ChoicePoint Data Cache Became a Powder Keg

formatting link
Identity Thief's Ability To Get Information Puts Heat on Firm By Robert O'Harrow Jr. Washington Post Staff Writer Saturday, March 5, 2005; Page A01

The man on the phone called himself James Garrett.

Speaking with a lilting accent, the man said he was an executive with a Los Angeles company called M.B.S Financial. He told an employee at ChoicePoint Inc. that he wanted to open an online account with the company to receive electronic reports on people.

It was the kind of request that ChoicePoint, one of the nation's largest information services, gets all the time. Thousands of corporate and government clients rely on the company to provide them with publicly available information on people for help in hiring, fraud detection, journalist research, national security and debt collection.

But the man's call last fall was different, according to a detective's description of the encounter and testimony presented in a later court hearing. Unknown to ChoicePoint, the caller was not Garrett, an actor in the Los Angeles area. Police said he was a con artist involved in a vast identity-theft scam that succeeded in making off with records of at least 145,000 people. The real Garrett was just another victim.

The imposter's attempt to gain access to even more files would not only expose the scam, but spark a national outrage and congressional hearings over whether the nation's growing commercial data industry is doing enough to guard personal information.

Yesterday, the burgeoning scandal led ChoicePoint to cut off access to some sensitive data to thousands of small businesses. The company also announced in filings with the government that two senior executives were under investigation by the Securities and Exchange Commission for stock trades that took place after they learned about the scheme last fall but before they made it public.

On the day the man called ChoicePoint in late September, he was close to getting what he wanted. He had already filed an application for the right to download reports to his computer, for about $15 each, claiming he needed sensitive personal information like Social Security numbers to track down targets of his collection agency.

But to the ChoicePoint employee on the other end of the line, something wasn't quite right. For starters, the caller used a Los Angeles copy store to fax his paperwork to open an account. That seemed strange for a businessman, and even more so when an in-house investigator realized that similar requests had recently been made by others in the Los Angeles area. Something also seemed out of kilter about the local government documents the man forwarded to prove his business existed.

Authorities in Los Angeles were called for help. The officer assigned to the case, a sheriff's detective named Duane Decker, asked the company whether it could lure the man posing as Garrett back to the copy store as part of a modest sting operation. ChoicePoint would convince Garrett he needed to go back to the copy store to sign a faxed copy of his application and send it back to the company.

The ruse worked. On Oct. 27, a man claiming to be Garrett showed up as promised at the Copymat store on Sunset Boulevard. He approached the counter, asked for a document filed for James Garrett and paid the bill.

Decker, lingering nearby, asked the man if he was Garrett. When the man said yes, Decker asked him to step outside. As they left the store, the detective said he thought he had an easy case in hand. He couldn't have been more wrong.

The man Decker stopped was Olatunji A. Oluwatosin, a 41-year-old Nigerian national. Oluwatosin claimed he was picking up the paperwork for another man named Bobby, according to testimony at Oluwatosin's court hearing.

On the way out of the store with Decker, Oluwatosin dropped the paperwork he had just received from ChoicePoint and other forms for a company dubbed Gala Financial. At the time, he was carrying five cell phones, only one of them in his own name. Three credit cards bore the names of other people, including at least one woman.

At Decker's request, Oluwatosin shared his address in North Hollywood. Once there, Decker said he found a printout of a ChoicePoint search involving another name, that of a man he later learned had lost $12,000 to identity thieves. Decker also found a receipt for a public storage business not far away. Before long, searching in unit B-245, Decker found what he later told a state court judge were the tell-tale signs of an identity theft operation: new televisions, electric generators and other products in shipping boxes stripped bare of details about where the goods came from.

The paperwork offered other leads. Decker found addresses that turned out to be commercial mail services. Investigators asked to see the unopened mail at some of those locations. One clerk brought out two large bags containing credit card applications, financial statements and other mail that had been redirected from homes around the nation.

Driving to more than a dozen commercial mail services in one day, Decker and a postal inspector identified redirected mail from more than 700 people. Further investigation revealed links to 22 other ChoicePoint accounts that had been opened under false pretenses.

"I realized that this was just absolutely huge and out of control," Decker said.

Identity theft and fraud has become a national problem in a few short years. In 2003, federal authorities estimated that about 750,000 people fell victim to some identity scam. Now the prevailing estimate is close to

10 million.

Driving the rise is a growing number of clever criminals who use people's Social Security numbers and other facts of their lives to take on their personas to run up credit cards bills, empty bank accounts and commit other crimes. But consumer advocates say it's also the failure of so many information brokers, retailers and credit issuers to adequately protect records or do enough to stop swindlers by verifying the identities of customers.

Credit card companies, marketers and others have lost millions of files to hackers and identity thieves in recent years. Two years ago, ChoicePoint itself was hit by another identity theft scheme involving personal records of thousands of people.

ChoicePoint, based in Alpharetta, Ga., has assembled a huge trove of personal data in recent years. Much of that information, such as court rulings, driver records and real estate details, comes from government agencies. The company also purchases information from the three major credit bureaus and other information services.

Its ability to create and electronically transmit exhaustive dossiers on people makes it a favorite of many Fortune 500 companies, government agencies and law enforcement and Homeland Security authorities. Today, it has more than 100,000 customers and revenue approaching $1 billion, a large proportion based on the resale of details about individuals.

Before granting service, ChoicePoint typically requires a photocopy of a driver's license and business records on file with a state or local government agency. A ChoicePoint employee would then verify that such a person and company exists. Identity thieves skirted this system by using fake IDs and by setting up front companies on paper, registered with government agencies in phony names, according to court and company records.

Olatunji Oluwatosin pleaded no contest to identity theft in a California court last month. He was sentenced to 16 months in state prison. Authorities are still investigating who else may be involved in the scandal. They believe others, possibly many others, worked with him.

ChoicePoint officials, meanwhile, said they have since identified more than 50 accounts that appear to be phony. The company has warned people to watch for unauthorized activity on their credit reports and has offered to give them free access to that information, at an estimated cost of $2 million.

The real James Garrett said he first noticed that something was amiss when he received a call from a credit card company. The company told him that a card in his name had been redirected to another address. When Garrett went to police to report the fraud, police told him he was apparently part of an identity theft ring, possibly related to terrorist financing, Garrett said yesterday.

An investigator in the ChoicePoint case later told him that identity thieves had obtained not only his name and address, but his Social Security number, credit card password and mother's maiden name.

"They knew everything about me," Garrett said.

Behind the scenes, the case continues to expand. Decker and other authorities in Los Angeles have discussed the case with the FBI and Secret Service, which has indicated it may have another identity theft suspect with ties to the ChoicePoint case. The Federal Trade Commission has begun an inquiry.

At the same time, public ire is intensifying. Congress is planning to hold hearings about the breach and the information industry in general. Some of those hearings may involve questions about national security. Democrats, including Sen. Bill Nelson (D-Fla.) have asked for a study about how terrorists might use information brokers like ChoicePoint.

In response to the thefts, ChoicePoint said in an SEC filing that it is "discontinuing the sale of information products that contain sensitive consumer data ... except where there is either a specific consumer-driven transaction or benefit or where the products support federal, state or local government and law enforcement purposes."

"We fully support a continued national discussion of how to ensure that information is used responsibly, that the positive benefits of information use are preserved and that the illegal uses of data are severely punished," the company's filing said.

The company has defended the sale of hundreds of thousands of shares since November, before the scandal became public, by ChoicePoint chief executive Derek V. Smith and president and chief operating officer Douglas C. Curling, saying the transactions were part of scheduled sales arranged last fall. Smith said he personally did not know about the security breach until January.

Decker, meanwhile, said that after four months it feels like his investigation is just beginning.

"Sometimes you're looking at Social Security numbers, and all of the sudden a name pops out and you realize, 'These are real people, all of them,' " he information is out there," he said. "They could all be victims, if not now, in the future.

Special correspondent Kimberly Edds contributed to this story from Los Angeles.

Copyright 2005 The Washington Post Company

NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at

formatting link
. Hundreds of new articles daily.

*** FAIR USE NOTICE. This message contains copyrighted material the use of which has not been specifically authorized by the copyright owner. This Internet discussion group is making it available without profit to group members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of literary, educational, political, and economic issues, for non-profit research and educational purposes only. I believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner, in this instance, The Washington Post Company.

For more information go to:

formatting link

Reply to
Marcus Didius Falco
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.