ChoicePoint Data Theft Worse Than Initially Reported

As I originally suspected the ChoicePoint fraud case has expanded to a national scope. The Associated Press is reporting that half a million people across the United States may have had their information stolen. Attorneys general from 38 states have demanded that ChoicePoint warn any victims in their states, beyond those in California. So far a 41-year-old Nigerian, Olatunji Oluwatosin, has been sentenced to 16 months in jail. According to AP, Oluatosin "was arrested on Oct. 27 when ChoicePoint faxed him some paperwork at a Kinko's store in a sting operation. He pleaded no contest and did not agree to help authorities in the probe."

Politicians are getting angry, according to AP: "On Wednesday, Sen. Dianne Feinstein, D-Calif., called for hearings on her proposed national version of the California law, while Sen. Bill Nelson, D-Fla., asked federal regulators Friday to oversee data-brokering companies the same way they do other companies that handle financial and medical records. New York state legislator James Brennan asked his state to suspend an $800,000 ChoicePoint contract until the company agreed to warn any New York residents whose data might have been exposed."

Suspend until ChoicePoint sends a letter? How about cancelling the contract instead?

Update: Check out this great quote by Adam Shostack:

I hope Richard, at TaoSecurity, takes Choicepoint to IDS kindergarden.