ChoicePoint suffered previous breach

updated 10:38 p.m. ET March 2, 2005

ATLANTA - A newly revealed case shows that the vast commercial database of personal information at ChoicePoint Inc. was tapped by identity thieves in 2002 — contradicting a statement by its CEO that a much more recent breach was the first of its kind.

A Nigerian-born brother and sister were charged in 2002 with a scam in which they posed as legitimate businesses to set up ChoicePoint accounts and gain access to its massive database.

They then made 7,000 to 10,000 inquiries on names and Social Security numbers in the database and used some of those identities to commit at least $1 million worth of fraud, Assistant U.S. Attorney Mark Krause in Los Angeles said Wednesday.

Last week, after a similar case became public, ChoicePoint chief executive Derek Smith told The Associated Press in an interview that the company had never been victimized by that kind of criminal operation before. He did not mention the 2002 case.

“We saw for the first time organized crime come in and attack through a small business segment,” Smith said about the recent incident. “We had not experienced this kind of environment or understanding before.”

The company announced Feb. 15 that a breach first detected in October may have compromised the personal information of as many as 145,000 people.

Asked during last week’s interview if any breach similar in scale had occurred at the company before, Smith responded, “No. I’m not aware of anything.”

Smith had asserted that there had been small instances where the company had found people fraudulently trying to get access to its database.

BOB SULLIVAN ON CHOICEPOINT THEFT Database giant gives access to fake firms Read the Feb. 14 story that started it all Data theft affects 145,000 nationwide Suspect agrees to plea deal ChoicePoint files found riddled with errors No easy way to fix mistakes, either ChoicePoint CEO grilled by Congress Data broker backs some new regulations

Repeated requests to three ChoicePoint representatives for a comment on the apparent contradiction were not successful Wednesday. The 2002 case was reported Wednesday by the Los Angeles Times, nearly a week after the AP interview with Smith.

In the 2002 case, which Krause confirmed, Bibiana Benson, 39, of Sherman Oaks, Calif., and her brother, Adedayo Benson, 38, of Glendale, Calif., both pleaded guilty in connection with the scam. Bibiana Benson received 54 months in prison. Her brother will be sentenced Monday, and prosecutors are asking for a 60-month term, Krause said.

Another Nigerian man also in Los Angeles has pleaded guilty in connection with the more recent breach at ChoicePoint. Krause declined to say Wednesday whether the two cases are related.

MORE FROM SECURITY

Security Section Front

Pentagon: Insurgents intercepted spy videos Privacy watchdog files complaint against Facebook Ohio court: Cell phone searches require warrant Nearly 1 in 3 older teens gets ‘sexting’ messages Australia to block obscene, crime-linked sites After criticism, Facebook tweaks settings again Court reviews employer access to texts NYT: U.S., Russia open talks on cyberwar limits Red Tape: Holiday ‘cyberbegging’ grows on eBay Internet users lured to oppose health bills Security Section Front   Add Security headlines to your news reader: