Atlanta ? The embattled data broker ChoicePoint Inc. said Friday that it was strictly limiting its sale of consumer information to small businesses, and the company’s chief executive said he did not learn of a major breach until several months after it was discovered.

CEO Derek Smith and company president Douglas Curling earned $16.6 million from sales in ChoicePoint stock after the company learned of the breach and before it was made public. The company announced Friday that the Securities and Exchange Commission was investigating the stock sales.

The breach involved scammers who posed as small business customers to access sensitive data that was used to steal people’s identities.

ChoicePoint collects data on individuals, including Social Security numbers, real estate holdings and current and former addresses. It has about 19 billion records, and its customers include insurance companies, financial institutions and federal, state and local agencies.

The company’s stock has dropped about 10 percent since the personal information breach was announced on Feb. 15. On Friday, ChoicePoint shares fell $2.63, or 6.5 percent, to close at $37.65 on the New York Stock Exchange.

CEO Smith said Friday that he did not personally learn of the breach until late January, though Los Angeles County detectives made their first arrest in the case in October.

“There is no way that a CEO can know everything that is going on as it relates to an operation,” Smith said. “I am not involved in the day-to-day operations of the business.”

Smith claimed ChoicePoint didn’t grasp the magnitude of the breach until this year.

Asked if he would resign over the matter, Smith said, “I have no intention of leaving the company.”

Corporate governance experts say the pattern and timing of the stock trading by Smith and Curling raise questions. ChoicePoint says it was prearranged under a plan approved by the company’s board that was announced on Nov. 3.

The personal information of 145,000 Americans may have been compromised in the breach, and authorities say about 750 of them were defrauded. The fiasco has fueled consumer advocates’ calls for federal oversight of the loosely regulated data-brokering business, and Capitol Hill hearings are due to be scheduled on the issue.

Last week, Smith said “we voluntarily found the breach (in October) and notified law enforcement.” He said Friday that he didn’t mean to include himself in that reference.

Smith said the decision to strictly limit information sales to small businesses followed “the response of consumers who have made it clear to us that they do not approve of sensitive personal data being used without a direct benefit to them.”

ChoicePoint said small businesses would only be permitted to purchase its data in limited cases such as where the products support federal, state or local government purposes. It said the company would no longer include Social Security numbers in the sales.

ChoicePoint’s 17,000 small business customers accounted for about 5 percent of annual revenue of $900 million.

Last month, ChoicePoint said it was notifying those people who may have been affected by the breach.

The company said Friday that the number of potentially affected customers may increase, but it doesn’t believe the increase will be substantial.

ChoicePoint has said repeatedly it learned of the breach in October, but delayed disclosing it because it said California authorities had asked it to keep quiet to protect the fraud investigation.

It said in a detailed explanation Friday that it first learned of the possibility of fraud on Sept. 27.

A similar breach involving 7,000 to 10,000 ChoicePoint records occurred in 2002 but did not become public until reported by the Los Angeles Times earlier this week.

As for the SEC inquiry, ChoicePoint said the agency had notified the company that it was conducting an informal inquiry of the stock sales as well as the circumstances surrounding identity thefts in connection with the breach of its database.

Critics say ChoicePoint’s vetting of small business customers was far too lax.

ChoicePoint said the Federal Trade Commission was conducting an inquiry into its compliance with federal laws governing consumer information security and related issues.

The FTC has asked for information and documents regarding ChoicePoint’s customer credentialing process.

The company said it was a defendant in several lawsuits and complaints arising from the breach.