ChoicePoint's Problems Now Include Shareholder Suit

Compounding the problems from the security breaches at ChoicePoint Inc., its shareholders have now filed proposed class actions alleging the information broker's top officials violated federal securities law by failing to disclose its data was previously compromised.

In early February ChoicePoint revealed that scammers posing as legitimate business customers had illegally obtained the private information of at least 35,000 people. ChoicePoint collects personal information on individuals throughout the country and provides identification and credential verification services to businesses and government agencies.

Initially the company said the improper access was limited to the records of California residents, but it later said as many as 145,000 individuals from across the country had their personal information stolen.

When asked about the recent lawsuits, a ChoicePoint representative said the company does not comment on matters in litigation.

However, in a previously issued statement CEO Derek Smith said: "We apologize again to those consumers who may be affected by the fraudulent activity. We remain committed to helping them take active steps to protect their personal data and to assisting law enforcement officials who are investigating the attacks on consumers' identities."

Outraged by the security breach and invasion of privacy, consumers and legislators from around the country are calling for new laws to regulate the information-brokering industry. According to published reports, only California has a state law that mandates individuals be notified when their personal data are stolen.

In response to demands from state attorneys general, ChoicePoint said it would notify 110,000 individuals outside California who could be affected by the theft.

According to published reports, investigations of the theft have been launched by the FBI, the Secret Service, the U.S. Immigration and Customs Enforcement Agency (the investigative arm of the Department of Homeland Security), the Federal Trade Commission, and the Securities and Exchange Commission. Suits have also been filed alleging violations of state law and the federal Fair Credit Reporting Act.

News of the theft shocked the market, and ChoicePoint stock price fell by $4.20 to close at $39.30 per share Feb. 22. In early March it fell to $37.65 per share. The stock had traded as high as $46.82 per share during the proposed class period of April 22, 2004, to March 3, 2005.

Shareholder Mark Perry and others are now alleging that ChoicePoint and its top executives failed to disclose or recklessly disregarded the fact that the company's security measures were inadequate and that security breaches had occurred on at least two occasions.

In October 2004 a Nigerian man was arrested for a yearlong scam that allowed him to fraudulently purchase the personal information of at least 700 individuals, they say. According to court records, he has since pleaded no contest to the criminal charges and was sentenced to 16 months in jail.

Investors also say two individuals pleaded guilty in 2002 to accessing the ChoicePoint records of at least 7,000 people, which led to at least $1 million in fraudulent purchases.

Moreover, the investors say the stock value was inflated by numerous positive statements issued by the company and its top executives. Also named as defendants in the shareholder suit are CEO Smith, president/director Douglas Curling and CFO Steven Surbaugh.

Revenue growth was in the double digits in early 2004, including 11 percent growth for the first quarter of 2004 over 2003, and 16 percent growth for the second quarter. The third quarter of 2004 was even higher, with revenue growth of 18 percent over the same period in 2003.

After the fourth quarter of the year showed 16 percent growth, Smith allegedly said, "We are well positioned to continue our successful track record of financial performance while helping to create a safer, more secure world through the responsible use of information."

These and other material misstatements or omissions inflated the stock value in violation of Sections 10(b) and 20(a) of the Securities Exchange Act, the shareholders say. Under these provisions, the plaintiffs have to show that company executives intended to deceive the investing public.

The investors also say company insiders profited at their expense by selling more than 375,000 shares of stock for nearly $16 million in proceeds. Smith allegedly made $11.3 million from his stock sales, while Curling purportedly made about $4.5 million.

ChoicePoint announced March 4 that it was discontinuing the sale of sensitive consumer data, including Social Security numbers and drivers license information, except when there is a specific consumer-driven transaction or when the request pertains to a criminal investigation.

The company has also appointed Carol A. DiBattiste, currently deputy administrator of the Transportation Security Administration, to oversee its credentialing, compliance and privacy programs.

"These changes are a direct result of the recent fraud activity, our review over the past few weeks of our experience and products, and the response of consumers who have made it clear to us that they do not approve of sensitive personal data being used without a direct benefit to them," Smith said in a statement.

ChoicePoint has offered three credit bureau reports and one year of credit monitoring to the individuals whose information was stolen, but some critics say the monitoring is not long enough.