal Aid of Western Ohio, Inc.
Program Phone: (419) 724-0030   
Legal Assistance: (877) 894-4599

Legal Aid Society of Greater Cincinnati                                                            
Program Phone: (513) 241-9400   
Legal Assistance: (800) 582-2682

Ohio State Legal Services                                                                          
Program Phone: (614) 221-7201   
Legal Assistance: (800) 589-5888

The Legal Aid Society of Cleveland                                                                 
Program Phone: 216-687-1900     
Legal Assistance: 216-687-1900

Security Freeze Law:

State law allows all Ohio consumers to place security freezes on their consumer credit reports to prevent identity thieves from opening new accounts in their names.

Such a freeze enables the consumer to prevent anyone from looking at his/her credit file for the purpose of granting credit unless the consumer chooses to allow a particular business look at the information. To request a freeze, a consumer must request one in writing by certified mail or other comparable service or by any secured electronic method authorized by the consumer credit reporting agency.

The reporting agency must place the freeze within three business days after receiving the written request, and within five business days of placing the freeze must send a written confirmation of the freeze and provide the consumer with a unique personal identification number or password to be used by the consumer when providing authorization for the release of his credit for a specific party or period of time. Requests for a temporary unlocking of the freeze must be completed within three business days. If the request for temporary unlocking of the freezes is made by telephone or other electronic means, the unlocking must be done with 15 minutes, if the request is received during normal business hours.

A consumer reporting agency may charge up to $5 to place, remove, or temporarily suspend a security freeze. Victims of identity theft may not be charged any fees in connection with the placing, removing, or temporary lifting of a security freeze.

Mandatory Police Report Law for Identity Theft Victims

No State law at this time.

Identity Theft Passport Law

Identity Theft Verification Passport: Victims can apply for an identity theft passport, which can be presented to law enforcement to help prevent arrest or detention for an offense committed by another person or to creditors, to prove that their identity has been stolen. Victims can receive a passport card after filing a police report and the law enforcement agency verifies the report.

The application can only be filed by law enforcement officials through the Ohio Law

Enforcement Gateway, a secure Web site used by law enforcement agencies to share information. The agency submits the application and police report to the attorney general's office, which verifies the information and issues an identification number to the victim. The number is placed on the card, which the victim must activate. The program uses several security features, such as a picture, fingerprint, and signature. If a member of law enforcement stops someone claiming to be an identity-theft victim, the officer can check whether the picture, fingerprint, and signature match those in the database. Creditors can also verify the validity of the passport by calling (877) VERIFY-IT.
Statute: §109.94:

Identity Theft Laws:

State law prohibits any person, without the consent of the other person, from using, obtaining, or possessing any personal identifying information with the intent to either hold the person out to be the other person or represent the other person's identifying information as the person's own personal identifying information. In addition, it is unlawful to create, obtain, possess, or use the personal identifying information of any person with the intent to commit identity theft crimes. It is illegal to permit another person to use his/her own personal identifying information with the intent to defraud. It is not a defense to a charge that the person whose personal identifying information was obtained, possessed, used, created, or permitted to be used was deceased at the time of the offense.

"Personal identifying information" includes, but is not limited to, the following: the name, address, telephone number, driver's license, driver's license number, state identification card, state identification card number, Social Security card, Social Security number, birth certificate, place of employment, employee identification number, mother's maiden name, bank account number, other financial account number, personal identification number, password, or credit card number of a living or dead individual.

Identity theft penalties vary and are tied to the resulting loss involved. Penalties are increased for identity theft crimes against people 65 or older and against the disabled. When there are multiple thefts, the aggregate of the amount of the theft determines the grade of the offense.
Statute: §2913.49:

Other Related Laws:

Payment Cards

A person is guilty of misuse of credit cards if he practices deception for the purpose of procuring the issuance of a credit card, when a credit card is issued in actual reliance on the information provided; or knowingly buys or sells a credit card from or to a person other than the issuer. Violations are a first degree misdemeanor.

It is unlawful for a person, with the purpose to defraud, obtains property or services by the use of a credit card, in one or more transactions, knowing or having reasonable cause to believe that the card has expired or been revoked, or was obtained, retained, or being used in violation of law. If the cumulative retail value of the property and services involved in a 90-day period is $500 or less, it is a misdemeanor in the first degree. If the value is $500 to $5000, it is a fifth degree felony; between $5000 and $100,000 is a fourth degree felony; and if over $100,000, it is a third degree felony. Penalties are increased by one level if the victim is disabled or an elderly person.
Statute: §2913.21:

Theft of a credit card is a fifth degree felony, regardless of the value of the property stolen.
Statute: §2913.71:

Security Breach

State law requires state and local government agencies and businesses operating in the state that own or license personal information concerning an Ohio resident to notify the resident when there has been a breach of the security of the system, putting them at risk of identity theft. A security breach is defined as "the unauthorized access to and acquisition of computerized data that compromises the security or confidentiality of personal information owned or licensed by a person and that causes, reasonably is believed to have caused, or reasonably is believed will cause a material risk of identity theft or other fraud to the person or property of a resident of this state."

Personal information means an individual's name, consisting of the first name or first initial and last name, in combination with and linked to any one or more of the following data elements, when the data elements are not encrypted, redacted, or altered by any method or technology in such a manner that the data elements are unreadable: Social security number; driver's license number or state identification card number; or account number or credit or debit card number, in combination with and linked to any required security code, access code, or password that would permit access to an individual's financial account. Publicly available information is not included.

Notification must be made in the most expedient time possible, but no later than 45 days following discovery of the breach of the security of the system, subject to the legitimate needs of law enforcement and consistent with any measures necessary to determine the scope of the breach, including which residents' personal information was accessed and acquired, and to restore the reasonable integrity of the data system.

Notification can be provided to the affected persons by mail, e-mail, or telephone. If the cost of providing regular notice would exceed $250,000, the amount of people to be notified exceeds 500,000, or the data collector does not have sufficient contact information, substitute notice may be provided. When substitute notice is used, it must consist of all of the following, as applicable: e-mail notice, conspicuous posting on the business's or agency's web site, and notification to major statewide media. If the business or government agency demonstrates that it has ten or fewer employees and that the cost of providing the disclosures or notice will exceed $10,000, it may provide substitute notice, including: notification by paid advertisement in a local newspaper that is distributed in the area in which the business or agency is located; conspicuous posting on the business's or agency's web site; and notification to major media outlets in the geographic area in which the business or agency is located.
Statute: §1349.19:
Statute: §1347.12:

Social Security Number Protection

State law prohibits any public records from being posted on the Internet or otherwise made available to the general public if they contain an individual's Social Security number (SSN), unless the SSN is redacted, encrypted, or truncated. If a document that is already posted or available to the general public contains a person's Social Security number, the person responsible for an office's public records must redact, encrypt, or truncate the SSN from the document. A person whose SSN is available online may request that it be redacted. The public agency responsible for the record must redact the information within five business days.
Statute: §149.45:


Information gathered from sources including Identity Theft Resource Center and Identity Crime in partnership with International Association of Chiefs of Police and Bank of America.