ChoicePoint CEO Had Denied Any Previous Breach of Database
The chief executive of information broker ChoicePoint Inc. told interviewers last week that a recent security breach was the only such incident in the company's history, despite the fact that criminals had gained access to its database with similar methods at least once before.
"This is the first time that that kind of process has really happened for us," Derek Smith said in a Feb. 21 interview with Atlanta television station WXIA, referring to a 2004 case in which criminals pretended to have a legitimate need for financial data and tapped 145,000 personal records. A North Hollywood man has pleaded no contest to felony identity theft in the scam.
Smith and other executives of the Alpharetta, Ga.-based company declined Wednesday to answer questions about the earlier incident, reported Wednesday by The Times. A pair of fraud artists pleaded guilty in a 2002 case in which at least 7,000 ChoicePoint records were accessed, leading to what prosecutors said was at least $1 million in fraudulent purchases.
Members of the House Committee on Homeland Security said they planned to request today an investigation of ChoicePoint and other companies that sell personal information, including Social Security numbers and credit records.
Lawmakers also said they planned to introduce legislation in the House and Senate calling for increased Federal Trade Commission oversight of businesses that collect personal data and package it for sale to financial institutions, employers and other customers.
"The 2002 incident shows that ChoicePoint should have learned its lesson about security breaches," said Rep. Edward Markey (D-Mass). Markey said he would push for a bill that would make it a crime to sell Social Security numbers. "I've introduced this bill several times in the past without it passing, but the time has now arrived."
Rep. Loretta Sanchez (D-Garden Grove) said she worried that criminals might not be the only ones who could exploit security gaps at ChoicePoint.
"We are very concerned from a terrorist standpoint, as well as a privacy standpoint," said Sanchez, a member of the House Homeland Security committee. Despite the criticism, ChoicePoint executives Wednesday declined to say how the company had handled the incidents in 2002 and 2004 or whether there had been other leaks of private data.
- ChoicePoint Is Fined for Data Breach Jan 27, 2006
- Identity Data Thief Faces New Charges Aug 31, 2005
- ChoicePoint Had Earlier Data Leak Mar 02, 2005
