ChoicePoint CEO: We're a victim too
Derek Smith says the company is in business to prevent the kind of fraud to which 145,000 people in its database could be exposed.
Published February 25, 2005
ATLANTA - ChoicePoint Inc. chief executive Derek Smith said Thursday he supports congressional hearings and tighter regulation of the data collection industry, if necessary, after revelations his company was duped into giving criminals access to its expansive database of consumers' personal information.
His face drawn and eyes weary from two days of meetings in New York with large investors, Smith said he is working around the clock to keep shareholders and customers from running away.
He said his company is investigating whether anyone internally was involved in the breach, but he stressed there has been no evidence of that.
"If we knew somebody had done something internally, we would tell you that," Smith said.
Smith said he believes his company is as much a victim as the roughly 145,000 Americans whose personal information may have been viewed by criminals.
"I wish we would have caught it sooner," Smith said.
He added, "The painful part for me is that our mission is being called into question."
ChoicePoint says its mission is to arm customers with information to verify that the people they are doing business with are who they say they are. That selling point has been turned on its head by thieves who apparently used previously stolen identities to create what appeared to be legitimate businesses seeking ChoicePoint accounts.
The bandits opened up 50 accounts and received volumes of data on consumers, including names, addresses, Social Security numbers and credit reports.
The ring, which operated for more than a year before it was detected, used the information to defraud at least 750 people, according to California authorities. ChoicePoint says consumers in all 50 states, the District of Columbia and three U.S. territories may have been affected.
The company has been notifying people by mail. Smith said the last of the letters should go out today.
The breach has caused several states and federal lawmakers to call for tougher regulation of the industry. On Thursday, Georgia's insurance commissioner threatened to ban state insurance companies from using ChoicePoint data for underwriting policies unless ChoicePoint makes changes to its security procedures.
The debacle also has spurred at least one lawsuit and could ultimately take a financial toll on the company. The company's share price has dropped about 10 percent since the episode was revealed.
ChoicePoint stock closed Thursday on the New York Stock Exchange at $41 per share, down 22 cents. The stock reached a 52-week high of $47.95 on Feb. 4.
Smith said that in his meetings in New York he tried to assure major shareholders the company is doing all it can to make sure such a breach never happens again.
"I can't speculate what the future will hold in terms of shareholders or customers," Smith said. But he said he believes there is an important role that data aggregators like ChoicePoint provide in society.
"If you shut the information off, the people that will win is organized crime," he said.
Smith said his company learned of the potential of fraud in October during routine monitoring of the company's system, and immediately notified authorities in California, where one of the suspect companies was located. Authorities there asked ChoicePoint not to discuss what happened initially to protect their investigation, Smith said.
He added that the company did not learn until last week that people outside of California may have been affected. Once it did, he said, the company immediately decided to notify people in other states, even though such notification is required only in California.
"We voluntarily found the breach and notified law enforcement. Why did we do that? We did that because we are in the business of preventing fraud for our clients," Smith said.
Formed in 1997 as a spinoff of credit reporting agency Equifax, ChoicePoint has rapidly grown beyond its roots of analyzing insurance claims information to become a clearinghouse for personal data on hundreds of millions of people.
The 19-billion public records in its database at its suburban Atlanta headquarters include motor vehicle registrations, license and deed transfers, military records, names, addresses and Social Security numbers.
[Last modified February 25, 2005, 00:51:16]
[an error occurred while processing this directive]