Carol A. DiBattiste has helped manage the federal agency that oversees airport screening. Now ChoicePoint is counting on her to help it regain public trust.
The Alpharetta, Ga.-based company has tapped DiBattiste -- deputy administrator of the U.S. Transportation Security Administration (TSA) -- as its chief credentialing, compliance and privacy officer, reporting to the company's board of directors privacy committee.
ChoicePoint, which specializes in providing personal records to insurance and credit companies, has been at the heart of a media firestorm since disclosing that thieves stole 145,000 consumer records by setting up fake-business requests. The controversy has fueled calls for federal oversight of the data-brokering business, and Capitol Hill hearings are expected on the issue.
The company hopes DiBattiste can help tighten its customer screening practices and help restore public trust in the process.
"Recent events where criminals were able to become customers have led us to take this strong action in order to regain the trust of consumers that their information is being used only for their benefit, or the benefit of society at large," Privacy Committee Chairman Dr. John Hamre said in a statement. "To regain that trust, we need a strong voice outside the day-to-day business that is responsible for customer credentialing, compliance and privacy. Having a person of Carol's stature join us is vital to our efforts to have the kind of policies, procedures and compliance programs that build confidence as well as set a standard for the industry."
DiBattiste will lead an independent office in Washington, D.C., to oversee improvements in the customer credentialing process, the expansion of a site-based verification program, and implementation of procedures to expedite the reporting of incidents, the statement said. She'll also help make policies regarding the company's compliance with local, state and federal privacy laws, regulations and company policies.
The TSA has had its share of controversy in the past. It has been accused of violating privacy laws by asking airlines to turn over passenger data without their knowledge or consent in the wake of the 9-11 terrorist attacks. DiBattiste will leave TSA April 15 and join ChoicePoint May 2, spokeswoman Kristen McCaughan told The Associated Press.
As ChoicePoint attempts to regain its footing, more legal shoes are dropping in the case.
A Californian who used personal information from ChoicePoint and other companies to steal thousands of identities got a 5 ½-year prison sentence this week, according to the United States Attorney's office.
Adedayo Benson, a 38-year-old Nigerian national, was sentenced Monday after pleading guilty last November to using and conspiring to use fraudulently obtained credit cards, according to the U.S. Attorney's office in Los Angeles. He was also ordered to pay nearly $155,000 in restitution to several financial institutions.
Benson's sister, Bibiana Benson, was sentenced to 4-1/2 years in federal prison after she pleaded guilty in 2002 to unlawful use of identification, federal authorities have said.
ChoicePoint isn't the only company whose credibility has been challenged by successful hackings.
Hackers gained access to personal information of about 32,000 Americans on databases owned by Anglo-Dutch publisher Reed Elsevier and the FBI is investigating along with the Secret Service arm of the U.S. Treasury Department, a company representative told the Reuters news agency Wednesday.
Reed Elsevier said the breach at the Seisint unit was found after a customer's billing complaint in the last week led to the discovery that an identity and password had been misappropriated. The information accessed included names, addresses, Social Security and driver's license numbers, but not credit history, medical records or financial information. Seisint, based in Boca Raton, Fla., collects data from government agencies, building large databases and ways to extract information from them.
Meanwhile, a Miami man has blamed Bank of America for more than $90,000 stolen in an unauthorized wire transfer to Latvia. Joe Lopez filed a lawsuit Feb. 7 claiming that Bank of America had not alerted him to malicious code that could -- and indeed had -- infected his computer. A forensic investigation by the U.S. Secret Service revealed that a Trojan called Coreflood, which acts as a keystroke logger, had compromised one of his PCs.
This is the first known case of a U.S. banking customer suing for a loss that was the result of a hacking incident. Though the cause of the infection hasn't been determined, many experts say the likely culprit was phishing, either through an e-mail or Web site that pretends to come from a legitimate company and solicits the recipient's confidential information.
Note: Material from CNN, The Associated Press and Reuters was used in this report.