ChoicePoint, based in Alpharetta, Ga., has assembled a huge trove of personal data in recent years. Much of that information, such as court rulings, driver records and real estate details, comes from government agencies. The company also purchases information from the three major credit bureaus and other information services.
Its ability to create and electronically transmit exhaustive dossiers on people makes it a favorite of many Fortune 500 companies, government agencies and law enforcement and Homeland Security authorities. Today, it has more than 100,000 customers and revenue approaching $1 billion, a large proportion based on the resale of details about individuals.
Olatunji Oluwatosin, a Nigerian national, pleaded no contest to identity theft in the ChoicePoint case. Scrutiny of the firm is expanding.
(Brian Vander Brug -- AP)
Transcript: Reporter and author Robert O'Harrow Jr. answered your privacy questions.
Databases Called Lax With Personal Information (The Washington Post, Feb 25, 2005)
ChoicePoint Victims Have Work Ahead (The Washington Post, Feb 23, 2005)
ID Theft Scam Hits D.C. Area Residents (The Washington Post, Feb 21, 2005)
ID Data Conned From Firm (The Washington Post, Feb 17, 2005)
In Age of Security, Firm Mines Wealth Of Personal Data (The Washington Post, Jan 20, 2005)
Before granting service, ChoicePoint typically requires a photocopy of a driver's license and business records on file with a state or local government agency. A ChoicePoint employee would then verify that such a person and company exists. Identity thieves skirted this system by using fake IDs and by setting up front companies on paper, registered with government agencies in phony names, according to court and company records.
Olatunji Oluwatosin pleaded no contest to identity theft in a California court last month. He was sentenced to 16 months in state prison. Authorities are still investigating who else may be involved in the scandal. They believe others, possibly many others, worked with him.
ChoicePoint officials, meanwhile, said they have since identified more than 50 accounts that appear to be phony. The company has warned people to watch for unauthorized activity on their credit reports and has offered to give them free access to that information, at an estimated cost of $2 million.
The real James Garrett said he first noticed that something was amiss when he received a call from a credit card company. The company told him that a card in his name had been redirected to another address. When Garrett went to police to report the fraud, police told him he was apparently part of an identity theft ring, possibly related to terrorist financing, Garrett said yesterday.
An investigator in the ChoicePoint case later told him that identity thieves had obtained not only his name and address, but his Social Security number, credit card password and mother's maiden name.
"They knew everything about me," Garrett said.
Behind the scenes, the case continues to expand. Decker and other authorities in Los Angeles have discussed the case with the FBI and Secret Service, which has indicated it may have another identity theft suspect with ties to the ChoicePoint case. The Federal Trade Commission has begun an inquiry.
At the same time, public ire is intensifying. Congress is planning to hold hearings about the breach and the information industry in general. Some of those hearings may involve questions about national security. Democrats, including Sen. Bill Nelson (D-Fla.) have asked for a study about how terrorists might use information brokers like ChoicePoint.
In response to the thefts, ChoicePoint said in an SEC filing that it is "discontinuing the sale of information products that contain sensitive consumer data . . . except where there is either a specific consumer-driven transaction or benefit or where the products support federal, state or local government and law enforcement purposes."
"We fully support a continued national discussion of how to ensure that information is used responsibly, that the positive benefits of information use are preserved and that the illegal uses of data are severely punished," the company's filing said.
The company has defended the sale of hundreds of thousands of shares since November, before the scandal became public, by ChoicePoint chief executive Derek V. Smith and president and chief operating officer Douglas C. Curling, saying the transactions were part of scheduled sales arranged last fall. Smith said he personally did not know about the security breach until January.
Decker, meanwhile, said that after four months it feels like his investigation is just beginning.
"Sometimes you're looking at Social Security numbers, and all of the sudden a name pops out and you realize, 'These are real people, all of them,' " he said. "They could all be victims, if not now, in the future. The information is out there."
Special correspondent Kimberly Edds contributed to this story from Los Angeles.