Data provider ChoicePoint suffered a security breach a few years ago at the hands of identity thieves similar to its recent failure to protect personal information, the Los Angeles Times reported yesterday.
Two people were charged in 2002 with accessing records of at least 7,000 people through ChoicePoint by setting up accounts with fake identification in 2000, according to the Times.
A ChoicePoint spokesman said yesterday that the company was not prepared to comment.
ChoicePoint, Alpharetta, GA, houses billions of data points on businesses and nearly every adult in the United States.
Regarding the more recent breach, ChoicePoint realized in October that some requests for names, Social Security numbers and other information it had filled might have been fraudulent. Since then, the company and law enforcement have discovered nearly 50 bogus accounts posing as legitimate businesses. After an investigation, the company was cleared in late January to notify California consumers, as required by law in the state, that their information may have been accessed.
ChoicePoint initially confirmed that data on 35,000 California consumers might have been accessed, but on Feb. 16 the company said that another 110,000 letters would be sent nationwide involving the fraud. As of last week, 750 consumers have been confirmed as directly affected.
One arrest of a Nigerian man was made last month in the recent breach. Olatunji Oluwatosin pleaded no contest to creating a ChoicePoint account with a stolen identity and was sentenced to 16 months in prison.
The two people arrested in 2002 were Nigerian-born. The Times story said Bibiana Benson pleaded guilty to one felony count of unlawful use of identification in September 2002 and was sentenced to 54 months in prison. Her brother, Adedayo Benson, pleaded guilty to three felony counts of use and attempted use of fake credit cards in November 2004 but has not been sentenced yet.
Though no law was in place at the time that would have required ChoicePoint to notify the consumers who had their data accessed, the disclosure of the previous data breach likely will arise during hearings on identity theft and information brokers that several U.S. senators called for last week. A date for the hearings has not been set.
Lawmakers in several states, including Georgia, New Hampshire, New York and Texas, are considering legislation to give consumers the same protections that California citizens enjoy in terms of mandatory notification when sensitive data are breached. Sen. Dianne Feinstein, D-CA, introduced legislation for a federal law dealing with the issue in January. Several states also are looking at legislation that would let consumers put security freezes on their credit reports to prevent access.
Kristen Bremner covers list news, insert media, privacy and fundraising for DM News and DMNews.com. To keep up with the latest developments in these areas, subscribe to our daily and weekly e-mail newsletters by visiting www.dmnews.com/newsletters