Watch CBS News
X-SciTech

ChoicePoint Halts Some Data Sales

/ AP

Add CBS News on Google

The embattled data broker ChoicePoint Inc. said Friday it no longer will sell sensitive consumer information to small businesses, and the company's chief executive said he did not learn of a major breach until several months after it was discovered.

CEO Derek Smith and company president Douglas Curling earned $16.6 million from sales in ChoicePoint stock after the company learned of the breach and before it was made public. The company announced Friday that the Securities and Exchange Commission was investigating the stock sales.

The breach involved scammers who posed as small business customers to access sensitive data that was used to steal people's identities.

ChoicePoint culls public records on individuals, including Social Security numbers and their current and former addresses. It has about 19 billion records, and its customers include insurance companies, financial institutions and federal, state and local agencies.

The company said Monday that consumers in all 50 states, the District of Columbia and three U.S. territories may have been affected by the breach of the company's credentialing process. The data warehouser also announced plans to rescreen 17,000 business customers to make sure they are legitimate.

The Alpharetta-based company said it has hired a retired Secret Service agent to help revamp its verification process. It also has paid for a one-year subscription to a credit monitoring service for each of the 144,778 people that may have been affected by the breach.

The company said the smallest number of possible victims - two - was in the U.S. Virgin Islands, while the largest number - 34,114 - was in California. It released a state-by-state breakdown late Monday. People in Puerto Rico and Guam also may have been affected.

There were 1,730 possible victims in Arizona.

Formed in 1997 as a spinoff of credit reporting agency Equifax Inc., ChoicePoint has 19 billion public records in its database at its suburban Atlanta headquarters, including motor vehicle registrations, license and deed transfers, military records, names, addresses and Social Security numbers.

The company's stock has dropped about 10 percent since the personal information breach was announced on Feb. 15. On Friday, ChoicePoint shares fell $2.03, or 5 percent, to $38.25 on the New York Stock Exchange.

CEO Smith told The Associated Press in an interview Friday that he did not personally learn of the breach until late January, though Los Angeles County detectives made their first arrest in the case in October.

"There is no way that a CEO can know everything that is going on as it relates to an operation," Smith said. "I am not involved in the day-to-day operations of the business."

Asked why, as CEO, he wasn't more closely in tune with his company's activities, Smith said: "You can second-guess that and certainly in hindsight, I certainly wish that I would have been informed sooner given the magnitude of what this has now been."

Last week, attorneys general in 38 states demanded ChoicePoint inform all affected consumers that they might vulnerable to identity theft amid concerns the company was foot-dragging. Politicians have also become involved, with two U.S. senators calling for hearings and stepped-up regulations to protect consumers.

Smith claimed ChoicePoint didn't grasp the magnitude of the breach until this year.

Asked if he would resign over the matter, Smith said, "I have no intention of leaving the company."

Corporate governance experts say the pattern and timing of the stock trading by Smith and Curling raise questions. ChoicePoint says it was prearranged under a plan approved by the company's board that was announced on Nov. 3.

ChoicePoint said it will stop selling information products that contain sensitive consumer data, including Social Security numbers, to that group of customers, except in limited cases where the products support federal, state or local government purposes. Smith said about 17,000 customers will be affected by the change. Larger business customers and government agencies may still have access to Social Security numbers, Smith said.

ChoicePoint's 17,000 small business customers accounted for about 5 percent of annual revenue of $900 million. As a result of suspending sales to them, ChoicePoint said it expects a decline in core revenue this year of $15 million to $20 million.

"Clearly what we did over the last week was take a very hard look at our business," Smith said. "To the extent you could rewrite history, we wish we had would have done things differently."

Last month, ChoicePoint said it was notifying those people who may have been affected by the breach.

The company said Friday that the number of potentially affected customers may increase, but it doesn't believe the increase will be substantial.

ChoicePoint has said repeatedly it learned of the breach in October, but delayed disclosing it because it said California authorities had asked it to keep quiet to protect the fraud investigation.

It said in a detailed explanation Friday that it first learned of the possibility of fraud on Sept. 27.

A similar breach involving 7,000 to 10,000 ChoicePoint records occurred in 2002 but did not become public until reported by the Los Angeles Times earlier this week.

As for the SEC inquiry, ChoicePoint said the agency has notified the company that it is conducting an informal inquiry of the stock sales as well as the circumstances surrounding identity thefts in connection with the breach of its database.

© 2005 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.

View CBS News In
CBS News App Open
Chrome Safari Continue