ChoicePoint
Encyclopedia
ChoicePoint was a data aggregation
company based in Alpharetta
, near Atlanta, Georgia
, United States, that acted as a private intelligence service to government and industry. It was purchased in February 2008 by Reed Elsevier
(parent corporation of LexisNexis
) in a cash deal for $3.6 billion USD.
ChoicePoint combined personal data sourced from multiple public and private databases for sale to the government and the private sector
. The firm maintained more than 17 billion records of individuals and businesses, which it sold to an estimated 100,000 clients, including 7,000 federal, state and local law enforcement agencies (30 March 2005 estimates).
However, this data had not been secured sufficiently to prevent theft of data on at least one occasion (see below). The company had also been the subject of lawsuits for maintaining inaccurate data, inquiries whether it allowed political bias to influence its performance of government contracts and accused of illegally selling the data of overseas citizens to the U.S. government. ChoicePoint was used to perform consumer and criminal background checks on prospective employees of the Obama administration
.
The company's activities included the following (30 March 2005 estimates):
ChoicePoint's database of personal information contained names, addresses, Social Security number
s, credit reports, and other sensitive data. In 2005, this database contained 250 terabytes of data on 220 million people. ChoicePoint also operated the Comprehensive Loss Underwriting Exchange (CLUE), a database used by insurance companies to share histories of claims or damage reports on property. The CLUE database includes identification information on properties such as homes and automobiles, policy records (name, date of birth, policy number), and records of claims (date and type of loss, amounts paid). As of 2006, history is kept for five years. It contains records of damage reports regardless of whether the damage resulted in a claim.
Palast picks up the story with Bush’s 2000 US Presidential Election campaign where he claims Florida Governor Jeb Bush and Florida Secretary of State Katherine Harris used their influence to purge and discount the ballots of predominantly Gore-supporting black voters through the “fake felons list” compiled by private company DBT/ChoicePoint for US$4 million.
and now known as DBT Online Inc.), a data analysis company in the same year. During the U.S. presidential election of 2000, people in Florida were struck from central voter file
and not permitted to vote. The US Presidential election hinged on the outcome of the vote in Florida.
DBT Online had been contracted to provide a list of voters barred from voting by the state of Florida
in 1998 for US$4 million, including a first year fee of US$2,317,800. The 1998 contracting process involved no bidding
.
In the aftermath of the vote, the owner of DBT Online, ChoicePoint,was accused of cooperating with Florida Governor Jeb Bush
, Secretary of State of Florida
Katherine Harris
, and Florida Elections Unit Chief Clay Roberts, in voter fraud, conspiracy involving the central voter file. It was also accused of having a bias in favor of the Republican Party
, for knowingly using inaccurate data, and for racial discrimination
.
The allegations charge that 57,700 people (15% of the list), primarily Democrats of African-American and Hispanic
descent, were incorrectly listed as felons
and thus barred from voting . Reports estimate that 80% of these people would have voted, and that 90% of those who would have voted, would have voted for Al Gore
. Other allegations include listing voters as felons for alleged crimes said to have been committed several years in the future. The official (and disputed) margin of victory, in the election, was 537 votes.
ChoicePoint says that it acquired DBT Online after DBT delivered the initial 2000 voter exception list to Florida officials for verification and that it has "...no involvement in any election in any country." However ChoicePoint's acquisition of DBT Online was made public on 14 February 2000 and in May 2000, DBT discovered that approximately 8,000 names were erroneously placed on the exclusion list, so their claim of no involvement does not match the timeline.
ChoicePoint Vice President James Lee said that at least 8,000 names were incorrectly listed in this fashion when the company passed on a list given by the state of Texas
, and these names were removed prior to the election. Fagan described this error as a "minor glitch." ChoicePoint, as a matter of policy, does not verify the accuracy of its data arguing that it is simply compiling public information and that it is the original collectors' responsibility to verify accuracy.
On April 17, 2000, ChoicePoint Vice-President Martin Fagen testified at a special Congressional
hearing in Atlanta that Florida had ordered DBT to add to the list voters who matched 80% of an ineligible voter's name, middle initials, and suffixes were to be dropped, while nicknames and aliases were added. In addition, names were considered reversible, for example Clarence Thomas could be added in place of Thomas Clarence. Lee opened his testimony by noting that ChoicePoint intended to get out of the voter purge industry. Then, on February 16, 2001, DBT Senior Vice-President George Bruder testified before the U.S. Commission on Civil Rights that the company had misinformed the Florida Supervisors of Elections regarding the usage of race in compiling the list. Greg Palast concludes, "An African-American felon named Will Whiting might wipe out the registration of an innocent African-American Will Whiting, but not the rights of an innocent Caucasian Will Whiting." Palast alleges that 80% of the 57,700 people allegedly barred from voting were African-American.
Summary (unedited)
Historically, individuals convicted of certain types of crimes alleged to be committed more by African Americans are affected by felon disenfranchisement. The practice of felon disenfranchisement has resulted in the greater likelihood of people of color, particularly African Americans, appearing erroneously on the Florida felon exclusion list.
In claiming to address the same types of fraud found during the 1997 Miami mayoral election, the Florida legislature enacted chapter 98.0975 of the Florida statutes, which required the Division of Elections to contract with a private entity to purge its voter file of deceased persons, duplicate registrants, individuals declared mentally incompetent, and convicted felons without civil rights restoration. [214] As a result, DBT Online was eventually retained to assist the Division of Elections in the removal of ineligible voter registrants from the voter file.
DBT Online performed an automated matching process against databases provided by the state of Florida and its own databases. Ultimately 173,127 Floridians were identified as potentially ineligible to vote in the November 2000 election. Of those on the list, 57,746 were identified as convicted felons. Based on DBT Online's statistical verification, the list it provided to the Division of Elections was 99.9 percent accurate. The Division of Elections distributed the relevant portions of the list to the 67 supervisors of elections.
The Division of Elections instructed DBT Online to verify the clemency status of any alleged convicted felon, even those convicted in states with automatic civil rights restoration, with the Florida Executive Clemency Board. Among those states with their own executive clemency boards, DBT Online was instructed to confirm the alleged felons’ clemency status with the board. The methodology adopted by DBT Online to verify the clemency status of those alleged felons basically consisted of faxing a list to the appropriate state agency.
DBT Online was not required to provide a list of exact name matches. Rather, the matching logic only required a 90 percent name match, which produced "false positives" or partial matches of the data. Moreover, the Division of Elections required that DBT Online perform "nickname matches" for first names and to "make it go both ways." Thus, the name Deborah Ann would also match the name Ann Deborah.
At a meeting in early 1999, the supervisors of elections expressed a preference for exact matches on the list as opposed to a "fairly broad and encompassing" collection of names. DBT Online advised the Division of Elections that it could produce a list with exact matches. Despite this, the Division of Elections nevertheless opted to cast a wide net for the exclusion lists.
Former director of the Division of Elections, Ethel Baxter, in 1998, recommended to the supervisors of elections that if there was any doubt as to the accuracy of an individual's status, the voter should be allowed to vote by affidavit. Despite knowing the exclusion lists contained many errors, there is no record that the Division of Elections provided similar cautionary advice to the supervisors of elections for the 2000 presidential election. The evidence does show that some election officials decided that it further served the state's interests to capture as many names as possible on these exclusion lists.
The process by which each county verified its exclusion list was as varied and unique as the supervisors of elections themselves. Some supervisors of elections sent letters to the alleged felons and held hearings to allow them to produce evidence of their clemency status or establish they were on the list in error. Other supervisors chose not to use the exclusion list at all.
Although the Commission's record reflects that the Division of Elections is responsible for coordinating two statewide workshops annually for the supervisors of elections to ensure uniformity in the interpretation of Florida election laws, the complaints registered by some supervisors of elections suggest that there was no common understanding of the use of the exclusion lists. The Florida legislature's decision to privatize its list maintenance procedures without establishing effective clear guidance for these private efforts from the highest levels, coupled with the absence of uniform and reliable verification procedures, resulted in countless eligible voters being deprived of their right to vote.
ChoicePoint discovered on September 27, 2004, that some of its small-business customers in Los Angeles were engaged in suspicious activity. The company notified police, but did not inform the individuals whose data was leaked until early February 2005. At first, the company only notified some 35,000 California residents as required by law in that state. After a public outcry for more information, the company notified a further 128,000 US citizens whose records were improperly accessed.
Thieves used previously stolen identities to create apparently legitimate businesses seeking ChoicePoint accounts. Over the course of more than a year they then opened about 50 accounts and received personal information on individuals, including names, addresses, and identification numbers. The old-fashioned scheme, that did not involve any hacking, allowed each fake company account to collect "just enough data to fly under the radar" in order to facilitate at least 750 cases of identity theft
. In total, more than 5,000 cases of identity theft were reported as the result of the breach.
The scam came to light when 41-year-old Nigerian citizen, Olatunji Oluwatosin, was detected attempting to gain access to personal data held by ChoicePoint. Olatunji Oluwatosin was arrested in October 2004 with five cell phones and three credit cards that belonged to other people, according to investigators. He was sentenced by the Los Angeles County Superior Court in February 2005 to 16 months in prison.
, the US Securities and Exchange Commission and US state attorneys general as well as personal lawsuits.
Media investigations generated by the incident brought to light that ChoicePoint had suffered a previous similar ID theft in 2002. A similar scam of establishing fake businesses has been used to make between 7,000 and 10,000 inquiries on names and Social Security numbers to commit at least US$1 million in fraud.
Congress members rebuked the company for the security breaches, its intention only to notify California citizens of the breach and proposed federal privacy reforms.
The company eventually reached an agreement with around 20 state attorneys general to notify individuals in other states that their data had been stolen.
In January 2006 ChoicePoint was fined US$15 million by the Federal Trade Commission
: US$10 million in civil penalties and US$5 million to compensate victims of the security breach. In addition, ChoicePoint was required to take steps to better secure personal information.
The announcements of frauds and the fines have been accompanied by substantial falls in the value of the company's traded shares.
of the Electronic Privacy Information Center
(EPIC) said,
It is claimed that the company has not met US federal laws requiring consumer reporting agencies (third parties who conduct background checks for employers) to verify the data they give employers or notify job applicants when they provide adverse information to an employer.
Money columnist Liz Pulliam Weston wrote a column about a Bremerton, Washington
couple, State Farm Insurance
customers for 30 years, who discussed an incident of rainwater damage to their home with the company. They ended up not filing a claim, thus maintaining a claim-free history for their home. In spite of the claim-free history, State Farm dropped them as customers, and shared information on their water damage with ChoicePoint's CLUE database. That sharing led to the couple being repeatedly denied coverage by other insurance companies. The column also describes anecdotal evidence cited by real estate agents that information obtained from CLUE has caused home sales to fall through.
Data aggregator
A data aggregator is an organization such as Acxiom and ChoicePoint involved in compiling information from detailed databases on individuals and selling that information to others.-Description:...
company based in Alpharetta
Alpharetta, Georgia
-Demographics:As of the census of 2000, there were 34,854 people, 13,911 households, and 8,916 families residing in the city. The population density was 1,631.6 people per square mile . There were 14,670 housing units at an average density of 686.7 per square mile...
, near Atlanta, Georgia
Atlanta, Georgia
Atlanta is the capital and most populous city in the U.S. state of Georgia. According to the 2010 census, Atlanta's population is 420,003. Atlanta is the cultural and economic center of the Atlanta metropolitan area, which is home to 5,268,860 people and is the ninth largest metropolitan area in...
, United States, that acted as a private intelligence service to government and industry. It was purchased in February 2008 by Reed Elsevier
Reed Elsevier
Reed Elsevier is a publisher and information provider operating in the science, medical, legal, risk and business sectors. It is listed on several of the world's major stock exchanges. It is a FTSE 100 and FT500 Global company...
(parent corporation of LexisNexis
LexisNexis
LexisNexis Group is a company providing computer-assisted legal research services. In 2006 it had the world's largest electronic database for legal and public-records related information...
) in a cash deal for $3.6 billion USD.
ChoicePoint combined personal data sourced from multiple public and private databases for sale to the government and the private sector
Private sector
In economics, the private sector is that part of the economy, sometimes referred to as the citizen sector, which is run by private individuals or groups, usually as a means of enterprise for profit, and is not controlled by the state...
. The firm maintained more than 17 billion records of individuals and businesses, which it sold to an estimated 100,000 clients, including 7,000 federal, state and local law enforcement agencies (30 March 2005 estimates).
However, this data had not been secured sufficiently to prevent theft of data on at least one occasion (see below). The company had also been the subject of lawsuits for maintaining inaccurate data, inquiries whether it allowed political bias to influence its performance of government contracts and accused of illegally selling the data of overseas citizens to the U.S. government. ChoicePoint was used to perform consumer and criminal background checks on prospective employees of the Obama administration
Presidency of Barack Obama
The Presidency of Barack Obama began at noon EST on January 20, 2009 when he became the 44th President of the United States. Obama was a United States Senator from Illinois at the time of his victory over Arizona Senator John McCain in the 2008 presidential election...
.
Activities
ChoicePoint generated revenue of around US$1 billion in 2006, and employed around 5,500 people at nearly 60 locations in the US and UK.The company's activities included the following (30 March 2005 estimates):
- Consumer initiated transactions (60% of business), most of which are regulated by the Fair Credit Reporting Act. These included pre-employment screening, insurance underwriting services, tenant screening services, consumer record reporting and title insurance finances
- Marketing services (9%), none of which include the distribution of personally identifiable information, but are regulated by state and federal do not mail and do not call legislation.
- Contracts with local and federal law enforcement agencies (5%)
- Data and authentication solutions (6%), including litigation and debt collection support to law firms, financial institutions and general business.
- Software and technology services (20%), which do not include the distribution of personally identifiable information.
ChoicePoint's database of personal information contained names, addresses, Social Security number
Social Security number
In the United States, a Social Security number is a nine-digit number issued to U.S. citizens, permanent residents, and temporary residents under section 205 of the Social Security Act, codified as . The number is issued to an individual by the Social Security Administration, an independent...
s, credit reports, and other sensitive data. In 2005, this database contained 250 terabytes of data on 220 million people. ChoicePoint also operated the Comprehensive Loss Underwriting Exchange (CLUE), a database used by insurance companies to share histories of claims or damage reports on property. The CLUE database includes identification information on properties such as homes and automobiles, policy records (name, date of birth, policy number), and records of claims (date and type of loss, amounts paid). As of 2006, history is kept for five years. It contains records of damage reports regardless of whether the damage resulted in a claim.
Palast picks up the story with Bush’s 2000 US Presidential Election campaign where he claims Florida Governor Jeb Bush and Florida Secretary of State Katherine Harris used their influence to purge and discount the ballots of predominantly Gore-supporting black voters through the “fake felons list” compiled by private company DBT/ChoicePoint for US$4 million.
Florida voter file contract
ChoicePoint became embroiled in the Florida voter file controversy of 2000 through its acquisition of Database Technologies (founded by Hank AsherHank Asher
Hank Asher is a businessman best known as the Father of data fusion. With a reported fortune of around US$500 million earned as the founder of several data fusion / data mining companies that compile information about companies, individuals and their interrelationships from thousands of different...
and now known as DBT Online Inc.), a data analysis company in the same year. During the U.S. presidential election of 2000, people in Florida were struck from central voter file
Florida Central Voter File
The Florida Central Voter File was an internal list of legally eligible voters used by the US Florida Department of State Division of Elections to monitor the official voter lists maintained by the 67 county governments in the State of Florida between 1998 and January 1, 2006...
and not permitted to vote. The US Presidential election hinged on the outcome of the vote in Florida.
DBT Online had been contracted to provide a list of voters barred from voting by the state of Florida
Florida
Florida is a state in the southeastern United States, located on the nation's Atlantic and Gulf coasts. It is bordered to the west by the Gulf of Mexico, to the north by Alabama and Georgia and to the east by the Atlantic Ocean. With a population of 18,801,310 as measured by the 2010 census, it...
in 1998 for US$4 million, including a first year fee of US$2,317,800. The 1998 contracting process involved no bidding
Bidding
Bidding is an offer of setting a price one is willing to pay for something. A price offer is called a bid. The term may be used in context of auctions, stock exchange, card games, or real estate transactions....
.
In the aftermath of the vote, the owner of DBT Online, ChoicePoint,was accused of cooperating with Florida Governor Jeb Bush
Jeb Bush
John Ellis "Jeb" Bush is an American politician who served as the 43rd Governor of Florida from 1999 to 2007. He is a prominent member of the Bush family: the second son of former President George H. W. Bush and former First Lady Barbara Bush; the younger brother of former President George W...
, Secretary of State of Florida
Secretary of State of Florida
The Secretary of State of Florida is a constitutional officer of the state government of the U.S. state of Florida, established by the original 1838 state constitution....
Katherine Harris
Katherine Harris
Katherine Harris is an American Republican politician, former Secretary of State of Florida, and former member of the United States House of Representatives. Harris won the 2002 election to represent Florida's 13th congressional district in the U.S. House of Representatives. She held that post...
, and Florida Elections Unit Chief Clay Roberts, in voter fraud, conspiracy involving the central voter file. It was also accused of having a bias in favor of the Republican Party
Republican Party (United States)
The Republican Party is one of the two major contemporary political parties in the United States, along with the Democratic Party. Founded by anti-slavery expansion activists in 1854, it is often called the GOP . The party's platform generally reflects American conservatism in the U.S...
, for knowingly using inaccurate data, and for racial discrimination
Racism
Racism is the belief that inherent different traits in human racial groups justify discrimination. In the modern English language, the term "racism" is used predominantly as a pejorative epithet. It is applied especially to the practice or advocacy of racial discrimination of a pernicious nature...
.
The allegations charge that 57,700 people (15% of the list), primarily Democrats of African-American and Hispanic
Hispanic
Hispanic is a term that originally denoted a relationship to Hispania, which is to say the Iberian Peninsula: Andorra, Gibraltar, Portugal and Spain. During the Modern Era, Hispanic sometimes takes on a more limited meaning, particularly in the United States, where the term means a person of ...
descent, were incorrectly listed as felons
Felony
A felony is a serious crime in the common law countries. The term originates from English common law where felonies were originally crimes which involved the confiscation of a convicted person's land and goods; other crimes were called misdemeanors...
and thus barred from voting . Reports estimate that 80% of these people would have voted, and that 90% of those who would have voted, would have voted for Al Gore
Al Gore
Albert Arnold "Al" Gore, Jr. served as the 45th Vice President of the United States , under President Bill Clinton. He was the Democratic Party's nominee for President in the 2000 U.S. presidential election....
. Other allegations include listing voters as felons for alleged crimes said to have been committed several years in the future. The official (and disputed) margin of victory, in the election, was 537 votes.
ChoicePoint says that it acquired DBT Online after DBT delivered the initial 2000 voter exception list to Florida officials for verification and that it has "...no involvement in any election in any country." However ChoicePoint's acquisition of DBT Online was made public on 14 February 2000 and in May 2000, DBT discovered that approximately 8,000 names were erroneously placed on the exclusion list, so their claim of no involvement does not match the timeline.
ChoicePoint Vice President James Lee said that at least 8,000 names were incorrectly listed in this fashion when the company passed on a list given by the state of Texas
Texas
Texas is the second largest U.S. state by both area and population, and the largest state by area in the contiguous United States.The name, based on the Caddo word "Tejas" meaning "friends" or "allies", was applied by the Spanish to the Caddo themselves and to the region of their settlement in...
, and these names were removed prior to the election. Fagan described this error as a "minor glitch." ChoicePoint, as a matter of policy, does not verify the accuracy of its data arguing that it is simply compiling public information and that it is the original collectors' responsibility to verify accuracy.
On April 17, 2000, ChoicePoint Vice-President Martin Fagen testified at a special Congressional
United States Congress
The United States Congress is the bicameral legislature of the federal government of the United States, consisting of the Senate and the House of Representatives. The Congress meets in the United States Capitol in Washington, D.C....
hearing in Atlanta that Florida had ordered DBT to add to the list voters who matched 80% of an ineligible voter's name, middle initials, and suffixes were to be dropped, while nicknames and aliases were added. In addition, names were considered reversible, for example Clarence Thomas could be added in place of Thomas Clarence. Lee opened his testimony by noting that ChoicePoint intended to get out of the voter purge industry. Then, on February 16, 2001, DBT Senior Vice-President George Bruder testified before the U.S. Commission on Civil Rights that the company had misinformed the Florida Supervisors of Elections regarding the usage of race in compiling the list. Greg Palast concludes, "An African-American felon named Will Whiting might wipe out the registration of an innocent African-American Will Whiting, but not the rights of an innocent Caucasian Will Whiting." Palast alleges that 80% of the 57,700 people allegedly barred from voting were African-American.
Civil Rights Commission Report on 2000 Florida Elections
The United States Civil Rights Commission, in its official report on the 2000 Presidential Elections, concluded the following:Summary (unedited)
Historically, individuals convicted of certain types of crimes alleged to be committed more by African Americans are affected by felon disenfranchisement. The practice of felon disenfranchisement has resulted in the greater likelihood of people of color, particularly African Americans, appearing erroneously on the Florida felon exclusion list.
In claiming to address the same types of fraud found during the 1997 Miami mayoral election, the Florida legislature enacted chapter 98.0975 of the Florida statutes, which required the Division of Elections to contract with a private entity to purge its voter file of deceased persons, duplicate registrants, individuals declared mentally incompetent, and convicted felons without civil rights restoration. [214] As a result, DBT Online was eventually retained to assist the Division of Elections in the removal of ineligible voter registrants from the voter file.
DBT Online performed an automated matching process against databases provided by the state of Florida and its own databases. Ultimately 173,127 Floridians were identified as potentially ineligible to vote in the November 2000 election. Of those on the list, 57,746 were identified as convicted felons. Based on DBT Online's statistical verification, the list it provided to the Division of Elections was 99.9 percent accurate. The Division of Elections distributed the relevant portions of the list to the 67 supervisors of elections.
The Division of Elections instructed DBT Online to verify the clemency status of any alleged convicted felon, even those convicted in states with automatic civil rights restoration, with the Florida Executive Clemency Board. Among those states with their own executive clemency boards, DBT Online was instructed to confirm the alleged felons’ clemency status with the board. The methodology adopted by DBT Online to verify the clemency status of those alleged felons basically consisted of faxing a list to the appropriate state agency.
DBT Online was not required to provide a list of exact name matches. Rather, the matching logic only required a 90 percent name match, which produced "false positives" or partial matches of the data. Moreover, the Division of Elections required that DBT Online perform "nickname matches" for first names and to "make it go both ways." Thus, the name Deborah Ann would also match the name Ann Deborah.
At a meeting in early 1999, the supervisors of elections expressed a preference for exact matches on the list as opposed to a "fairly broad and encompassing" collection of names. DBT Online advised the Division of Elections that it could produce a list with exact matches. Despite this, the Division of Elections nevertheless opted to cast a wide net for the exclusion lists.
Former director of the Division of Elections, Ethel Baxter, in 1998, recommended to the supervisors of elections that if there was any doubt as to the accuracy of an individual's status, the voter should be allowed to vote by affidavit. Despite knowing the exclusion lists contained many errors, there is no record that the Division of Elections provided similar cautionary advice to the supervisors of elections for the 2000 presidential election. The evidence does show that some election officials decided that it further served the state's interests to capture as many names as possible on these exclusion lists.
The process by which each county verified its exclusion list was as varied and unique as the supervisors of elections themselves. Some supervisors of elections sent letters to the alleged felons and held hearings to allow them to produce evidence of their clemency status or establish they were on the list in error. Other supervisors chose not to use the exclusion list at all.
Although the Commission's record reflects that the Division of Elections is responsible for coordinating two statewide workshops annually for the supervisors of elections to ensure uniformity in the interpretation of Florida election laws, the complaints registered by some supervisors of elections suggest that there was no common understanding of the use of the exclusion lists. The Florida legislature's decision to privatize its list maintenance procedures without establishing effective clear guidance for these private efforts from the highest levels, coupled with the absence of uniform and reliable verification procedures, resulted in countless eligible voters being deprived of their right to vote.
Major security breaches
ChoicePoint has suffered several security breaches which have led to the theft of the personal information it holds. The company has been criticized as much for the way it has handled the thefts as the incidents themselves. Its actions over a substantial breach in 2004 led to calls for new national privacy laws in the US to protect the personal data of Americans. Since then, reports published in the media say the company has improved its privacy practices.ChoicePoint discovered on September 27, 2004, that some of its small-business customers in Los Angeles were engaged in suspicious activity. The company notified police, but did not inform the individuals whose data was leaked until early February 2005. At first, the company only notified some 35,000 California residents as required by law in that state. After a public outcry for more information, the company notified a further 128,000 US citizens whose records were improperly accessed.
Thieves used previously stolen identities to create apparently legitimate businesses seeking ChoicePoint accounts. Over the course of more than a year they then opened about 50 accounts and received personal information on individuals, including names, addresses, and identification numbers. The old-fashioned scheme, that did not involve any hacking, allowed each fake company account to collect "just enough data to fly under the radar" in order to facilitate at least 750 cases of identity theft
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
. In total, more than 5,000 cases of identity theft were reported as the result of the breach.
The scam came to light when 41-year-old Nigerian citizen, Olatunji Oluwatosin, was detected attempting to gain access to personal data held by ChoicePoint. Olatunji Oluwatosin was arrested in October 2004 with five cell phones and three credit cards that belonged to other people, according to investigators. He was sentenced by the Los Angeles County Superior Court in February 2005 to 16 months in prison.
Incident made public due to California law
The incident became public because of a California notification law that came into effect on 1 July 2003 requiring companies to notify individuals when their personal information has been stolen. Further, until pressured by investigations (see below), ChoicePoint restricted its search of compromised records to the 15 months that the California law had been in force, leading it to identify 145,000 records against the eventual total of 163,000.Investigations
The security breach sparked a number of investigations including congress people, the Federal Trade CommissionFederal Trade Commission
The Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act...
, the US Securities and Exchange Commission and US state attorneys general as well as personal lawsuits.
Media investigations generated by the incident brought to light that ChoicePoint had suffered a previous similar ID theft in 2002. A similar scam of establishing fake businesses has been used to make between 7,000 and 10,000 inquiries on names and Social Security numbers to commit at least US$1 million in fraud.
Congress members rebuked the company for the security breaches, its intention only to notify California citizens of the breach and proposed federal privacy reforms.
The company eventually reached an agreement with around 20 state attorneys general to notify individuals in other states that their data had been stolen.
Cost to the company
The incident cost ChoicePoint millions of dollars. The company reported charges of US$11.4 million related to the incident in the first six months of 2005, including US$2 million to notify victims of the incident and US$9.4 million in legal and professional fees. Changes to business practices to avoid further breaches were expected to cost the company between $15 million and $20 million in sales during 2005 and to reduce earnings per share by 10 cents to 12 cents.In January 2006 ChoicePoint was fined US$15 million by the Federal Trade Commission
Federal Trade Commission
The Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act...
: US$10 million in civil penalties and US$5 million to compensate victims of the security breach. In addition, ChoicePoint was required to take steps to better secure personal information.
The announcements of frauds and the fines have been accompanied by substantial falls in the value of the company's traded shares.
Changes to business practices
ChoicePoint's steps to improve its data privacy practices were noted in the media, where some reports state that the company should now be considered an industry leader in data privacy. Not everyone was so sanguine; Marc RotenbergMarc Rotenberg
Marc Rotenberg is President and Executive Director of the Electronic Privacy Information Center in Washington, DC. He teaches Information Privacy Law at Georgetown University Law Center, and testifies frequently before Congress on emerging privacy and civil liberties issues, such as access to...
of the Electronic Privacy Information Center
Electronic Privacy Information Center
Electronic Privacy Information Center is a public interest research group in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values in the information age...
(EPIC) said,
- "While I'm prepared to give them credit for a series of positive steps, I don't think it would be accurate to say that they got to this position on their own. It took a lot of work by EPIC and other organizations."
Out-of-date data
Several lawsuits and consumer complaints have accused ChoicePoint of providing inaccurate and out-of-date information in its criminal background reports, resulting in unfair job losses for applicants. Problems also arose concerning the accuracy of individual's financial standing and the difficult of correcting the error and the individual being refused loans and housing support.It is claimed that the company has not met US federal laws requiring consumer reporting agencies (third parties who conduct background checks for employers) to verify the data they give employers or notify job applicants when they provide adverse information to an employer.
National Credit Audit Corporation
ChoicePoint subsidiary, National Credit Audit Corporation of Peoria, Illinois has been accused of attempting to force magazine subscribers to pay for merchandise which they have not ordered.CLUE database misuse
MSNMSN
MSN is a collection of Internet sites and services provided by Microsoft. The Microsoft Network debuted as an online service and Internet service provider on August 24, 1995, to coincide with the release of the Windows 95 operating system.The range of services offered by MSN has changed since its...
Money columnist Liz Pulliam Weston wrote a column about a Bremerton, Washington
Bremerton, Washington
Bremerton is a city in Kitsap County, Washington, United States. The population was 38,790 at the 2011 State Estimate, making it the largest city on the Olympic Peninsula. Bremerton is home to Puget Sound Naval Shipyard and the Bremerton Annex of Naval Base Kitsap...
couple, State Farm Insurance
State Farm Insurance
State Farm Insurance is a group of insurance and financial services companies in the United States. The company also has operations in Canada....
customers for 30 years, who discussed an incident of rainwater damage to their home with the company. They ended up not filing a claim, thus maintaining a claim-free history for their home. In spite of the claim-free history, State Farm dropped them as customers, and shared information on their water damage with ChoicePoint's CLUE database. That sharing led to the couple being repeatedly denied coverage by other insurance companies. The column also describes anecdotal evidence cited by real estate agents that information obtained from CLUE has caused home sales to fall through.
External links
- ChoicePoint website
- Choicepoint DBT Online subsidiary
- Firm Mines Wealth Of Personal Data, Washington Post, loaded 14 March 2006
- Stealing Identities the Old-Fashioned Way, Tech News World
- Alert in Response to ChoicePoint Identity Data Theft
- Break-in costs ChoicePoint millions, News.com, 7/20/2005
- http://www.msnbc.msn.com/id/7118767/ChoicePoint files found riddled with errors, msnbc.comMsnbc.commsnbc.com is a news website owned and operated as a joint venture by NBCUniversal and Microsoft.In addition to original content from its news staff, msnbc.com is the news website for the NBC News family, with content from the cable television news channel MSNBC, NBC shows such as Today, NBC Nightly...
, 3/8/2005] - Electronic Privacy Information Center's ChoicePoint page - includes information EPICElectronic Privacy Information CenterElectronic Privacy Information Center is a public interest research group in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values in the information age...
gained from FOIAFreedom of Information Act (United States)The Freedom of Information Act is a federal freedom of information law that allows for the full or partial disclosure of previously unreleased information and documents controlled by the United States government. The Act defines agency records subject to disclosure, outlines mandatory disclosure...
requests - ChoicePoint-FBI Deal Raises New Privacy Questions, consumeraffairs.com, 16 May 2006, loaded 2 April 2007