The embattled data broker ChoicePoint said yesterday that the Securities and Exchange Commission (SEC) was investigating stock sales by...

Share story

ATLANTA — The embattled data broker ChoicePoint said yesterday that the Securities and Exchange Commission (SEC) was investigating stock sales by its two top executives, and announced that it was strictly limiting its sale of consumer information to small businesses.

Company CEO Derek Smith and President Douglas Curling earned $16.6 million from ChoicePoint stock sales after the company learned of a major security breach and before the news was made public.

The breach, uncovered last fall but not announced until Feb. 15, involved scammers who posed as small-business customers to access sensitive data that was used to steal people’s identities.

ChoicePoint collects data on individuals, including Social Security numbers, real-estate holdings and current and former addresses. It has about 19 billion records, and its customers include insurance companies, financial institutions and federal, state and local agencies.

The company’s stock has dropped more than 17 percent since the breach became public. Yesterday, ChoicePoint shares fell $2.63, or 6.5 percent, to close at $37.65

CEO Smith said yesterday that he did not learn of the breach until late January, though Los Angeles County detectives made their first arrest in the case in October.

“There is no way that a CEO can know everything that is going on as it relates to an operation,” Smith said yesterday. “I am not involved in the day-to-day operations of the business.”

Asked if he would resign over the matter, Smith said, “I have no intention of leaving the company.”

Questions raised

Corporate-governance experts say the pattern and timing of the stock trading by Smith and Curling raise questions. ChoicePoint says it was prearranged under a plan approved by the company’s board that was announced Nov. 3.

The personal information of 145,000 Americans may have been compromised in the breach, and authorities say about 750 of them were defrauded.

The fiasco has fueled consumer advocates’ calls for federal oversight of the loosely regulated data-brokering business, and Capitol Hill hearings are due to be scheduled on the issue.

Limitation imposed

ChoicePoint said small businesses would only be permitted to purchase its data in limited cases, such as where the products support federal, state or local government purposes.

ChoicePoint’s 17,000 small-business customers accounted for about 5 percent of annual revenue of $900 million. Critics say ChoicePoint’s vetting of small-business customers was far too lax.

Last month, ChoicePoint said it was notifying those people who may have been affected by the breach. The company said yesterday that the number of potentially affected customers may increase, but it doesn’t think the increase will be substantial.

ChoicePoint has said repeatedly it learned of the breach in October but delayed disclosing it because it said California authorities had asked it to keep quiet to protect the fraud investigation.

It said yesterday that it first learned of the possibility of fraud Sept. 27.

A similar breach involving 7,000 to 10,000 ChoicePoint records occurred in 2002 but did not become public until reported by the Los Angeles Times earlier this week.

The company also said the Federal Trade Commission is conducting an inquiry into its compliance with federal laws governing consumer-information security and related issues.