ChoicePoint just won’t be outdone. They were, after all, the company that started all the extensive attention on data security breaches. Back in February 2005, ChoicePoint announced that it had improperly sold personal data on about 145,000 people to identity thieves. Pursuant to a California data security breach notice law, ChoicePoint notified the affected individuals in California. Soon afterwards, many states started thinking: Geez, we’d like our citizens to be informed too. They put up a fuss, and ChoicePoint voluntarily agreed to notify all of the 145,000 people it said were affected. Many states subsequently passed data security breach notification laws similar to California’s.
After ChoicePoint’s announcement came a barrage of announcements of security breaches by numerous companies and institutions. According to a very useful listing and tally by the Privacy Rights Clearinghouse, data security breaches have affected over 50 million Americans (there may surely be some double-counting here, as some unlucky folks may have been affected multiple times).
Now ChoicePoint has announced that it has notified another 17,000 people that their personal data was compromised in the breach announced in February. According to the AP:
ChoicePoint Inc., the company that disclosed earlier this year that thieves had accessed its massive database of consumer information, said Tuesday in a regulatory filing it has sent out another 17,000 notices to people telling them they may be victims of fraud.
The Alpharetta-based company had said in February, after announcing the breach, that it had notified roughly 145,000 consumers that they may have had their personal information improperly accessed.
That number has now increased to 162,000, ChoicePoint said in its quarterly report to the Securities and Exchange Commission. The filing did not detail reasons for the increase, though the company had previously said the number could ultimately be higher.
1. Solove, Free Credit Reports: My Exciting Adventure (Concurring Opinions) (October 2005)
2. Solove, Notice Much Delayed: The FDIC Security Breach (PrawfsBlawg) (June 2005)
3. Solove, Data Security Breach Supersized: 40 Million People Affected (PrawfsBlawg) (June 2005)
4. Solove, Data Leaks: Déjà Vu All Over Again (PrawfsBlawg) (June 2005)
5. Solove, Tallying Up Data Security Breaches (PrawfsBlawg) (May 2005)
Posts on Identity Theft:
1. Solove, Youngest ID Theft Victim? (PrawfsBlawg) (July 2005)
2. Solove, Why Identity Theft Isn’t Pretty (PrawfsBlawg) (July 2005)
3. Solove, Identity Theft Fears and Online Shopping (PrawfsBlawg) (June 2005)
4. Solove, Identity Thief Professors (PrawfsBlawg) (June 2005)
Originally posted at Concurring Opinions
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.