Congress to Investigate ChoicePoint

twzop writes "I just saw a story on the CBS evening news about the previously posted story about ChoicePoint, Inc. in Atlanta, GA getting hacked and US citizens' data being compromised. The story stated that Congress was going to get involved by investigating the scandal and that there was a large class action lawsuit against the private firm."

Re:damage size?

It is unlikely anyone can know for sure how much leaked. I believe it happened that they traced some identify theft back to a fictitous company that paid for access to choice point. During this investigation they found other fictitous companies registered with choice point. Do they know all the queries made by the fictitous companies? possible... Have they found all the fictitous companies?

And that is just the beginning of the nightmare

[schwit1]

The Washington Post has an article(reg required) today about Beth Plowman, a Damascus international public health adviser, was shocked when she discovered that a $27,240 arbitration judgment had been levied against her for credit card charges incurred by an identity thief who bought sporting goods all across Europe.

Bruce Schneier

[Shamashmuddamiq]

Schneier wrote about this in his blog.

145,000

[js7a]

Five posts and nobody's answered the question? It's not as if you aren't directly connected to a zillion ways to find it.

ChoicePoint data theft widens to 145,000 people

Re:damage size?

[Shakrai]

You're assuming there was an accident, and that he was at fault. CLUE (Comprehensive Loss Underwriting Exchange) reports are reports containing CLAIMS information provided by cooperating insurance companies

You explained it better then I could. In my instance I was driving home from work in lousy weather and got run off the road by a snowplow. My choice was to hit the snowplow (in a Dodge Neon) or hit the guardrail. I called the police but was informed that it would take them over an hour to get to me so I choose to proceed without a police report.

The bottom line being that there was no information of public record from this accident. And when I talked on the phone to the CSR from my parents insurance company I certainly don't recall giving her permission for them to disclose my information to Choicepoint. If they wanted to report the fact that my parents had a claim then fine (I'm sure they signed something when they bought the policy saying that their carrier could do this) -- but they had no right to include my SSN and NYS DMV id number on that report. I signed nothing for the claim (my interaction with them was limited to the aforementioned phone call) and I certainly signed nothing that authorized them to release my information. Yet I am told by my lawyer and by Choicepoint that I can't do a damn thing about it.

Your summary of CLUE reports was dead on BTW. Insurance companies love them -- most independent agents hate them. We also hate credit reports being used for underwriting - as a quick example without going too far off topic: My girlfriend has had a lousy run with accidents and tickets lately. She has a speeding >20mph, a following too close (with accident) and a traffic device (with accident) tickets. She also had a license suspension (too many points) back in November. Yet she gets into a better rating tier then I do with the exact same insurance company because her credit is better then mine. I've had one ticket in my entire time behind the wheel (missed a no u-turn sign) and the aforementioned accident. I have never filed a claim on my own policy (aforementioned accident was parents car). I also have three years more experience and a defensive driver course. Which one of us is more likely to get into an accident? Yet who pays more for his policy -- without the physical damage coverage that she carries?

Damn the man I say.

This is so wrong, it's frightening

[roesti]

While the generation of the "purge list" did have a legal basis - namely, that ex-felons were ineligible to vote - the process of generating the list was an enormous debacle.

ChoicePoint/DBT originally produced a list of about 8000 voters to remove from the electoral rolls. Katherine Harris got back to them and told them to widen the net - by omitting a few data integrity requirements, such as middle names, dates of birth, and dates and details of their convictions - and assured ChoicePoint that they needn't worry about the number of false positives in the list. This increased the size of the list to about 58,000 voters, more than half of whom were African-Americans.

When the fraud was officially investigated, ChoicePoint admitted to a false-positive rate of up to 15%, which was already far in excess of Bush's lead in the Florida poll. Later, an independent investigation showed an error rate of more than 90% - some 55,000 voters, some 30,000 of whom were black.

The USCCR was unable to identify a single voter that was incorrectly prevented from voting because of the felon list.

This is a flat-out lie. Read some first-hand accounts of voter disenfranchisement for yourselves. Voters were erroneously scrubbed from the electoral roll, were not adequately notified in advance, tried to vote anyway and were turned away - simple as that.

It's surprising how many people don't know this when it's actually very well documented; in fact, the story broke long before the election actually took place. My suggestion to the doubters is to watch Unprecedented: The 2000 Presidential Election , a very thorough documentary on the topic.