Database giant gives access to fake firms

Criminals posing as legitimate businesses have accessed critical personal data stored by ChoicePoint Inc., a firm that maintains databases of background information on virtually every U.S. citizen, MSNBC.com has learned.

The incident involves a wide swath of consumer data, including names, addresses, Social Security numbers, credit reports and other information. ChoicePoint aggregates and sells such personal information to government agencies and private companies.

Last week, the company notified between 30,000 and 35,000 consumers in California that their personal data may have been accessed by "unauthorized third parties," according to ChoicePoint spokesman James Lee.

California law requires firms to disclose such incidents to the state's consumers when they are discovered. It is the only state with such a requirement but such data thefts are rarely limited to a single geographic area.

Lee said law enforcement officials have so far advised the firm that only Californians need to be notified.

"The only incident that has been confirmed is in California," he said.

ChoicePoint maintains a dossier on virtually every American consumer, according to Daniel J. Solove, George Washington University professor and author of "The Digital Person."

The Atlanta-based company says it has 10 billion records on individuals and businesses, and sells data to 40 percent of the nation's top 1,000 companies. It also has contracts with 35 government agencies, including several law enforcement agencies.

Victims told months after the fact
The incident was discovered in October, when ChoicePoint was contacted by a law enforcement agency investigating an identity theft crime. In that incident, suspects had posed as a ChoicePoint client to gain access to the firm's rich consumer databases.

FREE VIDEO Personal data exposed Feb. 15: NBC's Anne Thompson reports on the ChoicePoint case. Nightly News

Subsequent research by ChoicePoint revealed that about 50 fake companies had been set up and then registered with ChoicePoint to access consumer data. 

California consumers who received warning letters from the firm last week were "in some way connected to searches" conducted by those fake accounts, Lee said.

The firm was only given clearance by law enforcement officials to disclose the incident two weeks ago, Lee said

While the criminals had access to ChoicePoint data, it's not clear what, if any, information was stolen, said Chuck Jones, another ChoicePoint spokesman. The letters were sent as a precaution, he said.

The FBI, Los Angeles County Sheriff's Office, and the U.S. Postal Inspector's Office are investigating, he said.

MORE FROM SECURITY

Security Section Front

Check your junk mail: Might have a contract in it FTC warns of increase in Internet scams Man indicted in hacking of Palin's e-mail Tiny flash drives improve their security Fake YouTube pages used to spread viruses EU proposes more rights for Internet shoppers Gmail 'Mail Goggles' stymie drunk e-mailing Fraud plagues prepaid calling card market GPS 'spoofing' could threaten national security Chinese snoop on Skype, but are they alone? Security Section Front   Add Security headlines to your news reader: