Slashdot Mirror
ChoicePoint Data Stolen By Imposters
swight1701 writes "Criminals posing as legitimate businesses have accessed critical personal data stored by ChoicePoint Inc., a firm that maintains databases of background information on virtually every U.S. citizen. The incident involves a wide swath of consumer data, including names, addresses, Social Security numbers, credit reports and other information. ChoicePoint notified between 30,000 and 35,000 consumers in California that their personal data may have been accessed by "unauthorized third parties." No obvious notice appears to be on their website."
The article further quotes ChoicePoint spokesman Chuck Jones:
Why the hell are they allowed to keep a dossier on me if they don't have any mechanism in place to allow them to track how it is used and by whom? This is insane!The correct solution to this problem, IMNSHO, is for the courts to determine that personal, financial, and credit records relating to an individual are the COPYRIGHTED PROPERTY OF THAT INDIVIDUAL, and may not be provided to any other party without the owner's explicit consent. Not a blanket consent to provide the data to anyone inquiring, but specific consent to provide it to XYZ Corporation.
I really enjoy how the graphic on the front page of their site reads: "Smarter decisions. Safer world."
It's pretty silly.
Run over someone with my car, i am responsable, and it's a crime. Even if i didn't mean to.
Companys should be held responsable for the data they hold.
WTF am I doing replying to an AC at 5 A.M on a Friday night?
Supposing my identity stolen and used for fraudelent activity. If we could trace the identity theft back to ChoicePoint, could they be held liable (in any sense of the word)?
Paul Grosfield - the quicker picker upper.
The story says that these things "are seldom limited to a single geographic area" ...
SO WHO THE FUCK ELSE HAD THEIR INFO STOLEN!? WHAT STATES!?
We want to know! NOW! Why are they refusing to disclose vital information? I'd be VERY angry to find out that someone committed identity theft, these people knew of the stolen info, and they didn't tell me.
i am a soviet space shuttle
The 35,000 people are all in California. There are probably hell of alot more peoples data stolen. Since the only state that requires stolen data to be reported is Cali. Whats 35,000 * 50 states.
Thats what I call one big screwup
Next big issue is going to be medical records online. While having such information in once location could be of great benefit to doctors and hospitals around the world, there are also dangers as well, like your HMO, employers, or if your a public figure, the media getting their hands on otherwise private medical records.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
That's bad, isn't it. Yes, that's bad.
My credit is so poor that stealing my identiy is only going to hurt them. I mean they think they are gettign a free ride, but when Rocko breaks down their door looking for past due payments boy will they be in for a suprise, hell this might be the best thing to ever happen to me!
Incidents such as these are actually rather rare. People abusing information collected either through neglect or in other ways is not as common as proper use.
All those foolish people who protested the collection and sale of personal data of private citizens should be ashamed since the prosperity of this country depends greatly on the efficiency of business. And if you don't like it in this country any more go some place better! There isn't any place better you say? Then shoot yourself now because there's nothing you individuals can do to change things to your liking anyway.
(The preceding was stated as an opposite to my actual feelings on the matter to illustrate how ridiculous I feel the opposing view might be. There are no acceptable losses when it comes to privacy and the right of everyone to keep what they have earned. Loss of privacy opens the door for unscrupulous people to do bad things and reduces an individual's ability to protect one's self.)
exactly what criteria are used to distinguish between a 'legitimate business' and someone who is going to use the information to steal my identity. or someone who, inadvertently or not, will pass the data to someone who is. the whole model is flawed.
They say "Criminals posing as legitimate businesses have accessed critical personal data stored by ChoicePoint Inc."
If the data was that critical and personal, why was it available to "legitamate businesses" in the frist place?
Are a set of articles of incorporation and a pile of money all I need to 'legitimately' access "databases of background information on virtually every U.S. citizen"?
"For almost a century ChoicePoint has been a trusted source and leading provider of decision-making information that helps reduce fraud and mitigate risk."
Rrriiight....
Toast lands jelly down. If you jelly both sides of a piece of toast, it will hover in a state of quantum indecision.
No Place To Hide
It was truely disturbing. Now that we're permanently at war with the Forces Of Evil (terrorists, for now) people should get used to not having any privacy. Sigh.
What is their relationship with the Arkansas outfit Axciom whose computers were hacked into awhile ago?
And what do either of them have to do with Intellectual Ventures, UCANN and the Carlyle Group... well OK, let's start with Axciom first.
California, population approx 30 million, or 1/10 of the US population.
So, the number of stolen identies is probably closer to 300,000 to 350,000. Only California has a law that forces companies to disclose these kinds of risks to personal data, but I think it's a fairly safe assumption that the theives didn't target just California records (in fact, if they wanted to use them for identity theft, it would make more sense to excluse California records because those indidivuals would be on alert).
So, potentially one in every one hundred people in the US now has their electronic profile available for identify theft. That's a scary (although I'll admit unlikely) idea.
Closing question...what exactly is the f'ing differences between a "legitamate" company accessing this ChoicePoint database an an "illegimate" company? Wouldn't theft of database access be just as much a risk? If Sam's Wholesale Cookies can browse through the database, concievable so can any employee of Sam's Wholesale Cookies or anyone who breaks into a Same's Wholesale Cookies computer. Is there not a single person in all of government who sees the folly of having all the eggs in one basket? Not even a secure basket...the free sample basket by the front door of the mall.
- JoeShmoe
.
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
They probably just got stiffed on the access charges.
C'mon! Does every story on /. have to be about Micro$oft?
you had me at #!
The government is one of ChoicePoint's largest customers, so you can be certain that there will be zero rules and regulations imposed on ChoicePoint or similar companies. Nor will you see any changes to the Fair Credit Reporting Act, which affords no penalty to companies that report wrong information on individuals other than once proven incorrect, it is removed.
If this incident doesn't create intense public outrage and a rash of calls to legislators demanding change, then I doubt there will ever be changes that protect individual identity and information.
Furthermore, I would propose that every individual that finds ChoicePoint's egregious lack of security reprehensible, to draft a letter demanding a full explanation and any details relating to whether or not their information has been stolen. I don't expect this company to come clean, but just imagine the hassle of having to reply to hundreds of thousands of letters.
Maybe having to deal with thousands of peeved off consumers will clean up their act.
stay off the grid as much as humanly possible...
"No obvious notice appears to be on their website."
You think? The last thing they need is a ton of people making transactions of various sorts to plug the logfiles. Further, the less this gets out, the less chance of it being exploited by uninformed black hats!
People opposed to the Bush victory in 2000 claim that ChoicePoint may have aided in voter disenfranchisement.
*This is not an endorsement of the linked site or the opinions expressed there. I just recall these claims from a Slashdot submission I made a couple years ago related to this.
Someday, you're going to die. Get over it.
Remember the Florida election of 2000 when a private database company scrubbed thousands of eligible voters from the rolls? Well now one of the co-founders of Database Technologies is back in the headlines -- he's working with law enforcement agents in Florida to create what may soon expand into a national surveillance system. We talk with privacy expert Wayne Madsen, investigative reporter Greg Palast and a top intelligence official from the state of Florida.
s .h tm
8 /0 7/1427223
When is Joe Six pack going to wake up to the fact that in secret the government has conspired to create a dossier on every citzen in this country and this is who they hired to do it:
Hank Asher then creates the MATRIX as a state level network version of the TIA office. Essentially continuing the TIA office, but freeing it from congressional oversight and federal whistleblower protections. He admits smuggling millions of dollars worth of cocaine in 1981 and 1982. Coincidentally at the time when the Iran-Contra dealings were in full swing.
But this is only speculation. Could there be more of a link between illegal dealings between Hank Asher and the republican party? OF COURSE THERE IS!
In 1992, Asher founded Database Technologies, which later merged with ChoicePoint. In 1999, he founded Seisint Inc. by merging two companies. He is still on Seisint's board of directors, and continues to play an active role in the company.During the 2000 presidential election ChoicePoint, gave Florida officials a list with the names of 8,000 ex-felons to "scrub" from their list of voters. But it turns out none on the list were guilty of felonies, only misdemeanors.
So there we have it. We went from having a domestic spying agency run by a five time felon to having the same domestic spying program sans congressional oversight and whistle blower protections run by a convicted drug smuggler who has proven that he'll break the law to further the republican agenda.
http://www.oldamericancentury.org/oh_republican
A Florida law enforcement data-sharing network is about to go national. In the name of counterterrorism, the Departments of Justice and Homeland Security are pouring millions of dollars into the system to expand it to local law enforcement agencies across the nation. It's called Matrix, which stands for Multistate Anti-Terrorism Information Exchange. According to the Washington Post, the computer network accesses information that has always been available to investigators but brings it together and enables police to access it with extraordinary speed. Civil liberties and privacy groups say the Matrix system dramatically increases the ability of local police to snoop on individuals.
http://www.democracynow.org/article.pl?sid=03/0
The Florida company that built the database was founded by the man behind ChoicePoint and Database Technologies. The companies administered the contract that stripped thousands of African Americans from the Florida voter roles before the 2000 election.
Although narrower in scope than John Poindexter's controversial Terrorist Global Information Awareness program, Matrix may serve a similar purpose because it provides unprecedented access to US residents regardless of their criminal background. And states are eager to participate in the new program. On Tuesday, the Department of Homeland Security announced plans to launch a pilot program in state law enforcement data-sharing among Virginia, Maryland, Pennsylvania and New York.
What's the difference between a "legitimate" business that uses my personal info without my permission, and a "criminal" one? Just the law, and perhaps the degree of abuse in which they engage. Today's legit biz is tomorrow's spammer - and sometimes the reverse.
All this info must be protected by copyright. I transfer a copy of my personal info to a receiver in a specific transaction, with the right to copy it only as required to complete that transaction, unless expressly allowed otherwise. When they "share" it with other parties, or retain it beyond that transaction, they're violating my copyright. As would any further distribution beyond their organization. They're all a bunch of criminals - we need catastrophes like these to be legally documented in violation of our rights, our copyrights, and remedied as appropriate to the damage.
--
make install -not war
"Whiny" wasn't a specific example, just general hyperbole. I've seen several such cases won by plaintiffs in Britain and they've all been for things that seem to me unremarkable.
...can see your social security number, your credit report, your addresses...
...anytime they want...
...um...
...whew?
....have similar problems of their very own.
Someone had to do it.
It was CHINESE triads, AP reports.
Let them know what you think. Ask if your information was compromised. Make them feel the pain!
Contact Link
because only california has a law requring such notice? What I mean is: Aren't there people outside of california whose personal information may have been taken?
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
I RTFA and it says that ChoicePoint aggregates my information and sells it. I interpret "aggregates" as it crawls through and acquires my personal information without my knowledge. I never signed anything saying ChoicePoint can keep and handle my information how they see fit, nor did I receive anything that says some company has my information so I know. Am I alone in saying that no company should be able to profit off of my existance? If that's not bad enough that ChoicePoint has made a living selling my information of which I won't see a dime, now criminals have my personal information and now I have to stay on guard to see if the criminals do anything notably bad in my name.
This whole companies' existance and screwup just stamps out all notions of privacy I had, now not only theives profitted from me without even notifying/asking me, but now criminals can benefit from my existance too.
http://www.privacy.ca.gov/financial/cfreezeon.htm
It's heavy handed, sure. You're effecitvely DOS'ing yourself, and things may take longer to open windows, etc.. But better safe than sorry.
Apparently the only defense against this kind of thing is to have really bad credit.
I used to work at a mortgage insurance agency as a temp doing data entry. I would see 100 or so SSN a day. They don't track who enters what data so I could of easily wrote down a few SSNs along with the person name, phone number, address, etc without anyone knowing I had done it. Even if they make extra-super-duper-sure that they people accessing the information are legit, there is absolutely no assurance that the person handling your information is honest.
Speaking is NOT communication
Rather than taking extreme measures to ensure that social security numbers are kept private, people need to simply stop pretending that a social security number is some sort of magic password that can be used to prove that someone is who they claim to be. SSNs should be treated about the same as phone numbers; assume that everyone has one, but also assume that everyone knows it.
"The firm was only given clearance by law enforcement officials to disclose the incident two weeks ago, Lee said"
Now why exactly would they need permission to tell me (if I were a CA resident) that I should be worried about my data being misused? The certainly didn't need any cop's permission to amass it, not to hand it to a "legitimate" customer.
Ben Masel: 51,282 votes for US Senate in the Wisconsin Democratic Primary
Greg Palast reported on it.
r ow =27 &row =2
http://www.gregpalast.com/detail.cfm?artid=217&
http://www.gregpalast.com/detail.cfm?artid=32
Also see here:
www.electionfraud2004.org
You still think the "exploit" was an accident?
Anybody? Anybody? Anybody? Bueller?
kybred
One thing I'd have to wonder...what would a company like ChoicePoint be doing with someone's personal data(like Social Security Number), unless they had been explicitly authorized to have it? As far as I'm concerned, ChoicePoint might very well be the unauthorized third party.
that is all.
When they lose the data, as far as they are concerned they have lost some of their business information (ie. someone accessed their data without paying).
That the data is about you, and could be damaging to you is incosequential to them. Anyone could have bought the data from them anyway.
Engineering is the art of compromise.
here are links to the last time they were mentioned on slashdot and my comment on them at that time. these guys just keep getting slimier.
if it made it to /., black hats knew about it months ago...
windows.
So many ciminals (read Al Qaeda), and so easy to get our information and our money.
So the funny thing here, is that if windows costs so little, what is the costs of break ins like this?
Who is going to jail over this?
If the answer is "no one", then it will happen again.
org.slashdot.post.SignatureNotFoundException: ewg
Why does a customer company, even a 'legitimate' one have the right to gain access to information that, if improperly handled, will cost ME to fix the problem?
Where do these sick fucks get their data from? If their inputs were shut down the slimy bastards could be pushed out of business.
Part of the problem is that even my fucking bank can sell information to whoever they want to. There are NO COMPANIES in the US that I am aware of that I can actually trust with this level of personal information.
Which suggests a solution: If there were a bank or credit card company that was incorporated with the policy to NOT deal in personal information, and if they took appropriate legal measures so that policy could never be changed, they might be rewarded by a boatload of customers who are tired of this shit.
The use of SSN as a PIN amazes me. The security relying way to much on the fact that no-one is suppose to have access to your SSN. If you get your SSN I can go say my wallet was stolen and you need to have new ID's made. Then get a stack of credit cards in your name. In a couple of days I'll be more you than you are. With so many people requesting to see you SSN in everyday life. This is a serious threat. My girlfriend was even asked to give up her SSN when she paid with a check at a grocery store because she was out of state.
"In addition, ChoicePoint strongly promotes the responsible use of information as a fundamental plank of its business model, including strict standards regarding the use and dissemination of personal information."
"Protecting privacy is always a ChoicePoint priority. To underscore our fundamental commitment to privacy and our vision that good privacy is good business"
"This site only collects personally-identifiable information from you if you chose to provide this information to us."
"ChoicePoint does not provide personally-identifiable information to unaffiliated third-parties"
"Any communication or material sent to ChoicePoint Inc. or to the Site by electronic mail or otherwise, including any data, questions, comments, suggestions, feedback or the like, is, and will be deemed, non-confidential and non-proprietary. Anything sent to ChoicePoint Inc. becomes the property of ChoicePoint Inc. and its affiliates and may be used for any purpose, including, but not limited to, reproduction, disclosure, transmission, publication, broadcast and posting."
just thought id put some of the more interesting stuff here in one place...
Apparently they helped Bush steal your HTML tags as well.
This guy is way out there
The real problem is there's no public/private key separation. Your credit card number is a secret key, but must be shared in order to do business with it. Ditto for checking account numbers which make direct deposit possible. The reason boils down to sheer laziness on the part of credit issuers. When there's a problem they can soak the merchants and/or customers, so they haven't bothered to fix the system.
That solves your bank deposit problem. Public/private key separation would solve most of the problems.
As far as repeatedly entering addresses--come on, that's easy. Browsers have a wallet-like feature which fills it in on demand. There's no need for the provider (netflix) to store the information, and they should refrain from doing so.
So far as taxes are concerned--of course you have to give personal info for H&R Block to process them, but the grandparent means it should be treated as your property. You may leave valuables with a bank safety deposit box, but the bank does not own them. It is a steward. Its rights obviously don't extend to sharing information about what you've deposited with others.
seems awfully sure of his facts.
But I don't see his references in those articles. No links (and I know there are plenty of people who link him). Very few names.
I can sort of understand the lack of names, although it leaves me with questions. People do get scared.
But then he complains about HAVA, and he doesn't say why, except to wave his hands and say it's bad. He could at least put a link in to an article explaining the problems, even if he doesn't want to spend words in that article on the issues.
I can rant, too. But at least I can put a link or two in when it will help explain things.
The lack of explanation, even though I know HAVA was an exercise in how not to help voters, leaves me unconvinced on the other charges.
Do we really want change, or do we just want a bad guy to vent at?
If there's no explanation, charges are forgotten as soon as the TV catches the attention.
One more thing. This one hurts, but getting scared does not protect your rights. You look at the examples we have in the Ukraine and many other countries. People are putting their future on the line for freedom. But in the US, people want the freedoms without the costs.
Real freedom is not free as in beer.
*although the Propositions usually suck
/schadenfreude
That is not an excuse. The fact that you happen to live in another state doesn't mean they have less of an obligation to you.
Of course it does. ChoicePoint's obligations in this matter extend only as far as set forth by state and federal law.
Now I've been told many times by people on Slashdot who don't live in California that I must be a pinko commie because I live in California. Us pinko commies here like to push corporations around with strange socialist-style laws, creating obligations for them that simply don't exist in more enlightened areas of the country that enjoy what the guys at CATO call "economic freedom".
For example, we make people print weird things on cans about stuff known to our state to cause cancer- a subject on which California appears to be some sort of an authority. (If other states know what's causing cancer, they're sure keeping it a secret.) And if ChoicePoint compromises your personal information, California forces them to tell you. Apparently in other states it's none of your damn business unless you're an employee of ChoicePoint. Or maybe a customer- if ChoicePoint is smart, they'll recognize the business opportunity here. I bet plenty of people in the other 49 states would be willing to pay to know whether ChoicePoint gave crooks their data or not.
If you don't live in California, there is always freecreditreport.com. It has a 30 day free trial.
Look at the bright side. If you don't live in California, you're far more likely to pay less than a half million for your house, so your credit doesn't need to be that shiny anyway. If a few Russian mobsters get your personal information, you're probably still better off than the average California home-buyer. And once you buy your non-CA house, you'll only pay your own share of property taxes- you won't also be paying them for all your neighbors on the street who voted to make themselves a landed gentry years ago with Prop 13.
When one of the "contact us" options is "DNA Identification and Testing" it really makes me wonder just how much information they have on individuals.
Does that mean Google Management are FAGS or just TRAITORS?
Me I'm bettin' BOTH!
In the short run, of course, a lot of people are going to be burned by this. But it could have some positive effects in the longer run. Once it becomes clear that using Social Security numbers as a form of ID is asking for trouble and that any information given to marketers is bound to be 0wned eventually, we'll start to see some legislative and commercial movements away from the current monolithic data hoarding. Right now, no one wants to endorse the right to privacy, since it "helps terrorists" and "hey, YOU have nothing to hide, right?" but once people realize that identity theft can effect them, we'll start to see some change. Hopefully.
2 years ago I changed jobs, and my new employer used ChoicePoint for a background check, including references. One of my former coworkers was befuddled by the awkwardly worded request ChoicePoint sent him, and forwarded it to me. I was appalled when I realized that they're sending out reference requests with an email template that puts the SSN in the subject line, making sure that it gets logged for posterity who-knows-where.
I don't think they're evil, but they certainly don't seem to have any hint of appreciation for the sensitivity of the stuff they collect. HIPAA on them!
Now you've generated more data for their profile of you and informed them that you follow links off of Slashdot. Good suggestion!
Open: An underworld type figure is going through several folders of information. Credit cards are all over a large oak table.
He looks to the camera.
UWF: "ChoicePoint is my point for all your information"
Voiceover: "ChoicePoint, looking after number 1, itself"
it is only after a long journey that you know the strength of the horse.
This has probably already been devised but this could work via a kind of key where the system on the other end would only know the individual key pertaining to your computer. The data would be read out, encoded and stored on the remote computer encoded. If you assigned a unique key, revolving hardware keys and perhaps an optional user password there would simply be so many varieties of encoding that it would be hard to break all of them for every person's info. Even if the keys were simpler the time to crack the millions of simple keys would certainly slow or make ineffective the stealing many peoples' information.
This is not surprising to me, as an employee of a recent ChoicePoint acquisition company. They've acquired 50 companies in the last few years and I'm surprised that they even knew that there was an intrusion. Most of the people that I have met from ChoicePoint are dimwits, and don't get me started on that republican-puppet Derek Smith. However, this is insignificant compared to what they did to rig the 2000 election. Derek's motto is "[you] have the right to privacy, but non anonymity." What a load of shit.
I mean come on...
[sarcasm] typical liberal hysteria. [/sarcasm]
+1 Funny or not at all
[Fuck Beta]
o0t!
http://www.anewidentity.com No big deal...
Oh well, what the hell...
I know the big 3 (Experian, Equifax, TransUnion) and being able to use annualcreditreport.com, but didn't know ChoicePoint was subject to the law (but after this, will be sure to get a copy when September rolls around). Any others people are aware of?
His password is 'rapala', FYI.
When will people get it, security through obscurity doesn't work.
Is there any legal remedy in the United States for this?
From what I understand, credit agencies cannot be held legally liable for false information in your credit report.
Also, there is no legal requirement for these agencies to keep your data about you secure. They do it for PR reasons, but that is about it.
The EU has some laws protecting consumers from this crap. I understand that the FTC is doing some work in this regard, but nothing yet.
Anyone have more details on this?
If we could hold these agencies criminally liable for these events, I would expect that 1) credit reports would be a lot more accurate and 2) companies like this would not exist due to the liability of having this type of information being too huge.
Holy crap. My school (as I'm sure a lot of other universities) subscribes to LexisNexis Academic. That database indexes newspapers and news magazines. I had no idea they kept a database with ME in it!!
eep!
- His words are a bunch of bollocks.
- His company is a failure.
- Companies don't know about him.
- Companies don't want to enter in a contract with a convict.
- Companies don't give a damn.
I hope to read his book when I have free time. If you...there are others simply grabbing your data and SPEWING out on the web for all to take.
check out http://www.eliyon.com/.
Not ssn and mother's maiden name, but equally as disturbing to me.
Looks like it's time for a major class-action lawsuit. Any lawyers out there want to get rich and retire in style? Here's your chance.
Mass state uses your social security number ON your license? Sheesh, sorta makes not carrying around your social security card a mute point.
An identifier. An SSN is an ID, not a verification. It is useful because there can be, and are, collisons of names, which is the primary method of identifying someone. So you take a name + an SSN and there is nearly a zero chance of a collison (even more so if you add a birthdate). As you note, however, it needs to be assumed that this is known, is public. I wouldn't attmept to use my name to verify my identity, why would I use my SSN?
Companies need to get on the stick and use other verification measures. Using an SSN as na ID # is fine, not as a password, that needs to be something else not related to identity.
Everyone reading this story should take a few minutes out of their day and call ChoicePoint, and ask them a few, um, "point"ed questions. According to their page at http://www.choicepoint.com/privacy.html you can call them at 1-877-301-7097. Call them up, take some of their precious time (they're taking yours, it's only fair) and phone bill, and ask them directly if your private, personal information was involved in this theft. I'll be doing so tomorrow, and making as much of a pain of myself as I can. Supervisor, here I come!
GStreamer - The only way to stream!
The first paragraph in ChoicePoint's Fraud Prevention Solutions page contains this amusing excerpt: "ChoicePoint's primary goal is to help speed and ease the research process and provide resources ... in order to prevent fraud..."
It's amazing how removing just one word from this sentence yields their ACTUAL business practice.
"It's hard to bargle nawdle zouss
With all these marbles in my mouth"
Their website. The link to "Latest News" "Record Revenew"
What could be more telling. NO, ASSHOLES, that's NOT THE LATEST NEWS.
If one ever needed evidence of the lying, cheating, dishonorable aspect of American Capitalism, this is it.
Dickheads. Suspender wearing, Blackberry toating, power lunching, lay-offing, ass-kissing, pro-activly cocksucking DICKHEADS.
I can't stand it any more. Where's my Prozac (TM)?. These fuckwads are hurting my buzz.
Mod down people who tell people how to mod in their sigs
How would THEY take the transaction tax off?
;-/
Otherwise, perfectly described Swiss bank anonymous account... "But think about the CHILDREN!"...
Yes, tehre are technical means, and then there are financial/political "considerations". I wish it would happen ike you describe, but, really, a snowball chance in hell it will, agreed?
Paul
Demand to be informed. Find your SAG's web site: http://www.naag.org/.
could I sue them? And on what grounds? Negligence?
Really, there need to be hard rules (I hate the word 'law', but essentially it's the same) made for companies that hold personal information in digital form. Databanks on their intranet shouldn't even be connected to the internet, but in this case, it wouldn't have mattered. Social-engineering did this? Man, what kinds of badges do they have for security there?
Candy badges might be slightly harder to forge than something printed on an inkjet.
No sig for you! Come back one year!
The article points out that "Lee said law enforcement officials have so far advised the firm that only Californians need to be notified.", so I'm guessing that there are probably another 300,000, or so, nationwide who will not be notified by the company. A few other really high-profile types might get a notice, but I'm betting that no more than a couple dozen non-Californian SlashDot readers will get notices.
Does anybody else want to call and ask and see if they even get an answer? (I don't live in the US, so I probably don't count, statistically speaking.)
Free Software: Like love, it grows best when given away.
ChoicePoint and Axciom make money by selling data, right? If we compile all of the data on ourselves first, shouldn't we be able to prevent them from selling it to other people?
I believe that they think that all of that information has some value, and California believes that that information may harm the people that the information is about if criminals get ahold of it. If so, can't we make the case that all of that info really belongs to us, and that we might be harmed if a bunch of nit-wits get ahold of it and sell it to criminals?
It would make some sense to steal that information and make it all publicly available for free, and see what happens. The companies that 'own' it can't do anything but prosecute someone for B&E unless the information has a monetary value. If there is a monetary value, then everyone should be financally compensated for each 'sale' of their info to any other company.
is to sue for inadequate protection and technical inadequacies. They are running Windows(BTW, do netcraft on all the reported breakins(such as www.saic.com) for the last year, quite the eye opener). It can be shown that Windows CAN NOT be secured. As such, it is a poor choice (in fact, one of the worse choices), that a company can make. Once companies are held accountable for picking a known insecure OS (otherwise, known as TCO), then companies will think twice about the dollar costs AND the potential legal costs if one or two of them are thrown in jail. After all, how is this any different than a bank using a safe made of paper? Would not the bank officers be sued for incompetience? and would not the bank be held accountable? Same thing.
If ChoicePoint keeps tabs on your FICO Expansion score (Fair Isaac started selling this on July 27, 2004), then the "other information" mentioned in the write up probably includes your checking account information.
I'm sorry I don't have time to check facts thoroughly, but here in Italy, personal information does belong to the individual. I think this legislation comes from EU directives.
Basically, you don't own the actual © to the information being stored, but you own all rights to it, except what I'll call "commercial exploitation."
In other words, any company requiring you to hand over personal data (even just name and DoB) must publish a notice in which it officially states it complies with current law, and a legally-binding policy of use of the data (this is similar to the US, AFAIK.) Such policy, here, must include a document which specifies the security measures the company has taken to protect the data, down to a description of their IT systems and "practices," and/or a list of people entitled to access and use these data.
However, the difference is you may officially ask for removal or change of the information from any form of database the company may have, at any time. They have a limited time to comply, and you only need to send snail mail to exercise your rights.
For credit information, AFAIK Italy has a centralized, governmental database for those with officially bad credit (sorry, don't know the legal English term.) Not sure if you have the same rights over it. However, if any bank or commercial institution keeps a copy of the database (possibly with additional information), it must ask for the individuals' permission, and its database must comply with the above legislation.
This doesn't solve the problem of what happens if your data is stolen. However, it gives you the right to withdraw any and all information from a company if it doesn't meet your requirements for trust. Or again, it allows you to erase any and all information from the databases when you're no longer interested in the company's services.
Of course, the fact it requires you to send official snail mail discourages most laypersons from a thorough "personal data management." However, the possibility is there.
...I am quite unsettled now from this.
There's no simple solution to it, other than abolish technology.
So, 50,000 people file a class action lawsuit in federal court, but the Federal judge declines to hear it...
So 1% of those people (500) file independent lawsuits in 50 different states, each with different arguments and facts. The price of fighting them all could be horrendous.
My god... just what is that place.
I love this link on the the website you listed that refered to The University of Nigeria: Home of the Advanced Fee Methodology
This is just too good to be true...and it is.
Frankly, one of the best parody sites I have ever seen. Thank you, thank you for a good chuckle, and something I'm going to have to make sure gets spread around.
This is almost as good as the Microsoft Linux Distro Definitely a bookmark site.
As someone noted, Choicepoint/Database Technologies are the guys who were paid to scrub Felons from the Florida list of eligible voters before the 2000 & 2004 elections. If you live here you read about em in the papers constantly for shady activity, & they were in a few documentaries about the elections. They were paid an insane amount of money ($4 million no bid contract, see Jeb Bush, FL governor) for what they did, and did a horrible job in return. A few of the problems were they only matched parts of names, not whole names, gender, race, etc...so a black guy w/ a partial name match to a white felon would be unable to vote. This ended up disenfranchising thousands of black voters (frequently democrats) in the 2000 election where Bush only won by 500-600 votes in the state, which led to him winning the election.
The Pizza Joint Kid.
And. The Information Highway.
At least until Blair and Clarke finish butchering the law to suit their own agenda, this sort of incident occuring in Europe would be almost impossible. The Data Protection Act would prevent ChoicePoint from allowing anyone other than you (besides law enforcement, with warrent) access to your personal information without your explicit consent. For example, when I graduated last summer, I had to sign a DPA waiver so that the University were permitted to release my grades to any potential employers who wanted to look at them in the course of a job application. Of course, all the new government databases in the UK that tie in with our glorious proposed national ID card scheme will be exempt from the DPA, but everyone else in the EU is still bound by it.
A few years ago I applied for a mortgage, and got refused because the bank did a credit check with Experian, Experian told them I wasn't on the electoral register, so the bank turned me down. I knew I was on the electoral register, and had been for years. I went to the local council for my previous residence, and the helpful council officer checked my record, and even let me come round the desk and look at her screen to see my record. I phoned Experian "I know I am on the electoral register for this address" (Experian) "no, sorry sir, this isn't on your record" (me) "I'm looking at my name on the electoral register, I'm just handing you over to the council officer who will confirm" (nice govt. officer): "yes, he is" (Experian "ahh... we'll look into that" (me): "cheers, I've been turned down already for a mortgage, are there any other parts of my credit records you should be checking?".
I really recommend that anybody in the UK who is about to buy a house/car/other significant credit transaction to ask for their records first. Which of course costs you money that goes into the credit agencies pockets. It's a corrupt system, and there's nothing we can do about it. Private companies running (ruining?) peoples' lives. "Sue the company" might be ok for you big shots but I was on low wages then and I'm a student now. One day I'll be working again and the first thing I got to do is use *my time* and *my money* to unpick *their mistakes*. Experian's mistake f*cked up my life, be wary people.
As a matter of fact, even supplying personal data to third parties is outright verboten without a solid reason to do so. (And no, money grubbing greed is not considered a solid reason, legally)
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
As another UK resisdent I must express my surprise and, yes, shock that the local council was actually good for something :)
Does that mean that virtually every citizen gave them the permission to collect data about them, or that it is really legal for a company in the USA to collect personal data about people without their consent or even knowledge?
And what do they do with this data, they can't sell it, or what?
And how can one of those "virtually every citizen"s get all this data deleted when he wants?
Why are there no laws governing the use and storage of people's informatio? We need an amendement (bill of rights) to the constitution that would protect individuals from any kind of intrusion on their privacy. I believe that if computers existed at the time of the creation of the bill of rights the founding fathers would have included something quite strict on the matter. Why don't the democratics pick this up and push it in congress, or have some hearings on the matter? Where is our country going? Is there no longer a statesman that want to protect individuals?
I keep fraud notices on my credit reports AT ALL TIMES. It is a slight hassle when I do want to open a new account, but that is so damn rare that it's worth the extra protection. I just wish the credit file locking option would be legislated nationwide.
Aren't addresses public...? Like, in the phone book and stuff.
While I like the idea of other companies not being allowed to collect or share personally-identifiable information without my explicit written consent, I think a more important stopgap measure is for the government to forbid companies from permitting credit or banking transactions where the identity of the individuals cannot be verified. (It would actually be a more complicated setup than that one sentence, to allow, for example, you to transfer funds between a bank account and a brokerage account once you've been verified as the owner of both.)
I also suggest that the government operate an independent "identity clearinghouse" of sorts. The process would go something like this:
1. Consumer requests (for example) a new line of credit from Bank X. In the process, Consumer provides contact information to Bank X.
2. Bank X contacts Government's Identity Clearinghouse (ICH) with the provided contact information.
3. ICH (a) compares the provided contact information with that in their records, and (b) uses that contact information to contact the consumer and verify that the credit request was valid.
4. ICH informs Bank X of the validity of the credit request.
To fund the system, a small charge would be paid by the consumer, the bank, or both. Other more secure measures (such as personal appearance at a local office) would be involved in changing the information in the clearinghouse. The consumer would then inform their bank(s)/utilities/whatever of their updated mailing information, and the bank would then ask the clearinghouse to verify the correctness of that info.
I created my address by purchasing a house and moving into it. I created my credit history by obtaining credit, using it, and paying it off (or not). I created my salary history by getting a job and drawing a salary. I created my education history, GPA, major, minor, and concentration by getting an education. I created this message. I created my marital status. I created my child, though they are creating original art of his own in the form of barf stains and poopy diapers. I created my driving record in the car I purchased (thereby creating a transaction). I created a trip to Alaska last year. I created the purchase of several souvenirs while there. I created a speeding ticket near Healey, though I will concede that the public has the right to know what sorts of idiots they are sharing the road with and place that in thee public domain.
I created every single item in that database through my own actions. Any score, categorization, or classification created from that data is a derivative work. Who the hell are they to act like they have more of a right to it than I do?
This is not my sandwich.
PR Problems?
Thousands of people are denied their democratic rights, thousands more have their personal details illicitly accessed, and you call it "PR Problems" ?
"Oh, but it WILL affect their PR!"
Yes, but that is not where the problem lies. The problem lies in the company not being capable of doing its job.
b3 4phr41d 0f my 4bov3-4v3r4g3 c0mpu73r kn0wI3dg3!
MadDwarf
Although the posting notes that the company has notified several thousand Californians, don't take this as suggesting that the damage is limited to Californians. From the article:
"California law requires firms to disclose such incidents to the state's consumers when they are discovered. It is the only state with such a requirement but such data thefts are rarely limited to a single geographic area."
Time to start lobbying some other states' legislatures, perhaps.
...Is to make credit bureaus and data aggregators like Choicepoint liable for inappropriate data dissemination.
These companies are in a position of responsibility, but they don't seem to take it very seriously. The credit bureaus have already bribed their way into legislation that makes it your responsibility to correct errors in their data, not them. If we don't act now, they'll bribe (excuse me, I mean "make campaign donations") and get a free pass on handing out your data to the Russian mafia, too. I say make them liable for monetary damages, instead.
Institute it, and watch how fast their security improves. The attitude of: "Oh well, its not our problem" would be a thing of the past. OR somebody would sue them bankrupt. Either way, the consumer wins.
Plus, the idea of suing these bastards into bankruptcy appeals to me because of Choicepoint's role in George W. Bush's 2000 coup.
Who did what now?
"You're telling me that I should be charged with a crime?"
Its negligence to use tools that you know are unsafe.
IIS is unsafe. Anybody technical knows that. Gartner has told you that. There are a lot of good, cheap choices.... Apache, SunOne... That are secure.
So if you choose a tool which has a high incidence of failure, which experts recommend you not use on a public site, then yes. I would hold you liable for use IIS.
Nobody smart uses IIS these days. Its primarily the tool for mid-level cowboys who think anything from MS is the bee's knees.
In case you didn't know it, church is the best place to get laid. Pick a good looking chick, take her out dinner, have sex with her. You can read the bible together afterwards.
The only downside is that if "date" her saturday nights, you'll have to go to church with her Sunday morning. But you can chuckle as you shake the minister's hand. Little does he know where those fingers were a few hours before!
Not so long ago, I was surprisingly refused credit. In fairness, that part wasn't Experian's fault; it was down to an automated address database that didn't recognise the correct form of my address and decided I didn't exist. However, during the follow-up enquiries with the credit card company who'd turned me down, I obtained a copy of my credit record from Experian. There were so many minor inaccuracies it was scary. The best bit was when, at 17:05 after speaking to someone there for five minutes (after about a half-hour on hold), I was asked "whether it really matters, because I'm supposed to go home at 5". I was speechless, and for me that's saying something. ;-)
The really disturbing thing is that despite our actually pretty good data protection rules in the UK (the Data Protection Act does have some teeth, and thus far the Office of the Information Commissioner has proved to be very level-headed and apolitical in its actions) the entire credit and finance industry has basically managed to exempt itself. The credit agencies are allowed to keep files on me without my permission. Those files are obviously grossly inaccurate and poorly maintained, but if I lose out on something because of the bad information I have no recourse. (Well, I can add a "notice of correction" to the file after the fact, after getting a copy of my record at my own expense.) If a financial group turns you down for credit, they basically don't have to tell you anything, other than (a) whether an automated credit scoring system was used (in which case they do have to offer you a reassessment by a real human being) and (b) which credit reference agency/agencies they used.
Now, I'm not a big fan of credit in the first place. I always liked the advice to read "credit" as "debt": "3 years' interest free debt!", "I have a $50mil debt limit on my card!" etc. But in our society today, credit can be a useful tool when used judiciously, and if a market that is fundamental to the way our society currently works is to be allowed to regulate itself to the extent that it currently does, it has to be reasonable about fixing its mistakes. Otherwise, screw 'em, and let fly the lawsuits that everyone else would be subject to if they made the same sort of mistake with the same consequences.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
As an attorney, I would suggest that there is already adequate support in the law for an action against Choice Point. As some posters have already noted, the cost of litigation would prevent individuals from suing separately--the solution in such cases is to file an action on behalf of all those affected. This is called a "class action".
Of course GWB is pushing for "Tort Reform" to eliminate class action lawsuits in the United States.
It doesn't require a tin foil hat to see why this is such a priority for him when a major ally to his campaign is clearly in the sites for such a lawsuit.
I live in Belgium. You know, the little country all of slashdot flamed or pitied because we got an electronic ID card.
... that has personal information about me, must let me see it and modify it on simple request. If they want to give information to other companys, they have to mention that, and a simple request by me forbids them to do it (most shop's request-for-information-forms have a checkbox you can mark, and it is OK if you just write "i do't want this" on the other forms).
The interesting point is: We don't have this problem: All the points mentioned about the electronic ID, or about the fact we have to have an ID, are THEORETICAL. In practice, this doesn't happen. As I read again and again on slashdot, in the country of the theoretically free people, lots of really ugly stuff happens again and again.
Maybe you should all come and live here, as we have some interesting laws and habits that protect humans:
* Every company, shop,
*Almost nobody is allowed to even ask for my ID card. The police can (they do when they check if you drive drunk, but i saw on TV how USA police asked for a SSN or drivers licence, so it is not really different there). Some high-ranked people on the trains are allowed to check it to see if you are e.g. not to old to get a ticket for young people. They are not allowed to write anuthing down about it. These are the only people that ever requested my ID,and in both circumstances, it is quite rare.
* It is not possible to steal money from my bank card by knowing it's number, as it is protected by a secret code. This is not perfect, but it works quite well and misuses are never so big as to have 30.000 victims)
So i would ask all the USA-inhabitants to stop whining about ID cards until you know what you are talking about. Your governement brainwashes you to believe you are free by pointing to facts like 'you have no ID - please forget about the SSN', but stories like this prove you wrong. Belgium is by no means perfect, but I'd much rather have my ID card than come over to the USA and suffer under your 'freedom'.
This is not theft. Nothing was physically taken from ChoicePoint. Copied, perhaps, but I have a different take on all of this.
If anything, this information was liberated by people who understand that it can't and shouldn't be bottled up and controlled by multinational conglomerates. These freedom fighters should be lauded as heroes, not vilified as "thieves".
Need I remind Slashdot about the natural tendencies and desires of information?
"Ask not what your country can do for you." --John F. Kennedy
The problem lies in the company not being capable of doing its job.
Are you that naive?
They did their job perfectly well. Lots of people couldn't vote, Bush won. Job well done!
The question here isn't how well they've done the job, but what exactly the job to be done was.
DJ kRYPT's Free MP3s!
All Lawyers Out There-- This is an example of complete negligence and will cause great harm, financial and emotional to potentially millions. Class action suits have been won on much less. Why doesnt someone fine a class action against this company? Unlike suing doctors, we'd be accomplishing much here -- we'd be going after a company which does not respect the rights of the American people.
Most governement data mining ventures have failed such as two high-profile FBI projects and three iterations of an airline passenger database. Most agencies are inept in managing large software projects. So as a backup, the governement, mainly Homeland Security, has been purchasing private firm data.
To be frank, I don't see the government databases any more secure than private ones. Lowly clerks, some of those hired by affirmative action, are vulnerble to bribes as in the Colorado drivers license scandal.
$100 is pennies in the grand scheme of things, and nothing compared to an extra percentage point of interest.
The most common use of "point" in that respect that I've ever heard is in the US is to use "point" interchangeably with "percentage point", i.e. 1 point = 1% = 1/100.
The US Financail community will occasionally use "point" as short hand for "basis point" which is 1/100 of a percentage point or .01%.
But I've never heard of a semantic system that uses "point" to mean 10% and I'd be curious as to its origin.
I doubt it. I think the only reason the California people were even notified was because of state law. Consumers in other states aren't being notified because those states don't have laws requiring notification.
We are the 198 proof..
What is an electoral register....and why would you need to be on one to get a mortgage loan?
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
is that they are voluntarily notifying all affected consumers by mail in the next 3-5 days. This is according to Elliot who refused his last name, but said his identifier was CL6. His supervisor is Laurie Ann. Reach them at 800-342-5339, lots of 1's and a 2 I think to surf to the Consumer Division.
Boy do I feel better now. The bad guys ony have 3-5 days to rip me off blind. phew.
The electoral register is a list of all persons legally allowed to vote within UK elections, and it's one of the ways lenders decide whether you're a worthy risk or not.
Backup not found: (A)bort (R)etry (P)anic
So...you have to vote over there in order to be able to get home loans? That doesn't seem fair...do they force you to vote over there? What does voting or not voting have to do with whether you can pay off a loan or not?
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
They are in fact already doing this with another subset of our personal information: our medical history. HIPAA prevents anyone from accessing your medical data that you haven't authorized. I'm starting a new job tomorrow and had a pre-employment drug screening today. I asked the nurse if she needed to note any prescriptions I've had recently. The nurse said they couldn't even ask that; that only the lab people could ask that if something came up. If Congress can get a law passed that protects our medical history, why can't they pass one that protects our financial history?
They've got a webpage! They've got a "Contact us" page! Drop them a line asking if your data has been compromised. Be polite, explain you're not in California, but you still want to know. If they're not going to send out letters to all of us, I say give 'em hell!
o ntactemail?openform
http://www.choicepoint.com/choicepoint/home.nsf/c
--LWM
It's also a public record and frequently used for credit checking purposes since it's a good and accurate way of cross-checking prospective loanees but, as I said, it's merely one part out of many lenders consider when taking on a risk.
Backup not found: (A)bort (R)etry (P)anic
While you are remembering, don't forget the networks called the election in Florida before the polls closed, costing Bush thousands of votes in Western Florida a chance to win by thousands, not hundreds.
I should have seen the 'should' in that sentence...
I think we agree. Undo that last posting...
--- Hindsight is 20/20, but walking backwards is not the answer.
But yup, for my part I have had no bad credit, no criminal record, have no credit agreements, and earnt a decent low end professional income for several years prior to applying for the mortgage, so can only assume the electoral register issue was the factor that stopped me getting a mortgage. This also means I now have an official refusal from a bank on my credit record (due to the incorrect data held on me) that will prejudice further attempts to get a loan to buy a house/ car etc. Be afraid people, and even if you're a young anarchist now, quietly fill in your electoral register forms when the other punx aren't looking! Mebbes five years from now you n your pierced up truck driving fire breathing girlfriend might want to buy a little cottage somewhere and need a bank to help you get started...
you'll love this - it was London Borough of Hackney. They've messed up a lot of stuff in their time but credit where credit's due (excuse the pun...), their staff were very polite and helpful.
As a former ChoicePoint employee (I worked there for over 4 years) I am absolutely appalled. It was drilled into our heads that our mission was to "make society safer by the responsible use of the data." Hah! It is also NOT true that they don't know if your data was accessed. Most products log the searches that were performed for most user types. I know for the products I worked on, I could query the logs to see if my SSN, address, etc. were searched on.
ChoicePoint says "Our data, our mistake, your tough luck." Even worse in the case when they helped disqualify legitimate voters because they were paid to do so...
It's always seemed to me that bad data in credit reports could/should constitute libel. They're making untrue claims about you in print that damage your reputation.
I'm sure the defense they use is that "We're making a credible effort to ensure that the data are accurate, and therefore any untrue statements are unintentional". That argument seems a bit specious, given the reported prevalence of errors in credit reports-- if there were errors in 1-2% or less, it might be plausible, but when nearly a third of reports have significant errors in them (according to consumer reports) that's starting to look like negligence. Similarly with ID theft--a friend had her identity borrowed, and the utility that her name was used with was given a made up drivers license number over the phone. They certainly failed to do even the minimum to verify identity, so why shouldn't they be sued for libel when they say something bad about her?
It seems like libel is a straigtforward way to force the credit agencies to bear liability for maintaining their records (and other companies for reporting accurate data to them). And this may be a case where millions of individual suits is more effective than class action-- death by millions of tiny cuts.
"A friend never allows her SS # to be used for anything. Not banks, not schools, not health insurance. They squawk and scream and threaten and she stands firm. ... Massachusetts also allows one to use a generated code instead of SS # on drivers licenses."
I admire your friend, and I'm the same way.
From what I understand, Arizona is also the same way - you can have a randomly generated number for a DL#. Also, you can request a "private SSN" (it might be called something else) for your academic records - it's a 9-digit number that starts of with three 9's. Eg: 999111111. I'll be doing that when I have kids.
On a related note...
Some other thing you can do to protect your identity is to simply cross out the first 12 numbers of your credit card number on any receipts. All the merchant needs for their records is the last 4 numbers of your CC to confirm transaction at the end of the day. I'm so amazed that so many restaurants grocery stores and merchants print the whole 16-digit number on the receipt.
And, the doctor's office. All they really need is your name and where to mail the billing statement to (Read: mailing address, unattached to your home if you'd like). They DO NOT need your Driver's License Number or the name of your pet dog. I don't think they even need your Social... unless you're on Medicare or another government-authored plan.
Has anyone actually received one of these warning letters from ChoicePoint? I would be interested in seeing exactly what it says.
The US Office of the Comptroller of Currency (OCC) requires banks, S&Ls and others to have a "customer identification program" to be compliant with the Bank Secrecy Act and the Patriot Act. In short, banks have to have reasonable assurance that you are who you say you are before they're allowed to open an account for you - that precludes what you're talking about.
If you're really nerdy, more information is available at (http://www.occ.treas.gov/BSA/BSAGuidance.htm)
Companies like Harte-Hanks and Conversant compile consumer databases from multiple sources, then match them to build more robust records.
So, every time you buy napkin rings at Crate&Barrel they'll ask for your ZIP. They'll send in along with your purchase history and the name from your credit card to some transactional database. That db will get matched to a master db--and, viola, C&B knows who you are, where you are, what you're spending, how you're paying, and what you're buying.
Then, C&B might sell that db to HH for a whack of cash, and HH will link it to a USPS and census files. The latter contribute your most recent mailing address and demographic data. Plus, they'll match it against other purchased files, so a single file will tell them who you are, where you travel, where you shop, what you buy, how much you spend, where you live, how old you are, what degrees you have, your gender and ethnicity, and a bunch of other things like whether you're divorced and what your kids' names are. They also used to link the files to credit card information, but that's nominally illegal now.
Why do they do this? So that they can sell the fat bundle to Pier 1 for two whacks of cash.
If you ever get an unsolicited catalog in the mail that actually looks kinda cool, just remember that it means somebody's got a damned big data file on you.
And you can call companies like Pier 1 and tell them to take you off the list (despite the fact that they can mine their customer dbs daily, they'll take six weeks to delist you--but they will delist you), but that won't take it off of the lists of pimps like Harte-Hanks, who are still selling you to other companies. Regulation is the only hope for data protection. ChoicePoint is the Enron of the data pimping industry, and we can only hope that it leads to a sort of Sarbanes-Oxley Act for data pimping companies. Make it happne: write your senator.
We at ChoicePoint understand the concerns and fears that many of the posters to this site have expressed in recent days and wanted to briefly clear up some questions. First, ChoicePoint voluntarily notified 145,000 people whose files MAY have been accessed in this incident. We did so as soon as the California legal authorities informed us of the extent of the problem. We've told those potentially affected how ChoicePoint will help them monitor and correct any situations regarding the potential identity theft issues. We've also changed our internal procedures as part of our ongoing effort to make our databases more secure, and continue to look for ways to further strengthen the vetting process for new customers as well as how we seek potential fraud or abuse once customers begin to use our data. We understand that there is great suspicion and a lack of understanding about what we do and how we do it. We hope to begin and encourage a broader dialogue on the risks and rewards of information uses. Hopefully, some of your questions can be answered by checking the homepage of our ChoicePoint website at www.choicepoint.com. James E. Lee, Chief Marketing Officer of ChoicePoint