Jan 27, 2006 (12:01 PM EST)
ChoicePoint's Far From Alone In Data Security Dungeon

Read the Original Article at InformationWeek

ChoicePoint may be getting all of the unwanted attention, but it's got plenty of company when it comes to suffering from data breaches.

The Federal Trade Commission recorded more than 685,000 consumer fraud and identity theft complaints in its database in 2005. Thirty-seven percent of all of the complaints were due to identity theft.

The Privacy Rights Clearinghouse, a consumer advocacy organization, reported earlier this week that more than 52 million Americans have had their personal information jeopardized by data breaches since Feb. 15, 2005, when thieves set up bogus accounts using information obtained from ChoicePoint. The non-profit group said it chose to begin tallying then because the ChoicePoint incident marked a "watershed event" in terms of disclosure.

The breaches range from stolen laptops at the Department of Justice to social security numbers printed on tax filing packages sent by H&R Block. Hackers, thieves, dishonest insiders and others infiltrated hospitals, defense contractors, banks, schools, mortgage brokers and car companies. All involved loss or compromise of information useful to identity thieves, such as: social security numbers, account numbers or driver's license numbers.

Ten days after 145,000 to 163,000 individuals' information was compromised in the ChoicePoint incident, Bank of America lost a backup tape that included information on about 1.2 million people, according to the clearinghouse. Several more breaches resulted in the loss of anywhere from 4,500 people's information to hundreds of thousands until April, when DSW, a retail company found that 1.3 million customers' data could have been exposed to hackers.

In June, CitiFinancial recorded the next loss in the millions when a backup tape with 3.9 million individuals' information was lost. A mere 10 days later, CardSystems reported that 40 million people's information was vulnerable because of hacking.

Motorola, City National Bank, J.P. Morgan in Dallas, Wal-Mart, H&R Block and universities didn't know how many people were affected by stolen laptops, backup tapes, dishonest insiders and hacking.

According to the Public Interest Research Group, California was the only state with a law targeting security breaches before the ChoicePoint incident. Since then, 35 states have introduced laws aimed at curbing the problem. Twenty-three states have enacted them.

The federal government is also fighting the problem.