Guest Column by Mike DeWine, Ohio Attorney General

A Southwest Ohio consumer who tried to move her Cincinnati Bell account received a rude surprise: It was blocked because five iPhones had been bought in her name without her knowledge and the bill for the $2,300 purchase had yet to be paid.

A consumer in Canfield, Ohio was shocked to learn that a woman in Georgia cashed a $5,000 check for a loan that a payday lender had issued in his name.

When Target asked a Columbus consumer about a line of credit he supposedly opened, he checked his credit report and discovered several other credit cards he never applied for had been issued in his name.

After these three consumers contacted our office, we were able to resolve their cases and collectively save them more than $13,000. But their stories, and others like them, give a glimpse into why our volume of identity theft complaints more than doubled from 2013 to 2014, and why identity theft joined our list of top ten consumer complaints for the first time last year.

In 2012, I created a consumer Identity Theft Unit to help victims rectify the effects of identity theft. Since then we’ve received more than 3,300 complaints and helped adjust or clear about $900,000 from consumers’ accounts.

While identity theft is often a random crime of opportunity, breaches in both commercial and government data bases have emerged as new and significant dangers. Data breaches don’t always result in identity theft, but they do put individuals at greater risk.

Since 2005, nearly 5,000 data breaches have compromised more than 815 million records containing consumers’ sensitive financial information. If a Social Security number is involved, a full-blown identity theft can cost a consumer an average of $5,100.

States have largely taken the lead in responding to data breaches and identity theft. They’ve helped consumers deal with the repercussions of data breaches and investigated the causes. Forty-seven states have enacted laws requiring data collectors to notify consumers when a data breach has compromised their personal information.

Congress has contemplated passing a national law on data breach notification and data security. However, state laws already in place to protect consumers from data breaches and identity theft should not be limited or preempted by federal legislation.

That’s why earlier this month I signed a letter with 46 other attorneys general asking Congress to maintain states’ authority to enforce data breach and security laws. Our letter urged Congress to preserve existing breach notification requirements under state law and not to hinder states that are helping their residents by preempting state data breach and security laws.

We want to keep the flexibility we need to effectively assist consumers who contact us from Cincinnati, Canfield, Columbus, and every other corner of the state.

For help with situations involving a data breach, identity theft, or other consumer problems, contact my office at 800-282-0515 or www.OhioAttorneyGeneral.gov.