From the L.A. Times:

Executives at besieged information broker ChoicePoint Inc. have said they had no idea how vulnerable the company was to the identity thieves who recently tapped into personal data on 145,000 Americans, igniting a national furor over privacy. Chairman Derek Smith told CNBC last week, for instance, that management "never realized the sophistication organized crime" would demonstrate in order to access ChoicePoint files.

It is disturbing that Choicepoint, one the biggest vendors in our industry and a company whose services are used to root out fraud and ensure transparency in countless business transactions would be caught flat-footed by fraudsters themselves. Smith's statement on CNBC seems especially thin considering that this is most certainly not the first time something like this has happened to the company.

More from the L.A. Times:

Court documents in the 2002 case of Bibiana and Adedayo Benson -- who were convicted and sentenced to federal prison -- shed light on what it took to steal data from ChoicePoint and open fraudulent credit card and bank accounts in the names of unknowing victims.

The case, which led to at least $1 million in losses, attracted no public attention at the time. Like the most recent security breach, it involved con artists using simple and time-tested methods to hoodwink the data broker.

According to the court records, Bibiana Benson applied for a ChoicePoint account in the name of Christine Lorraine Burton on April 2, 2000.

To get the account, Benson needed two things: Burton's Social Security number and a professional or business license. ChoicePoint requires a copy of "business or professional licensing," according to its current application form, because information obtained from its databases may be used only for "business reasons."

Benson had the Social Security number. (The documents don't say how she obtained it, but authorities say there was evidence her brother was involved in identity theft before the ChoicePoint infiltration.) The California real estate broker's license in Burton's name was a fake. Benson faxed the license to ChoicePoint along with the application form.

And the Bensons were off to the races and racking up about a million in fraudulent transactions. And the best bit...this went on for over TWO YEARS.

To read the rest, click here.

In fairness to Choicepoint and to LexisNexis as well, data aggregators are not the only firms who have faced these types of data leaks. Whether it be due to electronic security breaches, employee error or plain old con artistry many other firms have recently faced similar issues, including Bank of America, DSW shoes and online payroll service Paymaxx. But Choicepoint is a different deal. Americans have an innate suspicion a company that earns a profit by collecting and selling personal data.

No one was given a chance to "opt out" of Choicepoint's files. There is no national "Do Not Aggregate me" list to join. So, when a security breach happens the American public and their elected representatives are not going to concern themselves with how much Choicepoint aids in business transparency, they are simply going to seek a reckoning. Choicepoint by its own hand has opened the door to being judged not just for what they've done but for what they are.

The services provided by Choicepoint do a great deal of good in preventing fraud. It seems very clear however, that the company, in its great rush to commodify and product-ize personal data has let slip the basic "know your customer" protections and fundamental subscriber vetting that should be the bedrock of such services. In doing so the have put at risk all the positive benefits their services provide to the business community.

-- MDT

Labels: data breech, identity theft