• Credit
• Data Breach
• Fraud
• Identity Theft
• Other News
• Privacy
• Reviews
• Scams
• Tips
• Truston

« Previous Post | Blog Home | Next Post »

Data breaches since Choicepoint: 53 million people

Posted on Mar 22, 2006 by Tom Fragala

The Privacy Rights Clearinghouse wrote a super article summarizing all the data breaches since the first occurance of Choicepoint’s fraud-tinged data breach which started with their announcement February 15 2005. The total number of people who have had their personal information compromised in breaches since that date is over 53 million.

The article points out that the driver behind the flood of data breach notifications is the first of its kind California law that required notice of security breaches and was first put in place in July 2003. They also make the point, correctly I believe, that

ChoicePoint's 2/15/05 announcement of its data breaches…was a watershed event in terms of disclosure to the affected individuals. Since then, the "best practice" has been to disclose breaches to individuals nationwide -- in a sense, adopting California's notice requirement nationally. In the meantime, 22 states have passed laws requiring  that individuals be notified of security breaches.

Why did it become a best practice for many firms to notify customers in all states that were effected, even when not required by that state’s laws? Well, because it very quickly became clear in the Choicepoint situation that you can’t get away with it. First, the press went nuts over the story. Then I recall a number of state attorneys general publicy threatening to do everything they could, regardless of the lack notification requirements, to nail Choicepoint to the wall if they didn’t come clean. Most people forget that after Choicepoint there were many breaches that effected far more people. But those companies weathered the storm better than Choicepoint because most notified all consumers effected (and didn’t try to cover up the scope of the breach). Example: Lexis-Nexis had breach annoucements totaling over 300,000 people just two months after Choicepoint’s (which effected 145,000 people).

Tags: idtheft, identitytheft