Low-Tech Methods Used in Data Theft

Chairman Derek Smith told CNBC last week, for instance, that management "never realized the sophistication organized crime" would demonstrate in order to access ChoicePoint files.

But documents in a criminal case against a brother-and-sister team that pulled a similar scam several years ago suggest that penetrating ChoicePoint's defenses could take little more than a home computer, a fax machine and a bottle of Wite-Out.

"This is an old-fashioned kind of thing," said Deputy Special Agent Dale Pupillo of the U.S. Secret Service, which investigates cases of credit card fraud and identity theft. Hackers capable of stealing data electronically increasingly pose a threat, but "this was kind of low-tech."

That worries consumer advocates and lawmakers. Several members of Congress have proposed laws that would require data brokers to establish effective security systems to keep the Social Security numbers and other confidential data they gather and store out of the hands of fraud artists.

ChoicePoint executives declined to be interviewed for this article but issued a statement reiterating the company's view that recent data thefts from ChoicePoint and rival information broker LexisNexis provide "ample proof of the seriousness and sophistication of this type of fraud."

Both ChoicePoint and LexisNexis, a unit of Reed Elsevier, have said they will institute new policies to ensure that only government agencies and legitimate businesses can gain access to their data, which are used to verify employment applications, screen credit applicants and investigate security risks.

But it might not be wise to trust the companies to police themselves, said Edmund Mierzwinski, consumer program director for the advocacy organization U.S. Public Interest Research Group.

"I question whether companies [that have been] so cavalier with confidential consumer information will really change their attitude without tough new laws and a lot of lawsuits," Mierzwinski said.

Court documents in the 2002 case of Bibiana and Adedayo Benson -- who were convicted and sentenced to federal prison -- shed light on what it took to steal data from ChoicePoint and open fraudulent credit card and bank accounts in the names of unknowing victims.