Slashdot Mirror
ChoicePoint Data Stolen By Imposters
swight1701 writes "Criminals posing as legitimate businesses have accessed critical personal data stored by ChoicePoint Inc., a firm that maintains databases of background information on virtually every U.S. citizen. The incident involves a wide swath of consumer data, including names, addresses, Social Security numbers, credit reports and other information. ChoicePoint notified between 30,000 and 35,000 consumers in California that their personal data may have been accessed by "unauthorized third parties." No obvious notice appears to be on their website."
according to a new federal law, The Fair and Accurate Credit Transactions Act (passed in Dec 2003) you are entitled to a free comprehensive credit report yearly. The big three have an official website at www.annualcreditreport.com (no link b/c they reject unofficial referals) where you can claim your report. (though its not available yet for the mid and eastern states, it will be by the end of 2005).
Supposing my identity stolen and used for fraudelent activity. If we could trace the identity theft back to ChoicePoint, could they be held liable (in any sense of the word)?
Ordinarily in a case like this a class action would be brought against the company. The "Class Action Fairness Act" will shift class actions from state to federal court. Ostensibly this was done to prevent venue shopping- where you look for the state with the most favorable laws for your class action suit- but it also has the nice property that federal courts rarely agree to hear class action lawsuits, citing differences in state law. The Act effectively puts an end to all class action suits without explicitly banning them.
If you're a victim of identity theft because your Social Security number was compromised by ChoicePoint, you'll have to hire a lawyer yourself, prove that the identity theft was a result of ChoicePoint's negligence, and your case will be heard separately from those filed by any other plantiffs.
The databases basically involve public records from every county in a state describing ownership, professional licenses, et cetera. They often include every piece of information involved in submitting a request for some type of certification. Land deeds, for example, are in there, as well as contractor's licenses. A lot of that information is public record, but the stuff that isn't is the address (that's sometimes but very rarely public) and sometimes social security number. If you can establish that someone was at a certain address, and get a social from that address, hopefully correlating it with another address and matching (or near-matching) social security number, then you can look that ssn up in connection with all kinds of other items. This can connect them to any number of other people who you can bother for their phone number.
Eventually, you can find property, and depending on what state it's in you can sometimes take it away. California makes it pretty hard to do that kind of stuff to someone; you can't take away a home which is also a business, for example, and you can't take away someone's primary automobile -- unless you're the lien holder, that is. Or, well, the federal government.
Notice above I said something about a near-matching SSN? All of this stuff is near-matching. The problem is that someone might write their name (or other information) carefully in one place and illegibly in another. They might of course also forget or "forget" the number and misenter it. Finally, let us not forget the wonders of data entry and the errors therein. Some forms are OCR'd (anything typed) and some were probably hand entered. The record only goes back so far as well, but it's generally pretty far.
Anyway, anyone with a business that has a reason to need to do that kind of thing can get access to those databases. They can tell what you were doing with it, so if you do something naughty, they could tell.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
A few years ago I applied for a mortgage, and got refused because the bank did a credit check with Experian, Experian told them I wasn't on the electoral register, so the bank turned me down. I knew I was on the electoral register, and had been for years. I went to the local council for my previous residence, and the helpful council officer checked my record, and even let me come round the desk and look at her screen to see my record. I phoned Experian "I know I am on the electoral register for this address" (Experian) "no, sorry sir, this isn't on your record" (me) "I'm looking at my name on the electoral register, I'm just handing you over to the council officer who will confirm" (nice govt. officer): "yes, he is" (Experian "ahh... we'll look into that" (me): "cheers, I've been turned down already for a mortgage, are there any other parts of my credit records you should be checking?".
I really recommend that anybody in the UK who is about to buy a house/car/other significant credit transaction to ask for their records first. Which of course costs you money that goes into the credit agencies pockets. It's a corrupt system, and there's nothing we can do about it. Private companies running (ruining?) peoples' lives. "Sue the company" might be ok for you big shots but I was on low wages then and I'm a student now. One day I'll be working again and the first thing I got to do is use *my time* and *my money* to unpick *their mistakes*. Experian's mistake f*cked up my life, be wary people.