Friday, February 25, 2005

ChoicePoint Data Theft Fallout Spreads to 145,000

internetnews.com
ChoicePoint Data Theft Fallout Spreads to 145,000
By Tim Gray

Responding to pressure amid a growing PR mess after the breach of sensitive consumer data, credit-check company ChoicePoint (Quote, Chart) is notifying 145,000 people to be on the guard for identity theft.

The latest notices come after the company recently disclosed that an ID theft ring gained access to the company's vital credit information. Law enforcement officials have discovered some 750 people who have been victims of identity theft as a result of the operation, ChoicePoint said.

Chuck Jones, a spokesman for the Georgia-based data aggregating firm, said the company already alerted 35,000 Californians whose information, including credit reports, addresses and social security numbers, were compromised after the crime ring duped company officers into handing over valuable information. Now it is expanding its notices to another 110,000 Americans, bringing to 145,000 the number of citizens whose data may be at risk of being abused by identity thieves.

The con men posed as businessmen looking to do background checks on its own customers. The company is now in the process of notifying the remaining individuals.

"Anyone who does not receive a notice can be reasonably assured they have not been impacted by this fraud," Jones told internetnews.com.

ChoicePoint is a service used by landlords and merchants to conduct background checks on potential tenants and customers. It also has several law enforcement and government agencies as clients.

"There is a certain irony there," said Beth Givens, director of the Privacy Rights Clearinghouse, a nonprofit consumer advocacy group. "They're not doing the thing they claim their service enables their customers to do," such as conduct background checks.

The information about the data theft came to light after ChoicePoint recently notified 35,000 residents of California that their information was compromised, in accordance with state law.

However, a chorus of attorneys general leaned on ChoicePoint to alert consumers in other states whose information may have been obtained by the thieves.

Illinois Attorney General Lisa Madigan, along with 18 other state attorneys general, contacted the company and urged it to expand its notification plans.

"Identity theft threatens a consumer's financial health, credit rating and peace of mind," Madigan said in a statement. "I will work to help make sure that ChoicePoint does the right thing by informing Illinoisans of any financial or identity theft risks they may face."

Bruce Schneier, founder and chief technology officer for Counterpane Internet Security, said it was important for ChoicePoint to immediately come clean with everyone involved.

"My advice to ChoicePoint is simple: you realize that the people whose data has been stolen are not your customers, and it's smart business not to care in the least about their problem. But by not treating this as an opportunity for good public relations, you're inviting Congress to regulate you. And you're not going to like that."

The scam began last fall when the con men posed as businessmen looking to join the ChoicePoint service. They allegedly opened about 50 fraudulent accounts.

The offline data theft case comes amid a dramatic growth in identity theft cases overall, but especially online. According to Gartner (Quote, Chart), 9.4 million online U.S. adults were victimized by identity theft between April 2003 and April 2004. The losses amounted to $11.7 billion.

Security experts said there are many ways consumers and businesses can protect themselves from this type of "social engineering" scheme without passing new laws or legislation, starting with more vigilance and common sense about protecting vital information.

"We may need to look at the way we interact with other people and exactly who has access to our data," said former U.S. cyber-security czar Howard Schmidt, who is now president and CEO of R&H Security Consulting in Washington state. Schmidt said society's awareness of the importance of information, especially personal information, is growing. "Knowledge is the most important tool," he added.

The ring leader of the operation, Olatunji Oluwatosin, 41, was sentenced in Los Angeles County Court to 16 months in federal prison on Thursday, according to several published reports.

In a statement, ChoicePoint said it has "acted quickly to address the circumstances that led to the unauthorized access. We are continually updating our processes and procedures to ensure the integrity of our systems and the information they contain."

originally published February 18, 2005