State officials push ChoicePoint on ID theft notifications
The company will send out notices to 145,000 potential victims
Computerworld - Credit and personal information vendor ChoicePoint Inc. has reached an agreement with 19 state attorneys general to notify 145,000 consumers whose personal information may have been stolen by identity thieves.
In an announcement Wednesday, Illinois Attorney General Lisa Madigan and 18 other state attorneys general sent a letter to Atlanta-based ChoicePoint, asking the company to immediately provide as much detail as possible to anyone whose personal information might have been compromised, including when and where it occurred.
The company should also urge affected consumers to check their credit reports immediately to ensure that fraudulent activity has not occurred, the letter said.
ChoicePoint provides data to credit providers, government agencies, landlords and others who use personal information to grant loans, leases and other contracts.
In a statement that same day, ChoicePoint said it is continuing to work with local and federal law enforcement agencies to investigate the alleged data-theft incident, which occurred last fall. The incident wasn't disclosed publicly until this week to allow law enforcement officials to continue their investigation, according to the company.
ChoicePoint said the data theft happened when "a small number of very well-organized criminals posed as legitimate companies to gain access to personal information about consumers."
So far, ChoicePoint has notified approximately 35,000 California residents that personal information -- including names, Social Security numbers, credit reports and other data -- may have been accessed by the thieves.
The company said it will also notify another 110,000 consumers outside of California about the incident. About 750 people so far have been victims of identity theft in connection with the case, according to the company.
"This incident was not a breach of ChoicePoint's network or a 'hacking' incident and did not involve any of ChoicePoint's customer information," the company said. "Nevertheless, this is a serious issue which ChoicePoint is addressing aggressively."
A spokesman for the company couldn't be reached today.
The data thieves apparently posed as legitimate business customers to gain access to information about consumers, according to ChoicePoint. "Financial fraud conducted by seemingly legitimate businesses is a pervasive problem in the economy," the company said. "While ChoicePoint offers a wide range of tools to help detect fraud, no one -- including us -- is immune from it."
Gail O'Connor, a spokeswoman for Illinois AG Madigan, said today that the company is also being asked to meet with the attorneys general to discuss how the incident happened and how to prevent it from being repeated. That meeting has not yet been set up, she said.
Other attorneys general signing the letter were from Alaska, Arizona, Connecticut, Florida, Idaho, Indiana, Iowa,Maryland, Massachusetts, Michigan, Ohio, Oregon, New York, North Carolina, North Dakota, South Dakota, Vermont and Washington.
California is the only state so far with laws requiring companies to notify residents in the event of a security breach involving personal financial data.
"Identity theft threatens a consumer's financial health, credit rating and peace of mind," Madigan said in the letter. "I will work to help make sure that ChoicePoint does the right thing by informing Illinoisans of any financial or identity theft risks they may face."
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!