Understanding Massachusetts Identity Theft and Fraud Laws

An in-depth guide to Massachusetts identity theft and fraud rules, penalties, and victim protections.

By Medha deb
Created on

Identity theft is more than an inconvenience; it is a crime that can damage credit, reputation, and financial stability. Massachusetts has enacted specific identity fraud statutes and consumer protection rules to address this growing problem and to give victims meaningful tools to respond.

This article explains how identity theft is treated under Massachusetts law, what conduct is considered criminal identity fraud, the penalties that can apply, what businesses must do after a data breach, and the practical steps residents can take to protect themselves and recover if their information is misused.

What Counts as Identity Theft in Massachusetts?

Under Massachusetts General Laws chapter 266, section 37E, the Commonwealth focuses on identity fraud—the deceptive use or acquisition of another person’s identifying information with an intent to defraud.

Identity theft typically involves the misuse of pieces of personal data, such as a Social Security number or bank account information, to impersonate someone or access resources without authorization.

Personal Identifying Information

The statute covers a wide range of data that can be used to identify or impersonate a person.

  • Full name and date of birth
  • Social Security number
  • Driver’s license or state ID number
  • Credit card and bank account numbers
  • PINs, passwords, or other authentication information
  • Any number or code that can serve as evidence of a person’s identity

Using or obtaining these details without permission can lead to criminal liability if done with an intent to defraud or harass another person.

Two Main Forms of Identity Fraud

Form of Identity Fraud Core Conduct Typical Examples
Posing as another person Impersonating someone, without their authorization, and using their identifying information to obtain value or to harass. Opening a credit card in someone else’s name; using another person’s ID to get utilities or mobile service.
Acquiring information to enable impersonation Obtaining someone’s personal identifying information, or helping another person obtain it, with intent to pose as that person. Collecting bank account details to let an accomplice transfer funds; stealing a wallet to use the documents for future fraud.
Read More

The Legal Journey of Same-Sex Marriage in the United States >

The Legal Journey of Same-Sex Marriage in the United States

In both categories, the law requires intent to defraud, meaning a deliberate plan to obtain money, goods, services, or another benefit—or to harass—through deceptive use of another person’s identity.

Key Elements Required for a Criminal Identity Fraud Charge

To secure a conviction under MGL c.266 §37E, prosecutors must prove several specific elements beyond a reasonable doubt.

  • Intent to defraud or harass – The defendant must have acted with a purpose to deceive in order to gain something of value or to harass another person.
  • Lack of authorization – The person whose identity is used or whose information is obtained did not consent to that use.
  • Use or acquisition of personal identifying information – The defendant either used someone’s data to pose as that person, or obtained the data intending to do so or to help someone else do so.
  • Attempt or successful acquisition of value – The statute covers both successful fraud and attempts to obtain money, credit, goods, services, anything of value, identification documents, or other evidence of identity.

Even if a bank stops the transaction or a credit card application is denied, the attempt itself can satisfy the statute’s requirements when intent and unauthorized use of identity are proven.

Criminal Penalties for Identity Fraud in Massachusetts

Identity fraud under MGL c.266 §37E is generally punishable by a combination of fines and incarceration in a house of correction.

  • Maximum fine: up to $5,000 for each offense.
  • Maximum incarceration: up to two and one-half years in a house of correction (a county-level facility).
  • Both fine and imprisonment: courts may impose both penalties at the same time.

Identity fraud can also intersect with other theft and property crime provisions. When the defendant obtains substantial value, the underlying conduct may be treated alongside larceny statutes, especially where the amount exceeds thresholds for more serious theft offenses.

Additionally, Massachusetts law allows for restitution, which means courts can order offenders to repay financial losses resulting from their conduct.

Data Breaches and Business Responsibilities

Identity theft does not only occur through individual scams; large-scale breaches of consumer data are a major concern. Massachusetts has separate laws that govern how organizations must react when personal information is exposed.

Who Must Comply?

The state’s data breach rules apply to businesses and other entities that own or license personal information concerning Massachusetts residents.

  • Retailers and online merchants handling payment card data
  • Banks, credit unions, and other financial institutions
  • Health care providers and insurers (when state identity rules overlap with federal privacy law)
  • Schools and universities that retain student records
  • Any company that maintains digital or paper files with identifying information

Notification Obligations After a Breach

When an organization knows or has reason to know that a “breach of security” has occurred, and personal data has been compromised, several duties are triggered.

  • Notify the affected Massachusetts residents without unreasonable delay.
  • Report the breach to the Office of Consumer Affairs and Business Regulation.
  • Report the breach to the Massachusetts Attorney General.

These reports help regulators monitor trends in identity theft, enforce data security standards, and ensure consumers are informed so they can take protective steps such as credit freezes and fraud alerts.

Rights and Remedies for Identity Theft Victims

Massachusetts gives victims several important rights and tools to address identity theft, both through state law and overlapping federal protections.

Working with Law Enforcement

Victims should promptly make a report to local police and obtain a copy for their records.

  • Police departments are required to take an identity theft report under Massachusetts law related to consumer protection and data breaches.
  • A written police report is often necessary to dispute fraudulent accounts and to support requests for credit freezes and fraud alerts.

Using Credit Reports to Detect and Correct Fraud

Credit reports are a central tool for spotting and repairing damage caused by identity theft.

  • Residents are entitled to at least one free credit report per year from each of the three major credit bureaus.
  • Victims should obtain reports immediately, review all accounts and inquiries, and dispute any unauthorized lines of credit or transactions.
  • Formal disputes must generally be made in writing; the credit bureau then has a limited period (often around 30 days) to investigate and correct errors when appropriate.

Credit Freezes and Fraud Alerts

Credit freezes and fraud alerts are powerful protective tools available at no charge under federal and state law.

  • Credit freeze
    • Restricts new creditors from accessing your credit report, making it difficult for thieves to open new accounts.
    • Can be temporarily lifted if you need to apply for legitimate credit.
    • Must be requested from each of the three major credit bureaus (Equifax, Experian, TransUnion).
  • Fraud alert
    • Requires creditors to take additional steps to verify identity before opening new credit.
    • When one bureau places an alert, federal rules require the others to follow suit.
    • Initial alerts last for a limited period; extended alerts may be available for documented victims.

Documenting Communications and Losses

Thorough documentation helps victims navigate the recovery process more efficiently.

  • Keep originals of police reports, correspondence, and billing statements; send copies when necessary to creditors and agencies.
  • Record the names of individuals you speak with, dates of conversations, and summaries of what was discussed.
  • Organize disputed charges and accounts in a simple list so you can track which items have been resolved.

Preventing Identity Theft: Practical Steps for Residents

Although no method can guarantee absolute protection, Massachusetts authorities recommend several practical measures to reduce the risk of identity theft.

Managing Personal Information

  • Carry only the cards and identification you need on a daily basis; leave Social Security cards and rarely used credit cards at home.
  • Limit how often you share your Social Security number and other sensitive identifiers; ask why they are needed and whether alternatives exist.
  • Consider using a randomly assigned state identification number instead of your Social Security number on certain documents when permitted.

Strengthening Passwords and Digital Security

  • Create strong passwords using combinations of letters, numbers, and symbols, or long passphrases composed of unrelated words.
  • Avoid using easily guessed information such as birthdays, phone numbers, or the last four digits of a Social Security number.
  • Enable multi-factor authentication (where available) for banking, email, and financial accounts.

Protecting Mail and Physical Documents

  • Shred documents containing personal information before discarding them, including pre-approved credit offers and bank statements.
  • Ask the U.S. Postal Service to hold your mail while you are away, or have a trusted person collect it.
  • Store important documents like birth certificates and passports in a secure place.

Staying Vigilant Online and by Phone

  • Do not reply to unsolicited emails requesting personal information, and do not click on suspicious links or download unknown attachments.
  • Verify callers claiming to be from banks or government agencies by hanging up and calling back using official numbers.
  • Use secure, encrypted websites when submitting financial or personal data and avoid public Wi‑Fi for sensitive transactions.

Quick Reference Checklist for Victims

If you suspect identity theft, acting quickly can limit financial damage and improve your chances of successful recovery.[10]

  • Contact your bank and credit card issuers to close or freeze compromised accounts.
  • Obtain credit reports from all three major bureaus and review them carefully for unfamiliar accounts and inquiries.
  • Place a fraud alert and consider a credit freeze if new-account fraud is likely.
  • File a police report and keep a copy with your records.
  • Report the incident to appropriate state and federal agencies, such as the Federal Trade Commission and the Massachusetts Attorney General.
  • Maintain organized documentation of all steps taken and all communications with creditors and agencies.

Frequently Asked Questions

Is identity theft treated as a felony or a misdemeanor in Massachusetts?

Identity fraud under MGL c.266 §37E is punishable by up to two and one-half years in a house of correction and a fine of up to $5,000. Whether the overall conduct is treated as a misdemeanor or elevated in seriousness can depend on the value obtained and related larceny provisions that may apply.

Does an attempt count if the thief fails to obtain money or credit?

Yes. The statute explicitly covers attempts to obtain money, credit, goods, services, anything of value, or identification documents. A failed application or blocked transaction can still support an identity fraud charge if other elements—intent, unauthorized use, and identifying information—are proven.

What should I do first if I notice a fraudulent account?

Immediate steps typically include contacting the creditor to close or freeze the account, ordering your credit reports, placing at least a fraud alert (and often a credit freeze), and filing a police report. Acting quickly limits additional misuse and strengthens your position when disputing charges.

Are businesses required to tell me if my data was part of a breach?

Massachusetts law requires organizations that own or license residents’ personal information to notify affected individuals when they know or have reason to know of a breach of security. They must also report such breaches to state regulators, including the Office of Consumer Affairs and Business Regulation and the Attorney General.

Can I get help if I cannot afford legal advice?

Residents who need assistance with identity theft, credit disputes, or related consumer issues may be able to obtain guidance from legal aid organizations and consumer protection agencies in Massachusetts.[10] These groups often provide free or low-cost resources, especially for low- and moderate-income consumers.

References

  1. Massachusetts law about identity theft — Commonwealth of Massachusetts, Trial Court Law Libraries. 2024-01-01. https://www.mass.gov/info-details/massachusetts-law-about-identity-theft
  2. Section 37E, Chapter 266, Massachusetts General Laws — Massachusetts General Court. 2023-01-01. https://malegislature.gov/Laws/GeneralLaws/PartIV/TitleI/Chapter266/Section37E
  3. Identity Theft — Office of Consumer Affairs and Business Regulation, Mass.gov. 2023-06-15. https://www.mass.gov/info-details/identity-theft
  4. The Commonwealth of Massachusetts Identity Theft Guide — Office of the Attorney General (Safety Bulletin PDF). 2018-01-01. https://falmouthpolice.com/wp-content/uploads/FPD-safety-bulletin-attorney-healey-id-theft-guide.pdf
  5. Protect Yourself from Identity Theft — Securities Division, Office of the Secretary of the Commonwealth of Massachusetts. 2022-09-01. https://www.sec.state.ma.us/divisions/securities/links-and-resources/education/identity-theft.htm
  6. Common questions about identity theft, identity fraud, and other financial scams — MassLegalHelp. 2021-05-01. https://www.masslegalhelp.org/money-debt/identity-theft/common-questions-about-identity-theft-identity-fraud-and-other-financial-scams
Medha Deb is an editor with a master's degree in Applied Linguistics from the University of Hyderabad. She believes that her qualification has helped her develop a deep understanding of language and its application in various contexts.

Read full bio of medha deb