|
NEW YORK (CNN/Money) - ChoicePoint President Douglas Curling and LexisNexis CEO Kurt Sanford admitted that they did not immediately report security breaches to victims while they were being grilled during Senate hearings over personal identity theft.
"I'd like the specifics in writing, focusing on why the people whose information was breached couldn't have been notified earlier," said Sen. Arlen Specter, the Pennsylvania Republican who heads the Senate Judiciary Committee, to Sanford. "Those people are all at risk, and you have a duty to notify them at the earliest possible moment."
Specter also chastised Curling for ChoicePoint's "very, very disconcerting" failure to report a security breach in 2001.
"Mr. Curling, Mr. Sanford, we may well face a necessity for some really tough legislation that will have you do your duty," said Specter.
Earlier in the hearings, Curling apologized for the security breaches, while Acxiom executive Jennifer Barrett acknowledged that data criminals are getting smarter.
"Mr. Chairman, let me be blunt," said Acxiom chief privacy officer Barrett, addressing Specter. "The bad guys are smart and they're getting more organized."
Barrett said that Acxiom is applying more stringent security measures to the way it handles personal information. After Curling offered his "sincere apology" to consumers victimized by identity theft, he said ChoicePoint was ramping up fraud prevention security measures in the sale of personal identity information.
Answering to Specter's demands, Sanford said he provided a written report as to why LexisNexis did not immediately reply to security breaches.
In February, ChoicePoint announced that about 145,000 personal identities were stolen by members of an organized crime ring. Last year, a Florida man was arrested for stealing information from Acxiom.
LexisNexis said Tuesday that personal information on 310,000 people may have been stolen -- 10 times the number it estimated just last month.
Specter, who has called for federal legislation to crack down on theft of personal information, said 10 million people were victimized by identity theft in 2003, costing them $5 billion and costing businesses $50 billion.
Sen. Dianne Feinstein, a Democrat from California, said she introduced a bill on Monday that would impose fines on personal data companies that fail to inform victims when their identities have been stolen. The bill is patterned after a California law that required ChoicePoint to alert victims that their identities had been stolen, said Feinstein, and would fine companies up to $50,000 per day for failing to notify victims.
Although identity theft is usually used to steal money from unsuspecting victims it has also been used for violent crimes including murder, said Sen. Patrick Leahy, a Democrat from Vermont. Leahy said that in 1999 a stalker bought a woman's social security number for $154 and used it to locate her job and gun her down.
"[For] $154, he could track her down," said Leahy.
|
