Like I said yesterday, this sort of thing only becomes public when the fallout is too much to be disguised.

Quote of note:

Pressed by Sen. Dianne Feinstein (D-Calif.), Curling and Kurt P. Sanford, head of LexisNexis's corporate and federal markets group, agreed that were it not for the California law, consumers might never have been informed about more recent breaches.

Consumers Not Told Of Security Breaches, Data Brokers Admit
Senators Push for Notification Law
By Jonathan Krim
Washington Post Staff Writer
Thursday, April 14, 2005; Page E05

Executives of two major data brokers acknowledged to a Senate panel yesterday that their companies did not tell consumers about security breaches that occurred well before recent incidents exposed more than 400,000 people to possible identity theft.

ChoicePoint Inc. and LexisNexis also suffered breaches before passage of a California law in 2003 that requires companies doing business in the state to notify consumers that their data might be at risk, officials said. But the companies chose not to alert the public in those cases.

"Why not?" snapped Sen. Arlen Specter (R-Pa.), Judiciary Committee chairman.

"I can't explain it," replied Douglas C. Curling, president and chief operating officer of ChoicePoint.

"That's very, very disconcerting," Specter said.