State officials push ChoicePoint on ID theft notifications
The company will send out notices to 145,000 potential victims
Computerworld - Credit and personal information vendor ChoicePoint Inc. has reached an agreement with 19 state attorneys general to notify 145,000 consumers whose personal information may have been stolen by identity thieves.
In an announcement Wednesday, Illinois Attorney General Lisa Madigan and 18 other state attorneys general sent a letter to Atlanta-based ChoicePoint, asking the company to immediately provide as much detail as possible to anyone whose personal information might have been compromised, including when and where it occurred.
The company should also urge affected consumers to check their credit reports immediately to ensure that fraudulent activity has not occurred, the letter said.
ChoicePoint provides data to credit providers, government agencies, landlords and others who use personal information to grant loans, leases and other contracts.
In a statement that same day, ChoicePoint said it is continuing to work with local and federal law enforcement agencies to investigate the alleged data-theft incident, which occurred last fall. The incident wasn't disclosed publicly until this week to allow law enforcement officials to continue their investigation, according to the company.
ChoicePoint said the data theft happened when "a small number of very well-organized criminals posed as legitimate companies to gain access to personal information about consumers."
So far, ChoicePoint has notified approximately 35,000 California residents that personal information -- including names, Social Security numbers, credit reports and other data -- may have been accessed by the thieves.
The company said it will also notify another 110,000 consumers outside of California about the incident. About 750 people so far have been victims of identity theft in connection with the case, according to the company.
"This incident was not a breach of ChoicePoint's network or a 'hacking' incident and did not involve any of ChoicePoint's customer information," the company said. "Nevertheless, this is a serious issue which ChoicePoint is addressing aggressively."
A spokesman for the company couldn't be reached today.
The data thieves apparently posed as legitimate business customers to gain access to information about consumers, according to ChoicePoint. "Financial fraud conducted by seemingly legitimate businesses is a pervasive problem in the economy," the company said. "While ChoicePoint offers a wide range of tools to help detect fraud, no one -- including us -- is immune from it."
Gail O'Connor, a spokeswoman for Illinois AG Madigan, said today that the company is also being asked to meet with the attorneys general to discuss how the incident happened and how to prevent it from being repeated. That meeting has not yet been set up, she said.
Other attorneys general signing the letter were from Alaska, Arizona, Connecticut, Florida, Idaho, Indiana, Iowa,Maryland, Massachusetts, Michigan, Ohio, Oregon, New York, North Carolina, North Dakota, South Dakota, Vermont and Washington.
California is the only state so far with laws requiring companies to notify residents in the event of a security breach involving personal financial data.
"Identity theft threatens a consumer's financial health, credit rating and peace of mind," Madigan said in the letter. "I will work to help make sure that ChoicePoint does the right thing by informing Illinoisans of any financial or identity theft risks they may face."
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts