Dozens of businesses in Colorado, and probably thousands more nationally, are victims of a new and easy form of identity theft where corporate data is hijacked and millions of dollars in phony credit purchases are made. All it takes is an Internet connection and, in some cases, as little as a $10 fee to alter the name of a corporate officer or the address of a company’s registered agent on public records. Once that is done, thieves acquire corporate credit in multiples much higher than the average consumer can get. And most companies might never know it is happening until it is too late and credit ratings have been trashed. The nation’s secretary of state offices — the agencies that usually register corporations and maintain public databases on them — have few protections to stop the Internet-based theft. In Colorado, for example, anyone can access the online databases and make changes since there is no password protection. “We’re just now getting a handle on the problem,” said a spokeswoman for the National Association of Secretaries of State. Such inaction has business owners fuming and, in turn, scratching their heads. Thieves are also relying on Dunn & Bradstreet — the business equivalent of a consumer credit reporting bureau — as unwitting accomplices. The company provides credit ratings on businesses and corroborates any reported changes through secretary of state offices — where the fraud occurs in the first place. Police investigators have so far identified 48 Colorado businesses — many of them easily recognized — affected by the crime and expect to find dozens more.