|Headquarters||Alpharetta, Georgia, United States|
|Key people||James Peck CEO|
|Products||"Identification and credential verification services"|
|Revenue||US$ 982 million (2007)|
ChoicePoint (previous NYSE ticker symbol CPS) was a data aggregation company based in Alpharetta, near Atlanta, Georgia, United States, that acted as a private intelligence service to government and industry. It was purchased in February 2008 by Reed Elsevier (parent corporation of LexisNexis) in a cash deal for $3.6 billion USD. The company was rebranded as LexisNexis Risk Solutions.
ChoicePoint combined personal data sourced from multiple public and private databases for sale to the government and the private sector. The firm maintained more than 17 billion records of individuals and businesses, which it sold to an estimated 100,000 clients, including 7,000 federal, state and local law enforcement agencies (30 March 2005 estimates).
However, this data had not been secured sufficiently to prevent theft of data on at least one occasion (see below). The company had also been the subject of lawsuits for maintaining inaccurate data, inquiries whether it allowed political bias to influence its performance of government contracts and accused of illegally selling the data of overseas citizens to the U.S. government. ChoicePoint was used to perform consumer and criminal background checks on prospective employees of the Obama administration.
- 1 Activities
- 2 Florida voter file contract
- 3 Major security breaches
- 4 Other topics
- 5 See also
- 6 References
- 7 External links
The company's activities included the following (30 March 2005 estimates):
- Consumer initiated transactions (60% of business), most of which are regulated by the Fair Credit Reporting Act. These included pre-employment screening, insurance underwriting services, tenant screening services, consumer record reporting and title insurance finances
- Marketing services (9%), none of which include the distribution of personally identifiable information, but are regulated by state and federal "Do Not Mail" and "Do Not Call" legislation.
- Contracts with local and federal law enforcement agencies (5%)
- Data and authentication solutions (6%), including litigation and debt collection support to law firms, financial institutions and general business.
- Software and technology services (20%), which do not include the distribution of personally identifiable information.
ChoicePoint's database of personal information contained names, addresses, Social Security numbers, credit reports, and other sensitive data. In 2005, this database contained 250 terabytes of data on 220 million people. ChoicePoint also operated the Comprehensive Loss Underwriting Exchange (CLUE), a database used by insurance companies to share histories of claims or damage reports on property. The CLUE database includes identification information on properties such as homes and automobiles, policy records (name, date of birth, policy number), and records of claims (date and type of loss, amounts paid). As of 2006, history is kept for five years. It contains records of damage reports regardless of whether the damage resulted in a claim.
Florida voter file contract
ChoicePoint became embroiled in the Florida voter file controversy of 2000 through its acquisition of Database Technologies (founded by Hank Asher and known as DBT Online Inc.), a data analysis company in the same year. During the U.S. presidential election of 2000, people in Florida were struck from central voter file and not permitted to vote. The U.S. Presidential election hinged on the outcome of the vote in Florida.
DBT Online had been contracted to provide a list of voters barred from voting by the state of Florida in 1998 for US$4 million, including a first-year fee of US$2,317,800. The 1998 contracting process involved no bidding.
In the aftermath of the vote, the owner of DBT Online, ChoicePoint,was accused of cooperating with Florida Governor Jeb Bush, Secretary of State of Florida Katherine Harris, and Florida Elections Unit Chief Clay Roberts, in voter fraud, conspiracy involving the central voter file. It was also accused of having a bias in favor of the Republican Party, for knowingly using inaccurate data, and for racial discrimination.
The allegations charge that 57,700 people (15% of the list), primarily Democrats of African-American and Hispanic descent, were incorrectly listed as felons and thus barred from voting. Reports estimate that 80% of these people would have voted, and that 90% of those who would have voted, would have voted for Al Gore. Other allegations include listing voters as felons for alleged crimes said to have been committed several years in the future. The official (and disputed) margin of victory, in the election, was 537 votes.
ChoicePoint says that it acquired DBT Online after DBT delivered the initial 2000 voter exception list to Florida officials for verification and that it has "no involvement in any election in any country". However ChoicePoint's acquisition of DBT Online was made public on 14 February 2000 and in May 2000, DBT discovered that approximately 8,000 names were erroneously placed on the exclusion list, so their claim of no involvement does not match the timeline.
ChoicePoint Vice President James Lee said that at least 8,000 names were incorrectly listed in this fashion when the company passed on a list given by the state of Texas, and these names were removed prior to the election. Fagan described this error as a "minor glitch". ChoicePoint, as a matter of policy, does not verify the accuracy of its data arguing that it is simply compiling public information and that it is the original collectors' responsibility to verify accuracy.
On April 17, 2000, ChoicePoint Vice-President Martin Fagen testified at a special Congressional hearing in Atlanta that Florida had ordered DBT to add to the list voters who matched 80% of an ineligible voter's name, middle initials, and suffixes were to be dropped, while nicknames and aliases were added. In addition, names were considered reversible, for example Clarence Thomas could be added in place of Thomas Clarence. Lee opened his testimony by noting that ChoicePoint intended to get out of the voter purge industry. Then, on February 16, 2001, DBT Senior Vice-President George Bruder testified before the U.S. Commission on Civil Rights that the company had misinformed the Florida Supervisors of Elections regarding the usage of race in compiling the list. Greg Palast concludes, "An African-American felon named Will Whiting might wipe out the registration of an innocent African-American Will Whiting, but not the rights of an innocent Caucasian Will Whiting". Palast alleges that 80% of the 57,700 people allegedly barred from voting were African-American.
Major security breaches
ChoicePoint has suffered several security breaches which have led to the theft of the personal information it holds. The company has been criticized as much for the way it has handled the thefts as the incidents themselves. Its actions over a substantial breach in 2004 led to calls for new national privacy laws in the US to protect the personal data of Americans. Since then, reports published in the media say the company has improved its privacy practices.
ChoicePoint discovered on September 27, 2004, that some of its small-business customers in Los Angeles were engaged in suspicious activity. The company notified police, but did not inform the individuals whose data was leaked until early February 2005. At first, the company only notified some 35,000 California residents as required by law in that state. After a public outcry for more information, the company notified a further 128,000 US citizens whose records were improperly accessed.
Thieves used previously stolen identities to create apparently legitimate businesses seeking ChoicePoint accounts. Over the course of more than a year they then opened about 50 accounts and received personal information on individuals, including names, addresses, and identification numbers. The old-fashioned scheme, that did not involve any hacking, allowed each fake company account to collect "just enough data to fly under the radar" in order to facilitate at least 750 cases of identity theft. In total, more than 5,000 cases of identity theft were reported as the result of the breach.
The scam came to light when 41-year-old Nigerian citizen, Olatunji Oluwatosin, was detected attempting to gain access to personal data held by ChoicePoint. Olatunji Oluwatosin was arrested in October 2004 with five cell phones and three credit cards that belonged to other people, according to investigators. He was sentenced by the Los Angeles County Superior Court in February 2005 to 16 months in prison.
Incident made public due to California law
The incident became public because of a California notification law that came into effect on 1 July 2003 requiring companies to notify individuals when their personal information has been stolen. Further, until pressured by investigations (see below), ChoicePoint restricted its search of compromised records to the 15 months that the California law had been in force, leading it to identify 145,000 records against the eventual total of 163,000.
The security breach sparked a number of investigations to include members of Congress, the Federal Trade Commission, the US Securities and Exchange Commission and US state attorneys general as well as personal lawsuits.
Media investigations generated by the incident brought to light that ChoicePoint had suffered a previous similar ID theft in 2002. A similar scam of establishing fake businesses has been used to make between 7,000 and 10,000 inquiries on names and Social Security numbers to commit at least US$1 million in fraud.
Congress members rebuked the company for the security breaches, its intention only to notify California citizens of the breach and proposed federal privacy reforms.
The company eventually reached an agreement with around 20 state attorneys general to notify individuals in other states that their data had been stolen.
Cost to the company
The incident cost ChoicePoint millions of dollars. The company reported charges of US$11.4 million related to the incident in the first six months of 2005, including US$2 million to notify victims of the incident and US$9.4 million in legal and professional fees. Changes to business practices to avoid further breaches were expected to cost the company between $15 million and $20 million in sales during 2005 and to reduce earnings per share by 10 cents to 12 cents.
In January 2006 ChoicePoint was fined US$15 million by the Federal Trade Commission: US$10 million in civil penalties and US$5 million to compensate victims of the security breach. In addition, ChoicePoint was required to take steps to better secure personal information.
The announcements of frauds and the fines have been accompanied by substantial falls in the value of the company's traded shares.
Changes to business practices
ChoicePoint's steps to improve its data privacy practices were noted in the media, where some reports state that the company should now be considered an industry leader in data privacy. Not everyone was so sanguine; Marc Rotenberg of the Electronic Privacy Information Center (EPIC) said,
- "While I'm prepared to give them credit for a series of positive steps, I don't think it would be accurate to say that they got to this position on their own. It took a lot of work by EPIC and other organizations."
Several lawsuits and consumer complaints have accused ChoicePoint of providing inaccurate and out-of-date information in its criminal background reports, resulting in unfair job losses for applicants. Problems also arose concerning the accuracy of individual's financial standing, the difficulty of correcting errors, and individuals being refused loans and housing support.
It is claimed that the company has not met US federal laws requiring consumer reporting agencies (third parties who conduct background checks for employers) to verify the data they give employers or notify job applicants when they provide adverse information to an employer.
National Credit Audit Corporation
ChoicePoint subsidiary, National Credit Audit Corporation of Peoria, Illinois has been accused of attempting to force magazine subscribers to pay for merchandise which they have not ordered.
CLUE database misuse
MSN Money columnist Liz Pulliam Weston wrote a column about a Bremerton, Washington couple, State Farm Insurance customers for 30 years, who discussed an incident of rainwater damage to their home with the company. They ended up not filing a claim, thus maintaining a claim-free history for their home. In spite of the claim-free history, State Farm dropped them as customers, and shared information on their water damage with ChoicePoint's CLUE database. That sharing led to the couple being repeatedly denied coverage by other insurance companies. The column also describes anecdotal evidence cited by real estate agents that information obtained from CLUE has caused home sales to fall through.
- "Company Profile for ChoicePoint Inc (CPS)". Retrieved 2008-10-06.
- In Age of Security, Firm Mines Wealth Of Personal Data, Washington Post, 19 January 2005, retrieved 14 March 2007
- "LexisNexis Risk Solutions". LexisNexis.com. Retrieved 2014-10-17.
- EPIC, 30 March 2005, loaded 3 April 2007
- CNN Obama Questionnaire, 13 November 2008, loaded 13 November 2008
- ChoicePoint at Yahoo Finance, retrieved 12 September 2007
- ChoicePoint website, retrieved 12 September 2007
- They're Watching You, Business Week, 24 January 2005, retrieved 10 April 2007
- Insurers keep a secret history of your home, MSN Money, 30 July 2006, retrieved 12 September 2007
- A Blacklist Burning For Bush, Greg Palast, 10 December 2000, retrieved 12 September 2007
- ChoicePoint's Mythical Role in Elections Past and Present, ChoicePoint website,8 July 2007, retrieved 14 March 2007
- Voting Irregularities in Florida During the 2000 Presidential Election, Civil Rights Commission Report on 2000 Florida Elections, retrieved 14 March 2007
- Florida's flawed voter-cleansing program, Salon, 4 December 2000, retrieved 12 September 2007
- Choicepoint's Error Rate Emergent Chaos loaded 14 March 2007
- ChoicePoint's error sparks talk of ID theft law, By Grant Gross, IDG News Feb 23, 2005, retrieved 26 December 2011
- FTC imposes record fine on ChoicePoint in data-loss case, Jurist, 26 January 2006, loaded 30 March 2007
- The ChoicePoint Incident, Red Herring, 22 February 2005, retrieved 12 September 2007
- Break-in costs ChoicePoint millions, C|Net News, 20 July 2005, retrieved 12 September 2007
- ChoicePoint Data Cache Became a Powder Keg, Washington Post, 5 March 2005, retrieved 12 September 2007
- ChoicePoint faces inquiry, will curtail data sales, C|Net News.com, 4 March 2005, loaded 30 March 2007
- ChoicePoint was victim of ID theft in '02, Seattle Times, 3 March 2005, retrieved 12 September 2007
- Break-in costs ChoicePoint millions, ZDNet News, 20 July 2005, loaded 30 March 2007
- SEC probing ChoicePoint stock sales, MSN, 4 March 2005, loaded 30 March 2007
- ChoicePoint fined $15m by FTC, Financial Times, 26 January 2006, retrieved 12 September 2007
- ChoicePoint Is Fined for Data Breach, Los Angeles Times, 27 January 2006, retrieved 14 November 2008
- ChoicePoint quoted stock at Yahoo Finance, retrieved 12 September 2007
- ChoicePoint Incident Leads To Improved Security, Others Must Follow, Gartner Group, 19 September 2006, retrieved 14 March 2007
- Keeping Your Enemies Close, New York Times, 12 November 2006, republished by ChoicePoint, retrieved 12 September 2007
- Gary Rivlin (2006-11-12). "Keeping Your Enemies Close". New York Times. p. 4. Retrieved 2008-02-04.
- ChoicePoint's checks under fire, Wired, 23 March 2005, retrieved 12 September 2007
- National Credit Audit Corporation Tries To Collect Bogus Debt, Consumerist.com June 2007, retrieved 10 September 2007
32.^ http://www.elsiglodetorreon.com.mx/noticia/31543.se-deslinda-el-ife-de-venta-de-padron.html 33.^ http://www.elsiglodetorreon.com.mx/noticia/29665.descubre-el-ife-quien-vendio-padron-electoral.html 34.^ http://www.jornada.unam.mx/2006/12/17/index.php?section=politica&article=010n2pol
- LexisNexis ® Risk Solutions
- Firm Mines Wealth Of Personal Data, Washington Post, loaded 14 March 2006
- Stealing Identities the Old-Fashioned Way, Tech News World
- Alert in Response to ChoicePoint Identity Data Theft
- Break-in costs ChoicePoint millions, News.com, 7/20/2005
- ChoicePoint files found riddled with errors, msnbc.com, 3/8/2005
- Electronic Privacy Information Center's ChoicePoint page - includes information EPIC gained from FOIA requests
- ChoicePoint-FBI Deal Raises New Privacy Questions, consumeraffairs.com, 16 May 2006, loaded 2 April 2007