Data brokers failed to issue security alerts

Washington Post

WASHINGTON — Executives of two data brokers told a Senate panel yesterday that their companies did not tell consumers about security breaches that occurred well before recent incidents exposed more than 400,000 people to possible identity theft.

ChoicePoint Inc. and LexisNexis also suffered breaches before passage of a California law in 2003 that requires companies doing business in the state to notify consumers that their data might be at risk But the companies chose not to alert the public in those cases.

The companies' executives agreed consumers might never have been informed about more recent breaches if it were not for the California law.

Sen. Dianne Feinstein, D-Calif., used the answers to bolster her push for a national notification law.