Data collection company ChoicePoint Inc. said yesterday that it will notify 2,750 Marylanders who may have been victimized in what privacy experts said could become one of the largest identity theft cases ever.
ChoicePoint said it is in the process of mailing nearly 145,000 letters to consumers nationwide, though it's unclear how many will actually become victims of identify theft. Others warn that the number of consumers affected may be more than three times that amount.
ChoicePoint executives said in posted statements on their Web site that thieves posed as legitimate businesses and were able to pass the company's customer screening to buy consumer information. The data that thieves acquired included Social Security and driver's license numbers, abbreviated credit reports, professional licenses, real property data, bankruptcies, liens and judgments, according to ChoicePoint, which is based in Alpharetta, Ga.
Receiving a letter from ChoicePoint doesn't necessarily mean your identity has been stolen, said Hendricks, who also publishes the newsletter Privacy Times from his offices in Cabin John, Md.
"But it means you should act quickly. It means your information was likely compromised and the reason why it was compromised was to commit identity theft," Hendricks said.
Identity theft has become one of the fastest growing crimes in the nation, with about 10 million cases occurring annually, according to government estimates. Thieves steal personal information, such as Social Security and bank account numbers, and open credit accounts. Consumers sometimes don't realize their identities have been stolen for a long time, and the problem can take many months to fix.
Besides the letters, ChoicePoint said, it has purchased credit reports and a one-year credit monitoring service for each of the 145,000 individuals being notified.
ChoicePoint executives, who have faced criticism for their security measures, said yesterday that they have hired a retired Secret Service agent to help develop additional fraud protections and that it is undertaking a "recredentialing" of its customer accounts.
ChoicePoint was spun off in 1997 from Equifax Inc., one of the three major credit reporting bureaus. The company provides a range of services to businesses and government, including pre-employment drug screening, shareholders searches, credential verification and background checks, according to Hoover's, a company information resource.
As part of its business, ChoicePoint sells data that it collects about consumers from public sources, from driver's licenses to divorce records.
"They get it from wherever they can get it," said Jay Foley, co-executive director for the Identity Theft Resource Center in San Diego. "They get it from court records. ... They get it from mortgage records."
In a posted statement, ChoicePoint said it notified authorities after noticing in October potential fraudulent activity in some small business accounts in the Los Angeles area. Authorities requested ChoicePoint delay notifying consumers so the investigation wouldn't be compromised, the company said.
Initially, the problem was believed to be limited to California, although the company now says residents in all states and three U.S. territories have been affected.
A Nigerian citizen last week was sentenced in California to 16 months in prison in connection with the theft.
Last week, ChoicePoint finished notifying 34,114 Californians that their information may have been obtained by thieves. By the end of this week, about 110,000 consumers in other states will be getting a similar letter.
California investigators, though, have estimated as many as 500,000 consumers may have been affected, privacy experts said. But ChoicePoint officials dispute the magnitude of the theft.
"All I can tell you is our number is roughly 145,000, and we know that we're over-notifying," ChoicePoint Marketing Director James Lee told the Associated Press. "There will be duplications in there."
California had the highest number of consumers affected by the theft. The Virgin Islands, with two cases, had the least.