WASHINGTON -- Several U.S. senators faulted ChoicePoint and Bank of America Thursday for recent large-scale identify thefts from the two companies, and some lawmakers called for national legislation that would regulate what data collection companies can do with private information.
Two Democratic members of the Senate Banking Committee, Senator Jon Corzine of New Jersey and Senator Charles Schumer of New York, announced plans to introduce legislation to regulate data brokers, companies that sell private information such as Social Security numbers and credit histories to law enforcement agencies, insurance companies, lenders and other businesses.
Speaking at a committee hearing, Senator Patrick Leahy, a Vermont Democrat, criticized ChoicePoint for failing to recognize legitimate customers after ID thieves using stolen identities set up businesses that requested hundreds of thousands of background check records from the company during 2004.
In mid-February, ChoicePoint disclosed that the identity thieves had gained access to the personal information of up to 145,000 U.S. residents. ChoicePoint maintains a 19-billion-item database including Social Security numbers, drivers license numbers and credit data.
"It was an irresponsible violation of the fiduciary relationship they have with their customers," Leahy said of ChoicePoint.
Leahy also criticized Bank of America's decision to transfer a digital tape containing private data on a commercial airline flight. In late February, Bank of America announced that, on a flight, it lost digital tapes containing the credit card account records of 1.2 million federal employees, including 60 U.S. senators.
Leahy questioned the apparently common practice in the financial industry of transferring such data on commercial flights, saying he's lost his luggage too many times to trust that airplane holds are secure. "I don't know what these people are thinking," Leahy said. "You can imagine how disillusioned their customers must feel that Bank of America didn't care any more about them."
Senator Paul Sarbanes, a Maryland Democrat, called ChoicePoint the "world's largest private intelligence operation."
In addition to the ChoicePoint and Bank of America incidents, LexisNexis' parent company, Reed Elsevier PLC, announced Wednesday that hackers compromised databases and stole the personal information of at least 32,000 people.
In the first of several likely congressional hearings on ID theft after the recent disclosures, representatives of ChoicePoint and Bank of America were scheduled to testify, but their appearances were rescheduled until next week after a conflict with several votes on the Senate floor.
Both companies, in written testimony, apologized for the ID thefts and said they've taken steps to ensure that similar incidents will not happen. Representatives of both companies said they welcome a debate on national privacy protection laws. "As Congress continues its work in this area, we stand ready as a company to cooperate with your efforts," ChoicePoint Vice President Don McGuffey said in written testimony.
In its statement, ChoicePoint detailed a series of steps it has taken since the breach, including its decision to stop selling sensitive consumer data to many of its customers, except when that data helps complete a consumer transaction or helps government or law enforcement.