State officials push ChoicePoint on ID theft notifications
The company will send out notices to 145,000 potential victims
Computerworld - Credit and personal information vendor ChoicePoint Inc. has reached an agreement with 19 state attorneys general to notify 145,000 consumers whose personal information may have been stolen by identity thieves.
In an announcement Wednesday, Illinois Attorney General Lisa Madigan and 18 other state attorneys general sent a letter to Atlanta-based ChoicePoint, asking the company to immediately provide as much detail as possible to anyone whose personal information might have been compromised, including when and where it occurred.
The company should also urge affected consumers to check their credit reports immediately to ensure that fraudulent activity has not occurred, the letter said.
ChoicePoint provides data to credit providers, government agencies, landlords and others who use personal information to grant loans, leases and other contracts.
In a statement that same day, ChoicePoint said it is continuing to work with local and federal law enforcement agencies to investigate the alleged data-theft incident, which occurred last fall. The incident wasn't disclosed publicly until this week to allow law enforcement officials to continue their investigation, according to the company.
ChoicePoint said the data theft happened when "a small number of very well-organized criminals posed as legitimate companies to gain access to personal information about consumers."
So far, ChoicePoint has notified approximately 35,000 California residents that personal information -- including names, Social Security numbers, credit reports and other data -- may have been accessed by the thieves.
The company said it will also notify another 110,000 consumers outside of California about the incident. About 750 people so far have been victims of identity theft in connection with the case, according to the company.
"This incident was not a breach of ChoicePoint's network or a 'hacking' incident and did not involve any of ChoicePoint's customer information," the company said. "Nevertheless, this is a serious issue which ChoicePoint is addressing aggressively."
A spokesman for the company couldn't be reached today.
The data thieves apparently posed as legitimate business customers to gain access to information about consumers, according to ChoicePoint. "Financial fraud conducted by seemingly legitimate businesses is a pervasive problem in the economy," the company said. "While ChoicePoint offers a wide range of tools to help detect fraud, no one -- including us -- is immune from it."
Gail O'Connor, a spokeswoman for Illinois AG Madigan, said today that the company is also being asked to meet with the attorneys general to discuss how the incident happened and how to prevent it from being repeated. That meeting has not yet been set up, she said.
Other attorneys general signing the letter were from Alaska, Arizona, Connecticut, Florida, Idaho, Indiana, Iowa,Maryland, Massachusetts, Michigan, Ohio, Oregon, New York, North Carolina, North Dakota, South Dakota, Vermont and Washington.
California is the only state so far with laws requiring companies to notify residents in the event of a security breach involving personal financial data.
"Identity theft threatens a consumer's financial health, credit rating and peace of mind," Madigan said in the letter. "I will work to help make sure that ChoicePoint does the right thing by informing Illinoisans of any financial or identity theft risks they may face."
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts