State officials push ChoicePoint on ID theft notifications
The company will send out notices to 145,000 potential victims
Computerworld - Credit and personal information vendor ChoicePoint Inc. has reached an agreement with 19 state attorneys general to notify 145,000 consumers whose personal information may have been stolen by identity thieves.
In an announcement Wednesday, Illinois Attorney General Lisa Madigan and 18 other state attorneys general sent a letter to Atlanta-based ChoicePoint, asking the company to immediately provide as much detail as possible to anyone whose personal information might have been compromised, including when and where it occurred.
The company should also urge affected consumers to check their credit reports immediately to ensure that fraudulent activity has not occurred, the letter said.
ChoicePoint provides data to credit providers, government agencies, landlords and others who use personal information to grant loans, leases and other contracts.
In a statement that same day, ChoicePoint said it is continuing to work with local and federal law enforcement agencies to investigate the alleged data-theft incident, which occurred last fall. The incident wasn't disclosed publicly until this week to allow law enforcement officials to continue their investigation, according to the company.
ChoicePoint said the data theft happened when "a small number of very well-organized criminals posed as legitimate companies to gain access to personal information about consumers."
So far, ChoicePoint has notified approximately 35,000 California residents that personal information -- including names, Social Security numbers, credit reports and other data -- may have been accessed by the thieves.
The company said it will also notify another 110,000 consumers outside of California about the incident. About 750 people so far have been victims of identity theft in connection with the case, according to the company.
"This incident was not a breach of ChoicePoint's network or a 'hacking' incident and did not involve any of ChoicePoint's customer information," the company said. "Nevertheless, this is a serious issue which ChoicePoint is addressing aggressively."
A spokesman for the company couldn't be reached today.
The data thieves apparently posed as legitimate business customers to gain access to information about consumers, according to ChoicePoint. "Financial fraud conducted by seemingly legitimate businesses is a pervasive problem in the economy," the company said. "While ChoicePoint offers a wide range of tools to help detect fraud, no one -- including us -- is immune from it."
Gail O'Connor, a spokeswoman for Illinois AG Madigan, said today that the company is also being asked to meet with the attorneys general to discuss how the incident happened and how to prevent it from being repeated. That meeting has not yet been set up, she said.
Other attorneys general signing the letter were from Alaska, Arizona, Connecticut, Florida, Idaho, Indiana, Iowa,Maryland, Massachusetts, Michigan, Ohio, Oregon, New York, North Carolina, North Dakota, South Dakota, Vermont and Washington.
California is the only state so far with laws requiring companies to notify residents in the event of a security breach involving personal financial data.
"Identity theft threatens a consumer's financial health, credit rating and peace of mind," Madigan said in the letter. "I will work to help make sure that ChoicePoint does the right thing by informing Illinoisans of any financial or identity theft risks they may face."
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Transforming Information Security: Future-Proofing Processes This report provides a valuable set of recommendations from 19 of the world'd leading security officers to help organizations build security strategies for...
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- Establish Cyber Resiliency: Developing a Continuous Response Architecture Many enterprises fail to proactively prepare the battlefield for a data breach by only leveraging outdated techniques that focus on the perimeter or...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Cybercrime and Hacking White Papers | Webcasts