"This is an issue that goes beyond ChoicePoint. They're just one company," said James X. Dempsey, executive director of the Center for Democracy and Technology, which advocates for privacy and computer security. "Both the industry and Congress need to pay attention to the security of personal information."
Marc Rotenberg, executive director of the Electronic Privacy Information Center, said the case raises important questions about who is responsible when companies are tricked into releasing data. "Companies such as ChoicePoint are operating with too little oversight," he said.
Corporate headquarters of ChoicePoint, a Georgia company that was tricked into giving out personal records.
(John Amis -- AP)
The ChoicePoint case began unfolding last fall. Initially, company employees assumed the requests for information were legitimate, because the applicants appeared to work at registered companies in the Hollywood area. But company investigators noticed that applications for access to the company's massive databases were coming from Kinko's stores, sometimes via fax machines.
A ChoicePoint official said dossiers, possibly including thousands of credit reports, were delivered to personal computers over the World Wide Web or mailed to suspects who had opened close to 50 accounts with the company. The reports, including credit reports, typically cost between $5 and $17, company officials said.
Last fall, the company sought help from authorities in Los Angeles, and together they tricked a suspect into returning to one of the Kinko's stores in late October. There, they arrested Olatunji Oluwatosin, 41, of North Hollywood, who is set to appear in a state court today on six counts of violating the state identity theft statute, authorities said. Three of those counts relate to activity in other states.
Investigators still do not know the extent to which the information was used or resold. They have been receiving assistance from postal inspectors. But the case has not gone as smoothly as investigators would have liked. Police said that's in part because ChoicePoint did not appear willing to quickly share information about the case, an allegation the company denies.
"We've been following up on leads while waiting for ChoicePoint," said Costa, the sheriff's department investigator who leads the Southern California High Tech Task Force's identity theft detail.
ChoicePoint spokesman James Lee said the company learned for the first time yesterday the case involved people in states outside California. He said the company has done everything it can to bolster security immediately and help with the investigation. The company also is considering "fundamental changes" in security procedures and customer authentication.
"We're not to blame, but we're taking responsibility," Lee said. "The people committing the fraud were smarter and quicker than we were.
"It's a wake-up call," he said. "Everybody needs to be ever vigilant and diligent."