Warren Lambert thought it was just another piece of junk mail until he read the letter more closely and learned that con artists may have obtained his Social Security number, name and address — just what they need to steal his identity and ruin his credit.
Lambert is one of nearly 145,000 Americans rendered vulnerable by a breach of the computer databases of ChoicePoint Inc., a leading trafficker in a growing pool of information about who we are, what we own, what we owe and even where we go.
The Georgia-based company began mailing the warning letters after acknowledging this month that thieves opened more than 50 ChoicePoint accounts by posing as legitimate businesses.
Lambert, a retired banker in San Francisco, now spends several hours a day phoning customer service agents, poring over credit card statements, ordering credit reports and checking bank accounts.
He worries that thieves will eventually do to him what sheriffs detectives in Los Angeles say they’ve done to more than 700 other people — reroute his mail, ring up credit card debts, buy a car or even commit a felony in his name.
“Now I have to be on a credit monitoring service and look over my shoulder for the rest of my life,” said Lambert, 67. “I feel sorry for the younger victims who are eventually going to buy a house or a car. They’ll try to buy and then they’ll discover that their credit is ruined.”
More than 9.9 million Americans were victims of identity theft last year, crimes that cost the nation roughly $5 billion not including lost productivity, according to the U.S. Postal Inspection Service. The Federal Trade Commission ranks identity theft as the No. 1 fraud-related complaint.
Many victims are dumbfounded by the dearth of federal and state laws aimed at protecting their credit histories and other information about them that data brokers gather and sell to institutions including news organizations, banks and, increasingly, companies vetting prospective employees. Victims are also frustrated by the amount of time it takes to re-establish identities.
According to a 2003 survey by the San Diego-based nonprofit Identity Theft Resource Center, the average victim spends at least 600 hours over several years recovering from identity theft.
And based on wages of people surveyed, it cost the average victim nearly $16,000 in lost or potential income — not including what they might have paid for bogus purchases creditors wouldn’t reimburse.
Even worse than the drain on time and income, victims say, is a sense of helplessness and doom they feel — the notion that thieves could strike again at any time.
“I don’t think anyone fully recovers from these events,” said the resource center’s co-executive director, Linda Foley, whose identity was used to get credit cards and a cell phone in 1997. “It alters the way you look at things for the rest of your life.”
ChoicePoint's chief executive, Derek Smith, said in an interview Thursday with The Associated Press that he supports congressional hearings and tighter regulation of the data collection industry, if necessary. And ChoicePoint issued a statement this week that it was “going to extraordinary lengths to assist people whose identities may have been compromised.”
But critics note that the ChoicePoint breach — first detected by investigators in October — didn’t become public until the company began complying this month with a California law requiring that people be notified when their personal data is compromised.
Consumer advocates want the data-brokering industry subjected to federal oversight, as credit ratings companies are. And even that industry isn’t adequately regulated, critics say.
In December 2003, President Bush signed the Fair and Accurate Credit Transactions Act, which allows consumers to put a free, 90-day fraud alert on their credit reports. The alert forces banks, car dealers and other lenders to apply additional scrutiny whenever anyone tries to apply for credit in that person’s name.
Well aware of the law, many criminals who obtain such data horde it for use more than 90 days later.
Gail Hillebrand, a senior attorney with Consumers Union, calls the so-called FACT Act relatively toothless.
“The crooks are getting smarter,” Hillebrand said. “Unfortunately the way the law is structured, consumers have to do their own legwork. You have to follow up, write letters, give information.”
The “databasification” of information — Internet-connected computer servers that store billions of pieces of information on almost every American — has made it ever easier for thieves to make purchases using personal information stolen from the elderly and the deceased — or even to clone someone else’s identity and live and work under it.
The ChoicePoint attack may be an example of something else — fraud perpetuated by an organized crime ring. A Nigerian was sentenced to 16 months in jail for his alleged role in the scam, which authorities say spanned about a year. He has refused to cooperate with authorities, they say, but the volume of compromised data is so huge he can’t have acted alone.
ChoicePoint also won’t reveal details of the crime, citing an ongoing investigation. And that’s incredibly frustrating for Lambert, who can’t find out what exactly is in his ChoicePoint dossier beyond his name, address and Social Security number.
After spending hours on the phone with ChoicePoint representatives, he was told Thursday that he had to sign a release simply to find out what information the company kept on him.
“They have no damage control. Nobody knows what they’re doing,” Lambert said of ChoicePoint. “It’s beyond comprehension that in the 21st century this could happen.”