AN FRANCISCO, March 16 - The phone lines are seldom quiet for long at the nonprofit Identity Theft Resource Center. But lately they have been ringing almost continually.
The calls come from people like Warren Lambert, who phoned on Feb. 18, the same day he received a letter conveying alarming news from ChoicePoint, a company that compiles data on millions of citizens. It was only one of more than 140,000 such letters ChoicePoint has mailed in recent weeks, informing people like Mr. Lambert that computer files containing their names, addresses and Social Security numbers, among other critical personal data, had been inadvertently sold to "several individuals, posing as legitimate business customers."
Mr. Lambert, a 67-year-old retiree living in San Francisco, called the identity theft hotline to ask not only what immediate steps he should take but, more important, "what I'm going to be exposed to."
The immediate steps were clear, according to Jay Foley, who with his wife, Linda, runs the ID theft counseling center from their home in San Diego. Mr. Lambert needed to phone the three major credit reporting agencies to find out if any credit cards or other accounts had been opened in his name - none had, so far - and then place a "fraud alert" on his accounts, to warn potential creditors not to open additional accounts in Mr. Lambert's name without fuller verification.
But Mr. Lambert also needed to understand that the privacy breach meant he now had something similar to an incurable virus - a chronic condition he would need to monitor for the rest of his life.
"Once a person knows your name and Social Security number," Mr. Foley said, "what, short of killing that person or lobotomizing them, is going to prevent them from digging out a file with that information and going to town on you, whether a year down the road or in 10 years?"
Mr. Foley says he dreads contemplating the trouble that Mr. Lambert and tens of thousands of other Americans may be exposed to as a result of recently disclosed leaks of personal information from ChoicePoint, LexisNexis and possibly Bank of America. The Foleys have taken too many calls in recent years from the estimated 3.2 million Americans that the Federal Trade Commission says are victims of identity theft in this country each year - people who are financially defrauded or even charged with crimes as a result of someone else's assuming their identities.
The thousands of identity theft victims the Foleys say they have counseled include an Indiana woman whose bank account was drained by a thief who had somehow gained access to her Social Security number.
There was a family in Modesto, Calif., who learned only months after the fact that someone had taken a second mortgage on their home. And there is the Nevada man bedeviled by a criminal, presumably still at large, who has used his personal data to take up temporary residence in a $3.5 million home in Boca Raton, Fla., and buy a Ferrari, a Porsche and a Mercedes in his name.
Statistically, based on the F.T.C. estimate, every 10 seconds another person in this country becomes the victim of an identity theft. And privacy-rights advocates warn that unless new safeguards are put on the massive consumer databases that have grown up in recent years, the rate of fraud can only increase.
Identity thieves can operate with remarkable efficiency as they work to enrich themselves using the good name and credit of others. Instead of old-fashioned methods like Dumpster-diving or sifting through the mail in search of credit card applications with people's personal information, sophisticated criminals are taking aim at the trove of personal files that data compilers like ChoicePoint and LexisNexis, a unit of the Reed Elsevier Group, have amassed on millions of citizens in recent years.
"A day does not go by where I don't spend time" working the phone talking to credit agencies and the like, said Mr. Lambert, the San Francisco retiree. Mainly, he said he had spent a lot of time worrying.
Another recent recipient of a ChoicePoint letter, Mary Chapman, has a different reaction to the efforts she taken to check whether anyone has committed criminal mischief in her name. "I wouldn't describe myself as nervous so much as angry," said Ms. Chapman, an out-of-work former federal employee who lives in Yreka, Calif. "I'm extremely angry."
ChoicePoint, based in Alpharetta, Ga., has suspended most sales of consumer information to small businesses and has created an independent office of credentialing, compliance and privacy in an effort to plug holes in its data security system. The company has also offered those receiving a notification letter one year of free credit monitoring.
LexisNexis, of Dayton, Ohio, which announced its data security problem last week, has said it is notifying all 30,000 affected individuals and also offering them a year's worth of credit monitoring.
The consumer backlash from the recent spate of database security lapses has brought unflattering publicity to an industry that had grown up quietly over the last decade, governed by only a thin patchwork of laws and regulations that mainly let the data compilers police themselves. But members of Congress have been galvanized and are calling for tighter controls and tougher consumer safeguards, and several bills have been introduced in the House and Senate, with more expected.
In Congressional hearings last Thursday and this past Tuesday, lawmakers grilled witnesses from the Federal Trade Commission and the database industry over the accuracy of the information being bought and sold, and whether enough was being done by data brokers and the government to protect consumer privacy.
"I think that after we hold this hearing," Rep. Joe Barton, Republican of Texas, said at Tuesday's hearing before a House subcommittee, "we're going to have to make a decision whether we need to set some national standards about what can be traded when."
For the Foleys in San Diego, who scrape by on foundation grants, dispensing free advice and support from a spare bedroom in their house, the problem of identity theft is hardly a new issue. The couple, who are in their 50's, started the Identity Theft Resource Center after Ms. Foley grappled with the effects of having her identity hijacked in 1997 - by an employer who used her Social Security number and other vital information to obtain three credit cards in her name and sign a contract with a cellphone provider.
"She was living quite nicely on my Social Security number," said Ms. Foley, a former restaurant reviewer. While trying to sort it all out, "I basically crawled into bed and pulled the cover over my head and wished the world would just go away," she said.
"You argue with the credit issuers," she said. "You argue with the credit reporting agencies, you argue with the collection agencies. Every time, you're reopening the wound and telling your story again until maybe eventually they might believe you."
Nowadays, the Foleys, a small staff and a team of 75 volunteers around the country help those who learn they are the victim of an identity theft negotiate that same nameless, faceless bureaucracy of credit card companies, banks, law enforcement agencies and collection firms.
"Basically I start answering the phone at 6:30 in the morning, and Linda joins me at about 9," said Mr. Foley, who was a salesman before the ID theft center became his full-time job. "And we basically answer them until 7 or 8 o'clock at night."
Companies that compile consumer data often argue that the threat of identity fraud linked to computer databases and the Internet has been overstated. A recent survey by the Better Business Bureau and Javelin Strategy & Research, which was financed by Visa USA, Wells Fargo Bank and CheckFree, concluded that a family member, friend, neighbor or in-house employee was responsible for half the reported identity theft cases.
But the ChoicePoint fraud was conducted by thieves who pretended to be legitimate business customers of the data service, who were given log-in access to the company's online databases. So far, only a single person, a Nigerian man in Los Angeles, has pleaded guilty to his role in the fraud, but investigators say they believe others were involved.
It has still not been determined what happened in an incident involving a Bank of America computer tape containing the files of more than a million customers that the bank recently said had disappeared. And LexisNexis is still trying to figure out how one or more unauthorized people obtained the passwords that gave them online access to 30,000 consumers' digital dossiers.
Regardless of how someone's identity is commandeered, the result can be endless hours trying to clear one's name.
Brent James of Mesa, Ariz., still has no idea why he started receiving calls from a collection agency in 2000, hounding him about a student loan in default. "I've never even had a student loan," Mr. James said.
Although he thought he had cleared up the matter years ago, he still receives periodic calls from bill collectors seeking payment for the loan. Then in October, he learned that these occasional phone calls were the least of his worries. Someone had entered into two cellphone contracts and bought a car in his name. And though Mr. James and his wife have owned a home since 2000, he also has "multiple personal judgments against me" by landlords suing over a broken lease.
"People tell me the civil judgments are the hardest to get off your credit report," Mr. James said. "Basically you need to hire a lawyer and go to court in each case."
Meanwhile, the phone calls continue to the Foleys' hot line, more of them in recent weeks - so many, at times, that the couple and their three-person staff cannot handle the load. Callers often get a busy signal.
To those who do get through, Mr. Foley imparts a harsh but simple message: "There's lots of ways this hurts you that you can't even begin to imagine until it happens to you."
Tom Zeller Jr. contributed reporting from New York and Washington for this article.
Home Delivery of The Times from $2.90/week - Act Now!
