ChoicePoint to tighten data access after ID theft

Computerworld - As ChoicePoint Inc. continues this week to notify some 145,000 consumers of possible identity theft after it sold consumer information to fraudulent businesses last year, the company said it's beginning to double-check its existing clients to ensure they are legitimate businesses.
In an announcement yesterday, the Alpharetta, Ga.-based personal information vendor said it's undergoing a "rigorous re-credentialing of broad categories of customer accounts," as well as making changes that include masking or truncating sensitive personal identifier information, such as Social Security numbers and driver's license numbers.
ChoicePoint said that most of the fraudulent activity occurred in its small-business public-record products and that all customers using the information will now be subject to the new data restrictions and recredentialing efforts.
A ChoicePoint spokesman couldn't be reached today.
Last week, the company agreed to notify 145,000 consumers whose personal information may have been stolen by identity thieves posing as ChoicePoint clients who purchased the data through legitimate channels (see story).
The company said it began to detect possible fraudulent activity in several small-business accounts in the Los Angeles area last October. The Los Angeles County Sheriff's Department began an investigation and asked the company to delay notifying consumers so it could continue its investigation, ChoicePoint said. The company was told late last month that it could begin notifying consumers of the potential fraud.
ChoicePoint initially believed that about 35,000 consumers in California were the only ones affected.
According to the company, fraudulent customers used "stolen identities to create and produce the documents [they] needed to appear legitimate." Among the information obtained from ChoicePoint were names and addresses of consumers, Social Security and driver's license numbers, abbreviated credit reports and other information such as bankruptcies, liens and property records.
After authorities notified ChoicePoint that consumers in other states might have been affected, prompting the company to mail out another 110,000 warning letters to residents across the U.S.
Consumer advocates say the incident shows that government oversight is needed to protect consumer information.
Beth Givens, the director of the San Diego-based Privacy Rights Clearinghouse, said that while some of ChoicePoint's stored consumer data is protected by the federal Fair Credit Reporting Act -- including tenant, insurance and employment information -- other key personal information isn't protected by federal laws.
"This is an industry that has been allowed to develop and grow with almost no oversight by the government," Givens said. "This is a wake-up call for all individuals, whether or not they got those [fraud alert] letters" from ChoicePoint. "I do think we need