Executives of two major data brokers acknowledged to a Senate panel yesterday that their companies did not tell consumers about security breaches that occurred well before recent incidents exposed more than 400,000 people to possible identity theft.
ChoicePoint Inc. and LexisNexis also suffered breaches before passage of a California law in 2003 that requires companies doing business in the state to notify consumers that their data might be at risk, officials said. But the companies chose not to alert the public in those cases.
"Why not?" snapped Sen. Arlen Specter (R-Pa.), Judiciary Committee chairman.
"I can't explain it," replied Douglas C. Curling, president and chief operating officer of ChoicePoint.
Somehow that does not seem an adequate response.