The ChoicePoint Identity Theft Data Security Breach: What It ... http://www.privacyrights.org/ar/CPResponse.

htm

Alert: The ChoicePoint Data Security

Breach (Feb. '05): What It Means for You
Posted: February 19, 2005
Update: April 20, 2005 Search Our Site:
Revised: Oct. 19, 2007 www.privacyrights.org/search/search.php
Have a Question?
Contact: www.privacyrights.org/preinquiry.html
Beth Givens, PRC Director Web: www.privacyrights.org
(619) 298-3396
bgivens@privacyrights.org

HOME

Alert: The ChoicePoint Data Security Breach (Feb. '05):

What It Means for You
Note: As a result of the February 2005 breach, ChoicePoint implemented a number of privacy
policies and procedures. Visit: www.privacyatchoicepoint.com .

San Diego, CA -- Data aggregators compile in-depth dossiers of personal information on almost everyone,
even though many have never heard of them, have never had an account with them, nor have given them
permission to obtain personal information. Until recently, many Americans had never heard of ChoicePoint,
one of the largest data aggregators. But with recent information coming to light that identity thieves opened
50 accounts to access ChoicePoint’s databases of personal information, many people are just realizing that
companies like ChoicePoint exist. (See www.washingtonpost.com/wp-dyn/articles/A30897-2005Feb16.html)

Choicepoint is one of the largest data aggregators and resellers in the country. It compiles, stores, and sells
information about virtually every U.S. adult. Its customers include employers, debt collectors, loan officers,
media organizations, law offices, law enforcement, among others. The identity thieves who obtained
ChoicePoint accounts through the establishment of fake businesses had the information equivalent of the
key to Fort Knox. With their online access to ChoicePoint’s data files, they were able to obtain all the
personal information they needed – including Social Security numbers and date of birth – to successfully
commit identity theft.

Many consumers who contact the Privacy Rights Clearinghouse (PRC) wonder how data aggregators like
ChoicePoint get their personal information and what they have on file about them. ChoicePoint compiles data
from many sources including public records (property tax assessor files, professional licenses, vehicle
registration, bankruptcy records, and so on), along with credit reports, and consumer demographic and
lifestyle data. Many consumers are aware of their credit report, but most probably do not know that
ChoicePoint offers other types of consumer reports – employment background checks, tenant rental history,
and insurance claims.

In fact, consumers nationwide can get a free copy of these reports maintained by ChoicePoint if a
prospective employer, landlord or insurer used ChoicePoint’s services for screening purposes. So, if you are
wondering what kind of information ChoicePoint has about you, now’s a good opportunity to find out.

If ChoicePoint has compiled one of these reports about you, you can get a free copy:

For the ChoicePoint employment background check report, call (866) 312-8075 or go to
www.choicetrust.com/pdfs/emphist.pdf
To order your ChoicePoint tenant history report, call (877) 448-5732 or go to
www.choicetrust.com/pdfs/tenanthist.pdf

1 of 4 10/25/08 6:18 PM
The ChoicePoint Identity Theft Data Security Breach: What It ... http://www.privacyrights.org/ar/CPResponse.htm

For the ChoicePoint insurance claim report (known as a CLUE Report) call (866) 312-8076 or go to
www.choicetrust.com/pdfs/clue-order-by-mail.pdf

According to ChoicePoint, their tenant rental history includes landlord debt, criminal, eviction, registered sex
offender and FBI searches. Their employment background check report includes information on arrest and
conviction history including fugitive files, state and county criminal record repositories, prison, parole and
release files from state Department of Corrections, Administrative Office of Courts and other state agencies,
in addition to credit history, employment verification, education verification, license credentials and
certification verification, and business or personal reference verification.

If an individual’s background check, tenant history or insurance claims were accessed through a company
other than ChoicePoint, consumers are entitled to a free copy of their report from that company. The
following PRC fact sheets contain additional information about these other types of consumer reports such
as CLUE insurance reports and background checks.

PRC Fact Sheet 6(b), The “Other” Consumer Reports: What You Should Know about “Specialty”
Reports at www.privacyrights.org/fs/fs6b-SpecReports.htm
PRC’s Fact Sheet 26, CLUE and You: How Insurers Size You Up at www.privacyrights.org/fs/fs26-
CLUE.htm
PRC’s Fact Sheet 16, Employment Background Checks: A Jobseeker's Guide at
www.privacyrights.org/fs/fs16-bck.htm

ChoicePoint also provides a report of public records information. It enables individuals to get a free copy of
their own record, if one exists in their data files. Go to www.choicetrust.com.

In addition to ChoicePoint, many data brokers sell public records information on the Internet. Consumers
often contact the PRC to ask how their public records information ends up in the hands of these companies
and if there’s a way to opt out of it. The PRC has two publications that address this topic. The first is our fact
sheet 11, From Cradle to Grave: Government Records and Your Privacy at www.privacyrights.org/fs/fs11-
pub.htm. We have also compiled a list of online information brokers, along with the limited opt-out
opportunities that they offer: www.privacyrights.org/ar/infobrokers.htm.

If you received a letter from ChoicePoint, informing you that your information was obtained illegitimately by
members of the crime ring, you will want to establish a fraud alert with the three credit bureaus right away --
Experian, Equifax, and TransUnion. You can call one of them, and that bureau will share your fraud alert
request with the other two. Here are the phone numbers for the fraud departments:

Equifax: Report fraud: Call (888) 766-0008

Experian (formerly TRW): Report fraud: Call (888) EXPERIAN (888-397-3742)
TransUnion: Report fraud: Call (800) 680-7289

You will receive a letter from each of the bureaus that informs you that you can order a free copy of your
credit report. Be sure to take advantage of that offer. Once you've received your credit report from each of
the bureaus, check it very carefully for signs of fraud. If you notice credit accounts that are not yours, or if
you see inquiries that you did not initiate, it's a good indication that you are a victim of identity theft. You will
then need to follow the instructions for identity theft victims offered by the Federal Trade Commission at
www.consumer.gov/idtheft, also available on our web site at www.privacyrights.org/fs/fs17a.htm.

Though ChoicePoint is providing credit monitoring services for victims, this service is only offered for one
year. Those who received a security breach notice from ChoicePoint can establish a similar form of credit
monitoring once ChoicePoint's credit monitoring service expires by staggering access to their free annual
credit reports. Available to consumers nationwide as of September 1, 2005, individuals are able to order one
of their credit reports every four months and can do so to better monitor their credit report for possible
identity theft after the credit monitoring service has ended. Visit: www.annualcreditreport.com. For additional
information about free annual credit reports, see www.privacyrights.org/fs/fs6-crdt.htm#FreeCR.

2 of 4 10/25/08 6:18 PM
The ChoicePoint Identity Theft Data Security Breach: What It ... http://www.privacyrights.org/ar/CPResponse.htm

Many individuals have contacted us about the California security breach notice law that has required
ChoicePoint to notify individuals in this state about the data breach. To learn more about the California law,
visit the web site of the California Office of Privacy Protection and read its guide:
www.privacy.ca.gov/recommendations/secbreach.pdf . For information on security breach notice laws in
other states, visit the Consumers Union web site: www.consumersunion.org/campaigns
/Breach_laws_May05.pdf .

Another California law that comes into play with the ChoicePoint situation is the "security freeze" law. It
enables individuals in California to essentially "shut off" their credit reports. If an identity thief were to attempt
to open credit fraudulently, they would be unable to do so because the credit issuer would be unable to
access the victim's credit report. To learn more about the California security freeze law, visit the California
Office of Privacy Protection web site and read this guide: www.privacy.ca.gov/sheets/cis10securityfreeze.pdf

For information on the security freeze laws in other states, visit: www.consumersunion.org/campaigns
//learn_more/003484indiv.html

For more information about the data aggregation industry, see the following PRC resources:

The Information Marketplace: Merging and Exchanging Consumer Data

www.privacyrights.org/ar/ftc-info_mktpl.htm
Public Records on the Internet: The Privacy Dilemma
www.privacyrights.org/ar/onlinepubrecs.htm
Reporting Agencies and Free Reports: The Credit Reports Most People Have Never Heard Of
www.privacyrights.org/ar/FTC-credrpt.htm
Identity Theft: The Growing Problem of Wrongful Criminal Records
www.privacyrights.org/ar/wcr.htm

A book by Washington Post reporter Robert O’Harrow, No Place to Hide, provides extensive information
about the data compiler industry, with company profiles on ChoicePoint, Acxiom, and Lexis-Nexis.

UPDATE: March 9, 2005

LexisNexis announced today that 32,000 consumers personal information including names, addresses and
Social Security numbers were illegally accessed by using the user name and passwords of a company that
has a contract with the data aggregator. The company is sending notices to all who were affected and is
providing credit monitoring services. The instructions posted above for those who received a notice from
ChoicePoint, also applies to those who received notification from LexisNexis.

LexisNexis does provide an opt out mechanism, instructions for which are noted in our opt out listing at
www.privacyrights.org/ar/infobrokers.htm

UPDATE: March 17, 2005

EPIC, the PRC and other consumer organizations criticized FTC Chairman Deborah Platt Majoras's
testimony on commercial data broker Choicepoint to the House Energy and Commerce Committee. To read
their letter to the Chairman, go to www.epic.org/privacy/choicepoint/majorasltr3.17.05.pdf.

UPDATE: April 20, 2005

The PRC maintains a running list of the numerous data breaches that have been reported since 2005 and
the number of records compromised. For more information, go to www.privacyrights.org/ar
/ChronDataBreaches.htm

HOME TOP
Copyright © 2005-2007. Privacy Rights Clearinghouse/UCAN. This copyrighted document may be copied and distributed for nonprofit,
educational purposes only. For distribution, see our copyright and reprint guidelines. The text of this document may not be altered without

3 of 4 10/25/08 6:18 PM
The ChoicePoint Identity Theft Data Security Breach: What It ... http://www.privacyrights.org/ar/CPResponse.htm

express authorization of the Privacy Rights Clearinghouse. This document should be used as an information source and not as legal
advice. PRC documents contain information about federal laws as well as some California-specific information. Laws in other states may
vary. Overall, our information is applicable to consumers nationwide.

4 of 4 10/25/08 6:18 PM