ChoicePoint Inc., the company that disclosed earlier this year that thieves had accessed its massive database of consumer information, said Tuesday in a regulatory filing it has sent out another 17,000 notices to people telling them they may be victims of fraud. The Alpharetta-based company had said in February, after announcing the breach, that it had notified roughly 145,000 consumers that they may have had their personal information improperly accessed.
That number has now increased to 162,000, ChoicePoint said in its quarterly report to the Securities and Exchange Commission. The filing did not detail reasons for the increase, though the company had previously said the number could ultimately be higher.
ChoicePoint spokesman Chuck Jones said Tuesday that the company had disclosed the notifications to the extra 17,000 people in September, and that the SEC filing doesn't represent any notifications beyond that number.
ChoicePoint said its review of the data breach is ongoing and there could be further notices sent out.
In the data breach, thieves posing as small business customers gained access to ChoicePoint's database. The company discovered the breach in late September 2004, but it was not publicly disclosed until mid-February. The scam resulted in at least 750 cases of identity theft, authorities said.
ChoicePoint collects data on individuals, including Social Security numbers, real estate holdings and current and former addresses. It has about 19 billion records, and its customers include insurance companies, financial institutions and federal, state and local agencies.
The company says it has taken several steps to ensure another breach of its database does not occur, though it warned in Tuesday's filing its procedures are not foolproof.
Several government investigations of the data breach at ChoicePoint are ongoing, including one by the SEC looking at the stock sales of the company's top two executives between the time the breach was first discovered and when it was publicly disclosed.