Tighter regulation of the data-collection industry possible after revelations ChoicePoint was duped into giving criminals access to its massive database of consumers' personal information.

Share story


ATLANTA — ChoicePoint Chief Executive Derek Smith said yesterday he supports congressional hearings and tighter regulation of the data-collection industry, if necessary, after revelations his company was duped into giving criminals access to its massive database of consumers’ personal information.

His face drawn and eyes weary from two days of meetings in New York with large investors, Smith said in his most extensive interview to date that he is working around the clock to retain shareholders and customers.

He said his company is investigating whether anyone internally was involved in the breach, but he stressed there has been no evidence of that.

Most Read Stories

Unlimited Digital Access. $1 for 4 weeks.

“If we knew somebody had done something internally, we would tell you that,” Smith told The Associated Press.

Smith said he believes his company is as much a victim as the roughly 145,000 Americans whose personal information may have been viewed by criminals.

“I wish we would have caught it sooner,” Smith said.


Information



The Washington state

Attorney General’s Office has tips on how to protect your private, personal information and what to do if you become a victim of identity theft. www.atg.wa.gov/consumer/idprivacy or 800-551-4636.


He added, “The painful part for me is that our mission is being called into question.”

ChoicePoint says its mission is to arm customers with information to verify that the people they are doing business with are who they say they are. That selling point has been turned on its head by thieves who apparently used previously stolen identities to create what appeared to be legitimate businesses seeking ChoicePoint accounts.

The bandits opened up 50 accounts and received volumes of data on consumers, including names, addresses, Social Security numbers and credit reports.

The ring, which operated for more than a year before it was detected, used the information to defraud at least 750 people, according to California authorities. ChoicePoint says that consumers in all 50 states, the District of Columbia and three U.S. territories may have been affected.

The company has been notifying people by mail. Smith said the last of the letters should go out today.

The breach has caused several states and federal lawmakers to call for tougher regulation of the industry. Yesterday, Georgia’s insurance commissioner threatened to prohibit state insurance companies from using ChoicePoint data for underwriting policies unless ChoicePoint makes changes to its security procedures.

The debacle also has spurred at least one lawsuit and could take a financial toll on the company. The company’s share price has dropped about 10 percent since the episode was revealed.

ChoicePoint stock closed yesterday at $41 per share, down 22 cents. The stock reached a 52-week high of $47.95 on Feb. 4.

Smith said that in his meetings in New York he tried to assure major shareholders the company is doing all it can to make sure such a breach never happens again.

“I can’t speculate what the future will hold in terms of shareholders or customers,” Smith said.

But, Smith said, he believes there is an important role that data aggregators such as ChoicePoint provide in society.

“If you shut the information off, the people that will win is organized crime,” he said.

He reiterated the company’s plans to rescreen 17,000 of its customers and eliminate certain customers’ ability to retrieve sensitive data from the company’s system, such as Social Security numbers. When pressed, he declined to spell out any further steps the company might be taking.

Smith said his company learned of the potential of fraud in October during routine monitoring of the company’s system, and immediately notified authorities in California, where one of the suspect companies was located. Authorities there asked ChoicePoint not to discuss what happened initially to protect their investigation, Smith said.

He added that the company did not learn until last week that people outside California may have been affected. Once it did, he said the company immediately decided to notify people in other states, even though such notification is currently only required in California.

“We voluntarily found the breach and notified law enforcement. Why did we do that? We did that because we are in the business of preventing fraud for our clients,” Smith said.

He added, “We could have simply shut the system off and ignored the fact that we didn’t know whether it was fraudulent or not.”

Formed in 1997 as a spinoff of credit reporting agency Equifax, ChoicePoint has rapidly grown beyond its roots of analyzing insurance-claims information to become a clearinghouse for personal data on hundreds of millions of people.

The 19 billion public records in its database at its suburban Atlanta headquarters include motor-vehicle registrations, license and deed transfers, military records, names, addresses and Social Security numbers.