Secondary Screening

Archives
By Date
April 2006
March 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
By Category
Airline Security Measures
Bicycles
Book Reviews
Congress
Data Mining
Department of Homeland Security
Freedom of Information
Government Secrecy
Miscellany
Other People's Writing
Privacy
Security Measures
The Courts
The New Web
Threat Level
Recent Entries
Change of Address
Privatized Registered Traveler On Track
Software Bug Shuts Down Nation's Busiest Airport
HostGator Rocks
But some butter is more butter than other butter
TSA Picks Privacy Player
AT&T Loses A Customer Over NSA Lawsuit
Jetsons Video Phone? Deaf Say Yes!
AT&T *69s EFF
Narus Not in the Know
Published articles
Wired News Articles
Links
Wired News
DefenseTech
Practical Nomad
BeSpacific
DHS Privacy Office
Memory Hole Blog
Electronic Privacy Information Center
Privacy Digest
Electronic Frontier Foundation
Homeland Security Institute
Secrecy News
Emergent Chaos
EPIC West's Chris Hoofnagle
Prawfs Blog with Daniel Solove
Ann Harrison
Reuter's Andy Sullivan
Schneier on Security
Talk Left
Reason's Hit & Run
W. David Stephenson
Phillip Carter's Intel Dump
Project on Government Oversight
Technology Liberation Front
Edward Felten's Freedom to Tinker
Contact
Email me
415.375.3150
Subscribe
Feed: Your Reader
Atom
RSS 1.0
RSS 2.0
RSD
About Ryan Singel
I'm a San Francisco-based freelance journalist who covers antiterrorism programs, civil liberties, the Internet and privacy.
« A B C R F I D | Main | Lighter Security »
February 15, 2005 | Really Choice

As many of you may have read elsewhere, one of the nation's largest data aggregators, Choicepoint, allowed criminals posing as legitimate businesses to look through data on American citizens, according to Bob Sullivan's MSNBC article.

The incident involves a wide swath of consumer data, including names, addresses, Social Security numbers, credit reports and other information. ChoicePoint aggregates and sells such personal information to government agencies and private companies.

Last week, the company notified between 30,000 and 35,000 consumers in California that their personal data may have been accessed by "unauthorized third parties," according to ChoicePoint spokesman James Lee.

California law requires firms to disclose such incidents to the state's consumers when they are discovered. It is the only state with such a requirement but such data thefts are rarely limited to a single geographic area.

Lee said law enforcement officials have so far advised the firm that only Californians need to be notified.

"The only incident that has been confirmed is in California," he said.

ChoicePoint maintains a dossier on virtually every American consumer, according to Daniel J. Solove, George Washington University professor and author of "The Digital Person."

The Atlanta-based company says it has 10 billion records on individuals and businesses, and sells data to 40 percent of the nation's top 1,000 companies. It also has contracts with 35 government agencies, including several law enforcement agencies.

The incident was discovered in October, when ChoicePoint was contacted by a law enforcement agency investigating an identity theft crime. In that incident, suspects had posed as a ChoicePoint client to gain access to the firm's rich consumer databases.

Subsequent research by ChoicePoint revealed that about 50 fake companies had been set up and then registered with ChoicePoint to access consumer data.

California consumers who received warning letters from the firm last week were "in some way connected to searches" conducted by those fake accounts, Lee said.

The firm was only given clearance by law enforcement officials to disclose the incident two weeks ago, Lee said

While the criminals had access to ChoicePoint data, it's not clear what, if any, information was stolen, said Chuck Jones, another ChoicePoint spokesman. The letters were sent as a precaution, he said..

There's much too note in here, such as the effectiveness of the new California database-intrusion disclosure law, but let's stop for a moment and smell the irony.

Choicepoint is a data-aggregator, but unlike Axciom, it doesn't specialize in selling marketing lists to Ron Popeil or selling your unlisted phone number to timeshare salesmen.

Choicepoint bills itself as the "leading provider of identification and credential verification services for business and government."

So the nation's best firm at credential verification allowed 50 fake companies to get at its database and did not figure it out until the cops told them.

So that leaves two options. Either Choicepoint doesn't screen its customers closely because it wants more buisness, which makes them both greedy and incompetent, or their credential verification service does not work so well, which makes them incompetent and useless.

Wonder which one it is?

Posted by Ryan Singel at February 15, 2005 10:17 AM

 Trackback Pings

TrackBack URL for this entry:
http://www.secondaryscreening.net/cgi-bin/mt-tb.cgi/118
Powered by
Movable Type 3.2