• United States



by Paul Kerstein

New Charges Brought in ChoicePoint Case

Aug 31, 20053 mins
CSO and CISOData and Information Security

A Nigerian man faces 22 counts of identity theft related charges in ascam targeting data broker ChoicePoint Inc. that cost victims aboutUS$4 million and started a national debate about data breaches.

A grand jury has indicted Olatunji Oluwatosin, already sentenced inFebruary to 16 months in jail on felony ID theft charges, with onecount of conspiracy to commit computer access fraud, five counts ofgrand theft, 14 counts of identity theft and two counts of credit cardaccess fraud, Los Angeles County District Attorney Steve Cooleyannounced Tuesday. The grand jury indictments were issued a week ago.

The 22 new charges replace a six-count complaint against Oluwatosin filed in July.

The indictment is part of one of the “largest cases of identity theftever prosecuted in Los Angeles County,” Cooley said in a press release.

The ChoicePoint breach, which the company has said it discovered inSeptember 2004, cost the company nearly $2 million, with losses tobanks and credit card companies totalling another $2 million, accordingto the press release. The indictment alleges that beginning on Jan. 3,2002, an unknown conspirator set up a mail drop in Beverly Hills,California, and opened a fraudulent business account with ChoicePointunder the bogus name of Pacific Collections.

Someone set up multiple mail drops and fictitious businesses andaccessed the records of thousands of U.S. residents using those bogusbusiness names, according to Cooley. Oluwatosin allegedly made paymentson some ChoicePoint accounts and handled the postal boxes and phoneaccounts for the bogus businesses used to gain access to ChoicePointdata, Cooley said.

Some of the information gained in the scam was used to access existingcredit cards or set up new accounts, the press release said.

The ChoicePoint data breach gained national attention when the Georgiacompany announced in February that data thieves had gained access tothe personal data of up to 145,000 U.S. residents, many of whom did notknow that ChoicePoint was selling their information. Several members ofthe U.S. Congress called for a national data breach notification lawfollowing a series of breaches beginning with the ChoicePointannouncement

The Los Angeles District Attorney’s office has filed a related casenaming another Nigerian national, Kabiru Olatunde Ipaye, with receivingstolen property, access fraud, possessing a forged driver’s license andother counts. The cases were related because personal information takenfrom ChoicePoint was used at mail drops associated with Ipaye,prosecutors said.

By Grant Gross – IDG News Service (Washington Bureau)