Data collection company ChoicePoint Inc. said yesterday that it will notify 2,750 Marylanders who may have been victimized in what privacy experts said could become one of the largest identity theft cases ever.
ChoicePoint said it is in the process of mailing nearly 145,000 letters to consumers nationwide, though it's unclear how many will actually become victims of identify theft. Others warn that the number of consumers affected may be more than three times that amount.
"They are still only at the very beginning of finding out what is going on here," said Evan Hendricks, author of Credit Scores & Credit Reports. "This is potentially one of the biggest events and may be a tipping point in the national debate of how we will protect personal information."
ChoicePoint executives said in posted statements on their Web site that thieves posed as legitimate businesses and were able to pass the company's customer screening to buy consumer information. The data that thieves acquired included Social Security and driver's license numbers, abbreviated credit reports, professional licenses, real property data, bankruptcies, liens and judgments, according to ChoicePoint, which is based in Alpharetta, Ga.
Receiving a letter from ChoicePoint doesn't necessarily mean your identity has been stolen, said Hendricks, who also publishes the newsletter Privacy Times from his offices in Cabin John, Md.
"But it means you should act quickly. It means your information was likely compromised and the reason why it was compromised was to commit identity theft," Hendricks said.
Identity theft has become one of the fastest growing crimes in the nation, with about 10 million cases occurring annually, according to government estimates. Thieves steal personal information, such as Social Security and bank account numbers, and open credit accounts. Consumers sometimes don't realize their identities have been stolen for a long time, and the problem can take many months to fix.
Besides the letters, ChoicePoint said, it has purchased credit reports and a one-year credit monitoring service for each of the 145,000 individuals being notified.
ChoicePoint executives, who have faced criticism for their security measures, said yesterday that they have hired a retired Secret Service agent to help develop additional fraud protections and that it is undertaking a "recredentialing" of its customer accounts.
ChoicePoint was spun off in 1997 from Equifax Inc., one of the three major credit reporting bureaus. The company provides a range of services to businesses and government, including pre-employment drug screening, shareholders searches, credential verification and background checks, according to Hoover's, a company information resource.
As part of its business, ChoicePoint sells data that it collects about consumers from public sources, from driver's licenses to divorce records.
"They get it from wherever they can get it," said Jay Foley, co-executive director for the Identity Theft Resource Center in San Diego. "They get it from court records. ... They get it from mortgage records."
In a posted statement, ChoicePoint said it notified authorities after noticing in October potential fraudulent activity in some small business accounts in the Los Angeles area. Authorities requested ChoicePoint delay notifying consumers so the investigation wouldn't be compromised, the company said.
Initially, the problem was believed to be limited to California, although the company now says residents in all states and three U.S. territories have been affected.
A Nigerian citizen last week was sentenced in California to 16 months in prison in connection with the theft.
Last week, ChoicePoint finished notifying 34,114 Californians that their information may have been obtained by thieves. By the end of this week, about 110,000 consumers in other states will be getting a similar letter.
California investigators, though, have estimated as many as 500,000 consumers may have been affected, privacy experts said. But ChoicePoint officials dispute the magnitude of the theft.
"All I can tell you is our number is roughly 145,000, and we know that we're over-notifying," ChoicePoint Marketing Director James Lee told the Associated Press. "There will be duplications in there."
California had the highest number of consumers affected by the theft. The Virgin Islands, with two cases, had the least.
Maryland ranked the highest number of affected consumers in the Mid-Atlantic, followed by 1,864 in Pennsylvania, 1,494 in Virginia, 1,072 in Delaware and 338 in Washington.
Maryland recently joined a dozen or so other states in asking that ChoicePoint give residents details on the personal information that was given to thieves so they can know the extent of the potential damage, said J. Joseph Curran Jr., Maryland attorney general.
"At least every Marylander would know what exactly it was that ChoicePoint mistakenly gave," Curran said.
Even if you don't receive a letter from ChoicePoint, but are worried, you should contact the company to get assurances that your personal information wasn't released to thieves, Hendricks said.
And those who receive letters should immediately put fraud alerts on each of their credit reports with the three major credit bureaus, Foley said. A fraud alert essentially requests that creditors contact consumers before opening any new accounts in their name, he said.
In cases of fraud, consumers are entitled to a free credit report, experts said. Consumers should review their reports to make sure no unauthorized accounts have been opened under their names. If there are charges consumers dispute, they should contact the bureaus in writing and send their letter by certified mail, Hendricks said.
Maryland's attorney general also urged residents to check their incoming bills and financial statements to make sure no fraud activity has occurred.
ChoicePoint promises free credit reports and a one-year credit monitoring service for the 145,000 consumers whose information may have been accessed by thieves.
Here are some steps to take if you are affected: