<p>The embattled data broker ChoicePoint Inc. said Friday it no longer will sell sensitive consumer information to small businesses except in limited cases, and the company's chief executive said he did not learn of a major breach until several months after it was discovered.</p><p>CEO Derek Smith and company president Douglas Curling earned $16.6 million from sales in ChoicePoint stock after the company learned of the breach and before it was made public. The company announced Friday that the Securities and Exchange Commission was investigating the stock sales.</p><p>The breach involved scammers who posed as small business customers to access sensitive data that was used to steal people's identities.</p><p>ChoicePoint culls public records on individuals, including Social Security numbers and their current and former addresses. It has about 19 billion records, and its customers include insurance companies, financial institutions and federal, state and local agencies.</p><p>The company's stock has dropped more than 17 percent since the personal information breach was announced on Feb. 15. On Friday, ChoicePoint shares fell $2.63, or 6.5 percent, to close at $37.65 in trading on the New York Stock Exchange.</p><p>CEO Smith told The Associated Press in an interview Friday that he did not personally learn of the breach until late January, though Los Angeles County detectives made their first arrest in the case in October.</p><p>"There is no way that a CEO can know everything that is going on as it relates to an operation," Smith said. "I am not involved in the day-to-day operations of the business."</p><p>Asked why, as CEO, he wasn't more closely in tune with his company's activities, Smith said: "You can second-guess that and certainly in hindsight, I certainly wish that I would have been informed sooner given the magnitude of what this has now been."</p><p>Smith claimed ChoicePoint didn't grasp the magnitude of the breach until this year.</p><p>Asked if he would resign over the matter, Smith said, "I have no intention of leaving the company."</p><p>Corporate governance experts say the pattern and timing of the stock trading by Smith and Curling raise questions. ChoicePoint says it was prearranged under a plan approved by the company's board that was announced on Nov. 3.</p><p>The personal information of 145,000 Americans may have been compromised in the breach, and authorities say about 750 of them were defrauded. The fiasco has fueled consumer advocates' calls for federal oversight of the loosely regulated data-brokering business, and Capitol Hill hearings are due to be scheduled on the issue.</p><p>In an AP interview last week, Smith said "we voluntarily found the breach (in October) and notified law enforcement." He said Friday that he didn't mean to include himself in that reference.</p><p>Smith said the decision to halt sales to small businesses follows "the response of consumers who have made it clear to us that they do not approve of sensitive personal data being used without a direct benefit to them."</p><p>ChoicePoint said it will stop selling information products that contain sensitive consumer data, including Social Security numbers, to that group of customers, except in limited cases where the products are consumer driven or support federal, state or local government purposes. Those customers may still be able to access non-sensitive data like names and telephone numbers. Smith said about 17,000 customers will be affected by the change. Larger business customers and government agencies may still have access to Social Security numbers, Smith said.</p><p>ChoicePoint's 17,000 small business customers accounted for about 5 percent of annual revenue of $900 million. As a result of suspending sales to them, ChoicePoint said it expects a decline in core revenue this year of $15 million to $20 million.</p><p>"Clearly what we did over the last week was take a very hard look at our business," Smith said. "To the extent you could rewrite history, we wish we had would have done things differently."</p><p>Last month, ChoicePoint said it was notifying those people who may have been affected by the breach.</p><p>The company said Friday that the number of potentially affected customers may increase, but it doesn't believe the increase will be substantial.</p><p>ChoicePoint has said repeatedly it learned of the breach in October, but delayed disclosing it because it said California authorities had asked it to keep quiet to protect the fraud investigation.</p><p>It said in a detailed explanation Friday that it first learned of the possibility of fraud on Sept. 27.</p><p>A similar breach involving 7,000 to 10,000 ChoicePoint records occurred in 2002 but did not become public until reported by the Los Angeles Times earlier this week.</p><p>As for the SEC inquiry, ChoicePoint said the agency has notified the company that it is conducting an informal inquiry of the stock sales as well as the circumstances surrounding identity thefts in connection with the breach of its database.</p><p>Critics say ChoicePoint's vetting of small business customers was far too lax.</p><p>ChoicePoint said it will cooperate with the probe and "provide requested information and documents to the SEC."</p><p>The company also said the Federal Trade Commission is conducting an inquiry into its compliance with federal laws governing consumer information security and related issues.</p><p>The FTC has asked for information and documents regarding ChoicePoint's customer credentialing process.</p><p>The company said it is a defendant in several lawsuits and complaints arising from the breach. It said it could not estimate the financial impact on the company of the customer fraud and related events.</p>
