Database debacles: individuals' privacy is rapidly eroding as more and more of their most intimate information is collected and sold by data brokers that have little oversight and few restrictions.

• Author: Swartz, Nikki
• Position: ON THE EDGE: The Use & Misuse of Information

This year is shaping up to be a banner year for identity thieves. Already in 2005, there have been three big, headline-grabbing cases in which thousands of individuals' private information, including Social Security numbers and addresses, have been stolen or lost.

In February, ChoicePoint Inc. revealed that an identity-theft ring accessed tens of thousands of its electronic documents, which contain information such as driving and property records and insurance claims. Critics say the breach put more than 450,000 individuals at risk of identity theft.

Also in February, the Bank of America revealed that data tapes containing personal information about 1.2 million federal charge card holders had been lost or stolen.

In March, LexisNexis, a worldwide leader in global legal and business data, discovered that thieves had stolen data--including names, addresses, and Social Security and drivers' license numbers--on up to 310,000 U.S. consumers.

These incidents have raised new warnings about companies that sell private data and their growing banks of personally identifiable information pertaining to millions of individuals' lives. Many, including lawmakers, are now saying the data-broker industry has too little government oversight and contending that such databases should fall under regulations that govern credit reports.

The ChoicePoint Calamity

ChoicePoint, one of the largest information brokers, revealed that scammers posing as legitimate Los Angeles-area businesses opened 50 fraudulent accounts and accessed various databases used for pre-employment background checks and public records searches.

They paid fees of $100 to $200 and provided fake documentation to identify their businesses as insurance agencies, check-cashing companies, and other organizations that would have normally been allowed to subscribe to ChoicePoint's services. After setting up accounts and gaining access to ChoicePoint databases, thieves were able to gather a treasure trove of information--including addresses, phone and Social Security numbers, credit files, and even names of relatives and neighbors--on at least 145,000 people. Investigators said they believe up to 400,000 individuals' records may have been compromised, but ChoicePoint contends that the breach affected only about 145,000 personal records, some of which are duplicates.

According to police records, the account holders then made unauthorized address changes on at least 750 people. This is a trick identity thieves often use to establish credit accounts that they can use to make fraudulent charges. However, it is not clear whether any false charges were made in these specific cases before the fraud was discovered.

U.S. investigators alerted ChoicePoint to the security breach in October 2004, but the...