ChoicePoint, which describes itself as "the nation's leading provider of identification and credential verification serices," recently became the unintentional accomplice to a massive ID theft of 145,000 individuals' personal information.
The ID thiefs behind this crime are really masterminds. Instead of trying the traditional path of phishing, which can result in a compromise of one or more online accounts, they disguised themselves as legal businesses, passed ChoicePoint's customer authentication due diligence process, and collected personal information files in droves.
According to ChoicePoint, what was breached includes "basic telephone directory-type data (name and address information) as well as a combination of Social Security numbers and/or driver’s license numbers and, at times, abbreviated credit reports. They were also able to obtain other public record information including, but not limited to bankruptcies, liens, and judgments; professional licenses; and real property data." In other words, enough information to ruin one's financial life more than one time.
ChoicePoint announced that it expected to inform all 145,000 potential ID theft victims by mail last week. Potential victims will have access to a special toll free line and free "tri-bureau credit reports and a one-year credit monitoring service." (Still, a bad PR move for ChoicePoint to respond this late: it initially only sent out 35,000 notification to California victims -- only California has strict law that requires notification after sentitive data is compromised. Later, Attorneys General in 38 states called for further ChoicePoint disclosure.)
Chances are, with more than 10,000 unique PFBlog readers every month, there will be a couple of ChoicePoint victims. Be sure to check your mailbox these days for ChoicePoint mails, and if you do receive one, take extra precautions for the near future.