NEW YORK (CNN/Money) -
ChoicePoint Inc., a national provider of identification and credential verification services, says it will send an additional 110,000 statements to people informing them of possible identity theft after a group of well-organized criminals was able to obtain personal information on almost 140,000 consumers through the company.
According to a statement on the ChoicePoint (Research) Web site, the incident was not the result of its systems being hacked but rather caused by criminals posing as legitimate businesses seeking to gain access to personal information.
ChoicePoint said the criminals may have gained access to people's names, addresses, Social Security numbers and credit reports.
The company said Tuesday it sent warning letters to 30,000 to 35,000 consumers in California, the only state that requires companies to disclose security breaches.
Although the company knew about the fraud last fall, it said it did not reveal the information until now at the request of authorities, who said it would jeopardize the investigation.
ChoicePoint said 35,000 California residents have already been notified and another 110,000 people outside of California will receive notice soon.
Alpharetta, Ga.-based ChoicePoint maintains personal profiles of nearly every U.S. consumer, which it sells to employers, landlords, marketing companies and about 35 U.S. government agencies.
ChoicePoint's databases contain 19 billion public records, including driving records, sex-offender lists and FBI lists of wanted criminals and suspected terrorists.
The company says its records enable law enforcers to track down serial killers and have helped find 822 missing children.
ChoicePoint has drawn criticism from privacy activists who say it should face greater limits on how it handles the detailed profiles it has amassed on nearly every U.S. citizen.
Chris Hoofnagle, associate director with the Electronic Privacy Information Center, noted another consumer-data company, Acxiom suffered a security breach as well. That occurred in 2003.
"This calls into question whether these data products actually make us more secure," he said. "This is a prime example of how they don't and why ChoicePoint should be subject to federal privacy regulations," he said.
In several recent filings with the Federal Trade Commission, Hoofnagle has argued ChoicePoint should be subject to a law that allows consumers to view their credit reports and see who else is accessing them.
People can lose their jobs because of erroneous ChoicePoint records, he said, while predators can too easily tap the database to track down victims.
ChoicePoint said in a December response it complied with existing laws and gave consumers more access to their own files than required.
"The topic of the responsible use of information is a vital one to our society ... we support a national debate on this very topic," ChoicePoint President Doug Curling said.