Tens of thousands of U.S. consumers face a greater risk of identity theft after criminals gained access to a database of personal records compiled by ChoicePoint Inc. (search), a company spokesman said on Tuesday.
Identity thieves posing as legitimate businesses were able to access profiles that include Social Security numbers (search), credit histories, criminal records and other sensitive material, ChoicePoint spokesman Chuck Jones said.
Alpharetta, Ga.-based ChoicePoint maintains personal profiles of nearly every U.S. consumer, which it sells to employers, landlords, marketing companies and about 35 U.S. government agencies.
In California (search), the only state that requires companies to disclose security breaches, ChoicePoint sent warning letters to 30,000 to 35,000 consumers advising them to check their credit reports.
Jones said the company was still determining whether consumers outside California were affected, and declined to say whether it would notify them.
U.S. investigators notified the company of the breach in October, but ChoicePoint did not send out the consumer warnings until last week. Jones said it took a while for the company to determine which consumer records were affected.
The identity thieves set up roughly 50 fraudulent business accounts to gain access to consumer data, Jones said. The company has since tightened its criteria for access, he said.
The Los Angeles County Sheriff's Department has detained one suspect in the case who had access to at least six consumer files.
"We believe this is probably way more widespread than this one individual," Lt. Robert Costa said.
A U.S. Postal Service inspector said the agency could not talk about ongoing cases. The FBI did not return a call seeking comment.
ChoicePoint's databases contain 19 billion public records, including driving records, sex-offender lists and FBI lists of wanted criminals and suspected terrorists.
The company says its records enable law enforcers to track down serial killers and have helped find 822 missing children.
ChoicePoint has drawn criticism from privacy activists who say it should face greater limits on how it handles the detailed profiles it has amassed on nearly every U.S. citizen.
Chris Hoofnagle, associate director with the Electronic Privacy Information Center, noted another consumer-data company, Acxiom, suffered a security breach as well. That occurred in 2003.
"This calls into question whether these data products actually make us more secure," he said. "This is a prime example of how they don't and why ChoicePoint should be subject to federal privacy regulations," he said.
In several recent filings with the Federal Trade Commission, Hoofnagle has argued ChoicePoint should be subject to a law that allows consumers to view their credit reports and see who else is accessing them.
People can lose their jobs because of erroneous ChoicePoint records, he said, while predators can too easily tap the database to track down victims.
ChoicePoint said in a December response it complied with existing laws and gave consumers more access to their own files than required.
"The topic of the responsible use of information is a vital one to our society ... we support a national debate on this very topic," ChoicePoint President Doug Curling said.