ChoicePoint: ‘Insurance Industry Databases Were Not Compromised’

ChoicePoint’s Clue Auto, Clue Property and Current Carrier insurance industry databases were not in any way involved or compromised by the fraud ring that obtained data from other ChoicePoint databases of public record information, according to Richard Collier, vice president and market leader for the ChoicePoint Personal Insurance Division.

“Our insurance customer database is 100 percent secure, as it has been for the last 18 years,” Collier, who is in charge of the ChoicePoint business unit responsible for insurance industry databases, said.

“We sell a host of products to the insurance market and have for a very long time,” Collier said. “Our insurance database market is limited to insurance companies with certified A.M. Best numbers and their licensed and contracted insurance agents. That is our total market, we do not sell our products outside of that market.”

ChoicePoint has been building customer’s cooperative databases since Clue Auto, a claims database, was launched in 1987. Clue Property, a homeowner claims database began in 1992; and Current Carrier, a database used to confirm or prove existing or prior coverage launched in 2002.

Ninety-eight percent of all auto companies in the U.S. contribute to Clue Auto; 95 percent of all homeowners companies contribute to Clue Property; and 65 percent contribute to Current Carrier today, with commitments from customers to raise that to 75 percent by year-end.

Collier explained that a company must contribute to the database to have access to it. A client that contributes to the database can order information out of the database and has access to the database for themselves and their contracted insurance agents. Additionally, access to the three databases is secured via multiple passwords and points of authentication. The three programs are the only ones that contain insurance company data.

“We want to assure our industry partners that we are committed to the security of their data and the trust they have shown us in the past two decades,” Collier said.

The fraud did not involve hacking of any of ChoicePoint’s databases according to Chuck Jones, director of external affairs.

“The widely reported fraud investigation now taking place in California was not a breach of ChoicePoint’s network or a ‘hacking’ incident and did not involve any of ChoicePoint’s customer information,” Jones told Insurance Journal.

“The fraud was initially discovered last fall, but law enforcement authorities did not allow ChoicePoint to disclose the incident until now so as not to compromise their investigation,” Jones explained.

ChoicePoint has confirmed in a written statement that criminals pretending to be legitimate companies stole credit reports, Social Security Numbers, driver’s license numbers and other personal information of consumers across the United States, but the company said criminals did not breach or hack into the company’s network. A Nigerian citizen pleaded no contest in California state court late February and was sentenced to 16 months in prison in connection with the incident.

On its Web site, ChoicePoint indicated it has distributed notification to 144,778 consumers, including approximately 35,000 California residents and several thousand Colorado, Arizona, Oregon and Washington residents, that their information may have been accessed by a very small number of criminals posing as legitimate companies to gain access to information about consumers. It also reported it is taking steps to avoid being duped in the future, including rescreening more than 17,000 customers to make sure they are legitimate businesses.

“These criminals were able to pass our customer authentication due diligence processes by using stolen identities to create and produce the documents needed to appear legitimate,” ChoicePoint said in a written statement. “As small business customers of ChoicePoint, these fraudsters accessed products that contained basic telephone directory-type data (name and address information) as well as a combination of Social Security numbers and/or driver’s license numbers and, at times, abbreviated credit reports. They were also able to obtain other public record information including, but not limited to bankruptcies, liens, and judgments; professional licenses; and real property data.”

According to the statement, ChoicePoint first detected possible fraud in several metro Los Angeles small business accounts in October 2004. ChoicePoint notified the Los Angeles County Sheriff’s Department, which confirmed the fraud and began an investigation. In November, ChoicePoint claims the lead investigator told it to wait until January 2005 to report the fraud to consumers, to prevent a possible compromise of the investigation.

The company also said it has taken steps to try and prevent this sort of problem again. It hired retired U.S. Secret Service veteran Robert McConnell to be its liaison to law enforcement officials and to suggest preventative measures.

ChoicePoint also is “updating its customer credentialing and enrollment processes, on-going account monitoring analytics and its periodic customer auditing programs.” And it is “re-credentialing” broad categories of its customer accounts, including small business customers.

“Financial fraud conducted by seemingly legitimate businesses is a pervasive problem in the economy,” Jones said. “While ChoicePoint offers a wide range of tools to help detect fraud, no one including us is immune from it.

“We are continually updating our processes and procedures to ensure the integrity of our systems and the information they contain,” he added. “ChoicePoint remains committed to its core principles of working to create a safer, more secure society through the responsible use of information while ensuring the protection of personal privacy.”

Topics California USA Cyber Fraud Market