ChoicePoint has confirmed in a written statement that criminals pretending to be legitimate companies stole credit reports, Social Security Numbers, driver’s license numbers and other personal information of consumers across the United States, but the company said criminals did not breach or hack into the company’s network. A Nigerian citizen last week pleaded no contest in California state court and was sentenced to 16 months in prison in connection with the incident.
At its Web site ChoicePoint indicated it has distributed notification to 144,778 consumers. It also reported it is taking steps to avoid being duped in the future, including rescreening more than 17,000 customers to make sure they are legitimate businesses.
“These criminals were able to pass our customer authentication due diligence processes by using stolen identities to create and produce the documents needed to appear legitimate,” ChoicePoint said in a written statement on its Web site. “As small business customers of ChoicePoint, these fraudsters accessed products that contained basic telephone directory-type data (name and address information) as well as a combination of Social Security numbers and/or driver’s license numbers and, at times, abbreviated credit reports. They were also able to obtain other public record information including, but not limited to bankruptcies, liens, and judgments; professional licenses; and real property data.”
According to the statement, ChoicePoint first detected possible fraud in several metro Los Angeles small business accounts in October 2004. ChoicePoint notified the Los Angeles County Sheriff’s Department, which confirmed the fraud and began an investigation. In November, ChoicePoint claims the lead investigator told it to wait until January 2005 to report the fraud to consumers, to prevent a possible compromise of the investigation.
ChoicePoint got the OK in late January to notify consumers whose personal information may have been accessed. It then began sending letters to about 35,000 potentially affected consumers in California. But the investigation later revealed consumers in other states may also have been affected by the fraud, so ChoicePoint then started sending 110,000 more letters to those consumers.
The company also said it has taken steps to try and prevent this sort of problem again. It has hired retired U.S. Secret Service veteran Robert McConnell to be its liaison to law enforcement officials and to suggest preventative measures. During his last five years with the Secret Service, McConnell headed the interagency task force that investigated Nigerian Organized Crime.
ChoicePoint also is “updating its customer credentialing and enrollment processes, on-going account monitoring analytics and its periodic customer auditing programs.” And it is “re-credentialing” broad categories of its customer accounts, including small business customers.
As part of an industry-wide initiative, ChoicePoint is also renewing its call for a national discussion on how to ensure information is used responsibly to ensure the positive benefits of information use are preserved and the illegal uses of data are severely punished. For nearly two years, ChoicePoint has called for a broad national discussion about how to protect personal privacy and society’s right to know. It specifically supports:
• Independent oversight and increased accountability of data users and providers to help increase consumer confidence.
• Increased penalties for the intentional misuse of personal information by businesses and individuals.
• Mandatory notification by government and businesses of unauthorized access to personal data.
More information, including a state-by-state list indicating the number of customers affected is at www.choicepoint.com.