Choicepoint is now saying that up to 145,000 records may have been compromised. It took several months for Choicepoint to publicly report that they were tricked by nefarious characters who set up 50 companies get access to Choicepoint out of data, what else is going on at other info silos like Seisint that we don’t know about?
Lt. Paul Denny of the [Los Angeles County] sheriff’s department on the increase in the number of potential victims:
We know that there is a national number that is much larger than that. We’ve used the number 400,000, but we’re speculating at this point.
More from the blog Emergent Chaos:
Well, first take a look at the business-to-business management services that ChoicePoint is into and the value of the private data derived from such “middleman B2B activity”! For example ChoicePoint manages drug testing services for airport personnel (e.g. SFO?) and acts as a third party administrator for many employer healthcare plans, each of which is a goldmine of data for building out its profile on your virtual self that it has in its massive national databases. ChoicePoint’s customer is usually another big business. The customer is rarely the individual whose data ChoicePoint uses in the process of providing such business management services, so ChoicePoint probably cares little as to what your, the profiled individual, concerns are regarding ChoicePoint’ use of your private life data. Of course it has to comply with certain new California privacy laws and the federal HIPAA Privacy Rule (since it might be a “business associate” under HIPAA to the employer health plans). But it might be able to get around those by simply removing the key 18 personally-identifying HIPAA data elements on you (first name, last name, telephone, etc.) and then picking up the other 150 or so “deidentified” data elements it has on you (amount in your bank, health condition, etc) from the particular B2B middleman management service and give the file of 150 data elements the same file identifier number as the file it has already got on you from other sources, including the “big three credit reporting agencies.” I suggest, however, it would be severely bending the law, if not breaking it, were it to take such an aggressive view of current California privacy laws and federal laws, such as HIPAA and GLBA, and, of course, it would be hugely controversial were it shown to be itself violating anti-identity theft laws!
