Data Aggregator ChoicePoint Hit With Largest Fine Ever for Security Breach

By Published on .

WASHINGTON (AdAge.com) -– The Federal Trade Commission today reached a $15 million settlement with ChoicePoint for failing to properly protect consumers’ financial data nearly a year after the data aggregator revealed a security breach of its system.
ChoicePoint disclosed last February that accounts set up by people using fraudulent information had been used to access information involved in 800 identity theft scams.

In unveiling the settlement, which includes the FTC’s largest fine for a privacy breach -- $10 million -— FTC Chairman Deborah Platt Majoras said the agency next week will endorse legislation to extend privacy protections to cellphone records, though the FTC has no authority over telecommunications industries.

An important victory
Companies “must guard the front door as well as the back door from hackers,” Ms. Majoras said. “This is an important victory for consumers.”

ChoicePoint CEO Derek V. Smith said the breach “provided critical lessons from which ChoicePoint, and indeed the entire industry, has learned a great deal.”

ChoicePoint, whose information data is regularly used by marketers to target consumers, disclosed last February that accounts set up by people using fraudulent information had been used to access information on up to 162,000 consumers. The FTC said 800 consumers ended up being identity theft victims. ChoicePoint’s security breach became public because of a California law requiring the company notify state residents.

While much of the data ChoicePoint sells marketers is more limited, ChoicePoint also provided the fraudulent account holders some financial information whose disclosure is covered by a much stricter federal credit-reporting law. ChoicePoint has since cut back on the amount of that information it offers to its clients.

The FTC’s action against ChoicePoint is the third in recent months in which the agency has accused companies of violating the FTC’s fairness rules by failing to properly secure records.

Cellphone privacy
Similar privacy violation accusations have recently been lobbed at the cellphone industry. The easy availability of customer call information was dramatically illustrated by a Web site, www.americablog.com, which obtained the records of retired Gen. Wesley Clark by simply paying a fee to another Web site.

While the FTC has no authority over phone companies, a lack of action by the agency that does, the Federal Communications Commission, has prompted a congressional push for new legislation.

Ms. Majoras said today the FTC will testify at a congressional hearing next week and expects to have a policy statement on the proposed legislation.

Sen. Charles Schumer, D-N.Y., praised the settlement while also calling for legislation. “We shouldn’t have to wait for the next big theft to pass legislation to protect Americans,” he said.

ChoicePoint, besides paying the $10 million fine, will have to put aside $5 million to help victims of identity theft and also has to impose new safeguards including physical checks on the existence of companies that want its financial data.

Most Popular
In this article: