Data Broker Faces SEC Probe

Federal regulators are investigating why two top executives of information broker ChoicePoint Inc. earned more than $16 million selling stock in the weeks before outrage over a massive identity theft engulfed the company.

ChoicePoint said Friday that the Securities and Exchange Commission’s staff had launched an inquiry into the stock sales and the company’s handling of a security breach that has sparked a national furor over privacy. The Federal Trade Commission and several state attorneys general also are probing the incident.

Scammers accessed the company’s massive online databases and retrieved the records of as many as 145,000 consumers, including their Social Security numbers and other confidential data. A North Hollywood man has been convicted of fraud in the case.

ChoicePoint also said it would restrict the kinds of data provided to small companies in an effort to prevent identity thieves from posing as customers with a legitimate need for personal data.

The company’s stock price, which has tumbled since the Feb. 15 disclosure of the data leak, fell again Friday, sinking 6.5%.

Based in Alpharetta, Ga., ChoicePoint maintains the nation’s largest commercial collection of court records, Social Security numbers, addresses and other data on people. Businesses and government agencies use the data to check on customers and prospective employees.

According to SEC filings by ChoicePoint, Chief Executive Derek Smith and President Douglas Curling started making regular, weekly stock sales by exercising options on Nov. 9, continuing until Feb. 23.

Smith earned a profit of $12.4 million on the sales that took place before the news broke. Curling took home a profit of roughly $4.1 million.

ChoicePoint spokesman Dan McGinn said Smith and Curling sold their shares as part of routine divestitures and that there was “absolutely no connection” with the identity-theft case.

But Nov. 9 was also the day search warrants were served on ChoicePoint by Los Angeles County sheriff’s investigators probing suspicious applications, coming from Southern California, to use the company’s databases. The warrants made clear the wide scope of the case, said Los Angeles County Sheriff’s Lt. Robert Costa.

Before that day, the company had reason to think that a few hundred potential victims might have to be notified, said another law enforcement official who spoke on condition of anonymity. Afterward, this official said, it was clear that the number would be well into the thousands.

Smith told Associated Press on Friday that he was not aware of the case until late January. “There is no way that a CEO can know everything that is going on as it relates to an operation,” he said. “I am not involved in the day-to-day operations of the business.”

Bruce Simpson, an industry analyst at investment firm William Blair & Co., said he didn’t think the stock trades would turn out to be improper. “They had set up a regular, programmed trading program,” he said -- something that is not unusual at large companies.

Others were more skeptical.

“They have no credibility,” said Linda Foley, co-executive director of Identity Theft Resource Center, a nonprofit organization that helps victims of fraud.

Neither SEC nor FTC officials would comment on their investigations. A person familiar with the FTC’s probe, however, said it was investigating whether the company had appropriate safeguards for information and whether it promised consumers greater protection of their data than it delivered.

Smith declined to be interviewed by The Times, which Wednesday disclosed that the company had been infiltrated by an identity theft ring in 2000, leading to losses that federal prosecutors estimated at $1 million or more.

The CEO had said as recently as two weeks ago that the case revealed last month was “the first time that that kind of process has really happened for us.” On Friday, a ChoicePoint statement acknowledged for the first time that there had been “similar incidents,” but McGinn would not elaborate.

Smith’s statements concerning what he knew -- and when -- could be a subject of the SEC probe, said Jeffrey Eglash, a Los Angeles attorney and former federal prosecutor. “That’s a very big matter that will draw the attention of regulators,” he said.

The company, in what it called a move to prevent further fraud, said it would restrict the types of consumer data it would sell to small companies. Access by government agencies and large businesses will not be affected.

McGinn said that under the new policy, a person would have to give permission before an employer, landlord or other small-business owner could do a search of the person’s records.

But a prosecutor handling the earlier identity-theft case involving ChoicePoint said he doubted the new measures would stop fraud artists from gaining access to records.

“These criminals are incredibly resourceful,” said Assistant U.S. Atty. Mark Krause. “They were willing to submit faked documents and lie about authorization.”

By putting increased restraints on its consumer services, ChoicePoint said it would lose as much as $20 million in sales this year. That would represent about 2% of its $918.7 million in revenue for 2004.

ChoicePoint shares dropped $2.63 to $37.65 on the New York Stock Exchange. It was their lowest daily closing price in nearly a year. Before the scandal broke, the stock had been trading above $43 for months.

Spun off in 1997 by Equifax Inc., one of the three major credit bureaus, ChoicePoint has been targeted by privacy advocates in the past. They say the firm has avoided strict regulation imposed on the bureaus and other financial institutions. Others have criticized federal law enforcement agencies that rely on ChoicePoint to collect data on citizens that the authorities are barred from compiling themselves.

The company has been under particular scrutiny since it said last month that it would notify 35,000 consumers in California that their personal records had been accessed by a Nigerian-born scam artist.

Olatunji Oluwatosin of North Hollywood pleaded no contest to felony identity theft charges in a case the company said led to the compromise of the records of as many as 110,000 other consumers around the country.

The earlier case also involved Nigerian nationals living in the San Fernando Valley. In September 2002, Bibiana Benson pleaded guilty to unlawful use of identification and was sentenced to 54 months in prison. She is appealing the sentence.

Her brother, Adedayo Benson, pleaded guilty in November to three felony counts concerning the use and attempted use of fake credit cards. He’s scheduled to be sentenced Monday.

Avivah Litan, an analyst with Gartner Inc., predicted that ChoicePoint wouldn’t be the only aggregator of personal information to undergo a public airing of its security breaches.

“Every time the cops break into identity thieves’ operations, they find stacks and stacks of sensitive personal information reports,” she said. “I think there are a lot of companies in the same position that haven’t gotten caught yet.”

Times staff writer Kathy M. Kristof contributed to this report.