ID theft victims face lifetime of vigilance

“I don’t think anyone fully recovers from these events,” said the resource center’s co-executive director, Linda Foley, whose identity was used to get credit cards and a cell phone in 1997. “It alters the way you look at things for the rest of your life.”

ChoicePoint's chief executive, Derek Smith, said in an interview Thursday with The Associated Press that he supports congressional hearings and tighter regulation of the data collection industry, if necessary. And ChoicePoint issued a statement this week that it was “going to extraordinary lengths to assist people whose identities may have been compromised.”

But critics note that the ChoicePoint breach — first detected by investigators in October — didn’t become public until the company began complying this month with a California law requiring that people be notified when their personal data is compromised.

Consumer advocates want the data-brokering industry subjected to federal oversight, as credit ratings companies are. And even that industry isn’t adequately regulated, critics say.

In December 2003, President Bush signed the Fair and Accurate Credit Transactions Act, which allows consumers to put a free, 90-day fraud alert on their credit reports. The alert forces banks, car dealers and other lenders to apply additional scrutiny whenever anyone tries to apply for credit in that person’s name.

Well aware of the law, many criminals who obtain such data horde it for use more than 90 days later.

Gail Hillebrand, a senior attorney with Consumers Union, calls the so-called FACT Act relatively toothless.

“The crooks are getting smarter,” Hillebrand said. “Unfortunately the way the law is structured, consumers have to do their own legwork. You have to follow up, write letters, give information.”

BOB SULLIVAN ON CHOICEPOINT THEFT Database giant gives access to fake firms Read the Feb. 14 story that started it all Data theft affects 145,000 nationwide Suspect agrees to plea deal ChoicePoint files found riddled with errors No easy way to fix mistakes, either ChoicePoint CEO grilled by Congress Data broker backs some new regulations

The “databasification” of information — Internet-connected computer servers that store billions of pieces of information on almost every American — has made it ever easier for thieves to make purchases using personal information stolen from the elderly and the deceased — or even to clone someone else’s identity and live and work under it.

The ChoicePoint attack may be an example of something else — fraud perpetuated by an organized crime ring. A Nigerian was sentenced to 16 months in jail for his alleged role in the scam, which authorities say spanned about a year. He has refused to cooperate with authorities, they say, but the volume of compromised data is so huge he can’t have acted alone.

ChoicePoint also won’t reveal details of the crime, citing an ongoing investigation. And that’s incredibly frustrating for Lambert, who can’t find out what exactly is in his ChoicePoint dossier beyond his name, address and Social Security number.

After spending hours on the phone with ChoicePoint representatives, he was told Thursday that he had to sign a release simply to find out what information the company kept on him.

“They have no damage control. Nobody knows what they’re doing,” Lambert said of ChoicePoint. “It’s beyond comprehension that in the 21st century this could happen.”

MORE FROM SECURITY

Security Section Front

Pentagon: Insurgents intercepted spy videos Privacy watchdog files complaint against Facebook Ohio court: Cell phone searches require warrant Nearly 1 in 3 older teens gets ‘sexting’ messages Australia to block obscene, crime-linked sites After criticism, Facebook tweaks settings again Court reviews employer access to texts NYT: U.S., Russia open talks on cyberwar limits Red Tape: Holiday ‘cyberbegging’ grows on eBay Internet users lured to oppose health bills Security Section Front   Add Security headlines to your news reader: