ChoicePoint Breach Sparks Senate to Call for Hearings on ID TheftAs data powerhouse ChoicePoint Inc. continued to deal with fallout from identity thieves who gained access to sensitive consumer data, the firm voiced its support yesterday for a federal notification law and its hopes that the Federal Trade Commission and privacy advocates would join it and other data companies in a dialogue about data handling.
Meanwhile, lawmakers said yesterday that the Senate will hold hearings on identity theft and information brokers, though no schedule has been set.
ChoicePoint, which houses billions of data points on businesses and nearly every adult in the United States, realized in October that some requests for names, Social Security numbers and other information it had filled might have been fraudulent. Since then, the company and law enforcement have discovered nearly 50 bogus accounts posing as legitimate businesses. After an investigation, the company was cleared in late January to notify California consumers, as required by law in the state, that their information may have been accessed.
ChoicePoint initially confirmed that data on 35,000 California consumers might have been accessed, but on Feb. 16 the company said that another 110,000 letters would be sent nationwide connected with the fraud.
In an interview with DM News, a ChoicePoint executive said yesterday that the number had not changed since last week.
"The number is still 145,000," said Marc L. Ruggiano, vice president of marketing at ChoicePoint Precision Marketing, Alpharetta, GA. "We continue to work internally and in cooperation with legal authorities to further understand and reassure consumers that may have been involved."
So far, 750 consumers have been confirmed as directly affected.
"It has not been confirmed that their identities have been stolen, but it appears that the criminals attempted to change some portion of their personal information," ChoicePoint spokesman Chuck Jones said. "Almost all have been address changes."
Ruggiano also said the company's marketing database is separate from the data that were revealed and that none of it was accessed. ChoicePoint Precision Marketing is a separately reported entity and represents 10 percent of ChoicePoint Inc.'s sales.
In addition to law enforcement, ChoicePoint is talking to legislators and regulators, including state attorneys general in dozens of states, as well as industry peers and organizations like the Direct Marketing Association. DMA spokesman Louis Mastria said any marketing regulation that may come because of this would be misguided on the part of lawmakers.
"There's a big hurdle to jump to move this into the marketing sphere," he said. "It really becomes an over-broad, sweeping attack on information sharing that is, in fact, very beneficial to consumers if this becomes more than what it is, which is ID theft."
ChoicePoint agreed but said that it supports a federal law requiring notification to consumers when personal data are compromised.
"We are in favor of federal preemption and a uniform application of this type of standard across the country," Ruggiano said. "ChoicePoint at the corporate level has gone beyond the notification requirements of the California law by contacting all 145,000 consumers."
Mastria said the DMA wished to avoid ending up with a hodgepodge of state laws.
Several states, including Georgia, New Hampshire, New York and Texas, are said to be considering legislation to give consumers the same protections that California citizens have. Sen. Dianne Feinstein, D-CA, introduced legislation for a federal law dealing with the issue last month. Eleven states also are looking at legislation to let consumers put security freezes on their credit reports to prevent access.
"Lawmakers are understandably concerned that this happened but I think they have been relieved that ChoicePoint is very supportive of their efforts," Jones said. "We have not heard from the FTC on this particular incident but have been in frequent contact with the FTC recently to get them to participate in a national discussion along with privacy advocates on the future handling of personal information."
Meanwhile, ChoicePoint is revamping its credentialing process for its customers.
"We have hundreds, if not thousands, of people within ChoicePoint working hard so it doesn't happen again," Jones said.
Though several news outlets have reported that a class-action lawsuit was filed against ChoicePoint in California, Ruggiano said he had not seen it and that it was not the company's policy to comment on litigation.
Kristen Bremner covers list news, insert media, privacy and fundraising for DM News and DMNews.com. To keep up with the latest developments in these areas, subscribe to our daily and weekly e-mail newsletters by visiting www.dmnews.com/newsletters