Colorado has one of the most accessible and cost-effective business filing systems in the United States. Most filings can be completed online, often with same-day confirmation, and filing fees remain comparatively modest. Despite these advantages, business owners forming or maintaining entities in Colorado should be aware of a significant and growing risk: entity hijacking.

By default, the Colorado Secretary of State (SOS) business filing system makes new entity records publicly accessible. While this accessibility allows attorneys, accountants, and other authorized agents to efficiently manage filings on behalf of a business, it also creates opportunities for bad actors to submit unauthorized filings affecting the entity. Fraudulent filings may include changes to the entity name, registered agent, or principal office information, or even enabling password protection on the record to lock the legitimate owner out of the account.

Bad actors may target vulnerable business records to exploit an entity’s established credit history or to interfere with the legitimate owner’s operations. Potential consequences include credit fraud, reputational damage, missed service of process resulting from unauthorized registered agent changes, and loss of good standing with the state.

In response to an increase in fraudulent filings, Colorado has recently implemented a more robust enforcement and remediation framework. Under this process, the legitimate owner of a hijacked entity may file a complaint with the Colorado SOS and, if the business record remains accessible, submit a Statement of Correction to amend inaccurate information. The SOS will review the complaint to determine whether it involves an actionable filing violation, rather than an internal business dispute. If the complaint meets the applicable criteria, the matter may then be referred to the Colorado Attorney General’s Office for further investigation.

Business owners should also report suspected entity hijacking to the Colorado Bureau of Investigation’s Identity Theft Unit, which may conduct a concurrent investigation. In addition, affected businesses should promptly notify financial institutions, review business credit reports for suspicious activity, and take appropriate remedial measures to mitigate potential fraud.

To help prevent unauthorized filings, business owners may enroll in Colorado’s Secure Business Filing program, which password protects the entity record. Once enabled, only individuals specifically granted access through authorized email accounts may access and manage the record. Newly formed entities may enroll through an email verification process, while existing entities must complete a two-step verification process involving a mailed PIN before Secure Business Filing can be activated.

Business owners should also consider regularly monitoring their business records for unauthorized changes or suspicious activity as part of their ongoing corporate governance and fraud prevention practices.