The number of consumers whose personal information may have been disclosed to identity thieves by database firm ChoicePoint climbed from 35,000 in California to 145,000 nationwide Wednesday, according to the company.
ChoicePoint Inc., Alpharetta, GA, keeps billions of data points on businesses and nearly every adult in the United States, including names, addresses, Social Security numbers, credit reports and criminal records.
The company's ChoicePoint Precision Marketing division maintains the MarketView database of 220 million consumers, including demographic, lifestyle, credit and financial information from multiple sources. The division also provides analytical, telemarketing, creative, e-mail append, lettershop and lead generation services to direct marketers. Other ChoicePoint divisions offer services to government and law enforcement and provide background checks for employers and insurance companies.
ChoicePoint said it was in October that California law enforcement approached the company regarding the investigation of an identity theft case, and the firm first realized that some requests for personal information it had filled might have been fraudulent. Since then, the company and law enforcement have discovered nearly 50 bogus accounts posing as legitimate businesses, ChoicePoint spokesman Chuck Jones said.
“These were very sophisticated criminals who outside of ChoicePoint engaged in identity theft and then used those stolen identities to set up what appeared to be legitimate companies, and then they began the process of becoming ChoicePoint customers,” Jones said. “When ChoicePoint did its due diligence, the individuals and the businesses came back clean.”
He also said that it was largely public records group types of accounts set up by the criminals to gain access to personal information such as what people would divulge in pre-employment background screening and credit reports. Personal information accessed included names, addresses, Social Security numbers and credit reports.
ChoicePoint initially confirmed that data on 35,000 California consumers might have been accessed, and the company sent them all notification as is required by law in the state. The company also said that the delay in notification was due to orders from law enforcement agencies investigating the case.
But on Wednesday, ChoicePoint said that another 110,000 letters would be sent this week nationwide connected with the fraud. It also confirmed that about 750 people were found to have had their identities stolen involving this incident.
However, Jones said the company does not expect the number to rise and added that it may even decrease.
“If anything, we think the number will be smaller than this because, in all likelihood, this number may include duplication,” he said.
Several states, including Georgia, New Hampshire, New York and Texas, are reported to be considering legislation to give consumers the same protections that California citizens enjoy in terms of mandatory notification when sensitive data are breached. Sen. Dianne Feinstein, D-CA, introduced legislation for a federal law dealing with the issue last month. Eleven states also are looking at legislation that would let consumers put security freezes on their credit reports to prevent access.
ChoicePoint does not oppose such legislation, according to Jones.
As a result of the situation, he said, ChoicePoint is tightening its credentialing and verification processes.