A newly revealed case shows that the vast commercial database of personal information at ChoicePoint was tapped by identity thieves in 2002...

Share story

ATLANTA — A newly revealed case shows that the vast commercial database of personal information at ChoicePoint was tapped by identity thieves in 2002 — contradicting a statement by its CEO that a much more recent breach was the first of its kind.

A Nigerian-born brother and sister were charged in 2002 with a scam in which they posed as legitimate businesses to set up ChoicePoint accounts and gain access to its massive database. They then made 7,000 to 10,000 inquiries on names and Social Security numbers in the database and used some of those identities to commit at least $1 million worth of fraud, Assistant U.S. Attorney Mark Krause in Los Angeles said yesterday.

Last week, after a similar case became public, ChoicePoint Chief Executive Derek Smith told The Associated Press that the company had never been victimized by that kind of criminal operation before. He did not mention the 2002 case.

Most Read Stories

Unlimited Digital Access. $1 for 4 weeks.

The company announced Feb. 15 that a breach first detected in October may have compromised the personal information of as many as 145,000 people.

Smith had asserted that there had been small instances where the company had found people fraudulently trying to get access to its database.

Repeated requests to three ChoicePoint representatives for a comment on the apparent contradiction were not successful yesterday. The 2002 case was reported yesterday by the Los Angeles Times, nearly a week after the interview with Smith.

In the 2002 case, which Krause confirmed, Bibiana Benson, 39, of Sherman Oaks, Calif., and her brother, Adedayo Benson, 38, of Glendale, Calif., both pleaded guilty in connection with the scam. Bibiana Benson received 54 months in prison. Her brother will be sentenced Monday, and prosecutors are asking for a 60-month term, Krause said.

Asked if ChoicePoint notified the affected consumers in the 2002 incident, Krause said, “I don’t believe so. They certainly did not tell us they were sending people letters. My recollection was a lot of the people didn’t know until we told them they might be a victim.”

In a brief statement, the company repeated an earlier announcement that it was rescreening some business customers and revamping its procedures.

Last month, the company disclosed that thieves used previously stolen identities to create what appeared to be legitimate businesses seeking ChoicePoint accounts. The bandits opened up 50 accounts and received volumes of data on consumers, including names, Social Security numbers and credit reports.

The ring, which was discovered in October, used the information to defraud at least 750 people, according to California authorities.

In the wake of the disclosures at ChoicePoint, several states and federal lawmakers have called for tougher regulation of the industry.