A fraud ring infiltrated one of the nation’s largest collectors of consumer information and obtained credit reports, Social Security numbers and other information about tens of thousands of people in a massive case of identity theft.
ChoicePoint Inc. said Tuesday that it had begun sending letters to about 35,000 California residents to tell them that their personal information may have been compromised. The Georgia company urged them to check their credit reports for new accounts or suspicious activity.
The scope of the scam is likely to widen because California is the only state that requires companies to notify people when the security of their personal information is jeopardized.
A ChoicePoint spokesman said the number of victims nationwide could total 100,000, but the company could not be sure of the extent of the fraud and had no plans to contact people outside California.
“This is the worst in our seven years,” said the spokesman, James Lee. “This is extraordinarily serious.”
Los Angeles County sheriff’s investigators said they had identified 750 people whose personal data had been used to buy jewelry, consumer electronics and computers. A North Hollywood man has been arrested, and investigators are searching for other suspects.
Fewer than 10,000 credit reports were obtained in the yearlong scam, Lee said. He refused to explain how the scammers circumvented rules that require permission from the subject of a credit report to release the data to a third party.
“Financial fraud is a pervasive part of our economy,” Lee said. “The bad guys are very bright, very smart and very committed.”
Although not a household name, ChoicePoint maintains what it claims is the largest collection of court records, addresses and other public data on people in the country -- some 19 billion records in all.
Insurance companies, banks, law enforcement agencies and many arms of the federal government use ChoicePoint’s data. Landlords rely on ChoicePoint’s databases to make decisions about prospective renters and insurance companies use them to assess the risk of potential customers.
Last year, the company earned $148 million on revenue of $919 million.
Spun off from credit bureau Equifax Inc. in 1997, ChoicePoint has been criticized by privacy advocates for not maintaining tighter control over the data it compiles and sells.
“Our basic problem is that they circulate information that is even more detailed than a credit report,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center.
Identity theft is worsening, Rotenberg said, and “companies like ChoicePoint are contributing to this problem.”
Identity theft topped the list of consumer complaints to the Federal Trade Commission in 2004 for the fifth straight year. By some estimates, it costs consumers more than $50 billion a year, not counting the considerable hassle of setting things right.
The rise of the Internet has made trafficking of personal information easier. Organized criminal gangs routinely buy and sell credit card information online, winning higher prices by attaching such personal information as phone numbers and home addresses.
Lee said ChoicePoint maintained strict security standards, adding that the flaws exploited by the scammers had been corrected. He provided few details, except to say that ChoicePoint no longer accepted faxed copies of business licenses.
ChoicePoint refused to detail the infiltration, which was detected in October. A ChoicePoint employee noticed a suspicious application to open a customer account, which enables users to search for background information about people and to request credit reports from one of the three major credit bureaus.
After the company compared notes with Los Angeles County sheriff’s fraud investigators, they determined that the problem was much bigger: At least 50 suspicious accounts had been opened in the name of nonexistent debt collectors, insurance agencies and other companies, said sheriff’s Det. Duane Decker.
According to ChoicePoint, the scam artists were a ring of serial identity thieves. They used other people’s information to invent plausible businesses that withstood investigation.
Lee said he didn’t know how names targeted by the ring were selected; they had nothing obvious in common, such as high net worth or recent transactions.
“There’s no rhyme or reason” to the list, Lee said.
The investigation is focused in California, but Decker said the FBI and U.S. postal inspectors also were working on the case. Federal spokesmen didn’t return a call seeking comment.
A break in the case came shortly after Los Angeles County sheriff’s detectives joined the investigation. After another suspicious application for a ChoicePoint account came in by fax from a Southern California Kinko’s, investigators set up a sting operation. They sent a responding fax asking for a new signature.
Olatunji Oluwatosin, 41, was arrested when he arrived to pick it up, said sheriff’s Lt. Robert Costa. Originally from Nigeria but living in North Hollywood, Oluwatosin was charged with six felony identity-theft counts. He was being held at the North County Correctional Facility in lieu of $2-million bail.
Oluwatosin told investigators that he was the victim of mistaken identity -- he was picking up the fax for someone else.
Times staff writer Peter Y. Hong contributed to this report.
People who receive a notice that their personal information may have been compromised should check their credit report. Californians have access to a free credit report annually. The reports can be obtained by calling (877) 322-8228 or by visiting the website at www.annualcredit report.com.
Los Angeles Times