ChoicePoint To Pay $15 Million To SettleI.D. Theft Case

WASHINGTON - (01/27/06) – ChoicePoint, the data brokerthat set off a national debate after disclosing a data breach earlyin 2005, will pay $15 million in fines and penalties for allowinghackers to steal confidential records of more than 163,000consumers, the Federal Trade Commission announced Thursday. Thesettlement calls for ChoicePoint to pay a $10 million fine, thelargest ever levied by the FTC, and to set up a $5 million fund toaid victims of identity theft that resulted from the data breach.Claudia Bourne Farrell, a spokesman for the FTC, told The CreditUnion Journal they believe the incident resulted in at least 800consumers having their accounts compromised but did not know thetotal amount of unauthorized transactions. The FTC said thatChoicePoint turned over sensitive personal information tosubscribers whose applications raised obvious "red flags."ChoicePoint approved contracts with customers who used commercialmail drops as business addresses and reportedly used fax machinesat public commercial locations to send multiple applications forpurportedly separate companies, the FTC said. The FTC charged thatChoicePoint violated the Fair Credit Reporting Act by giving credithistories to subscribers who did not have a permissible purpose toobtain them, and by failing to maintain reasonable procedures toverify subscriber identities. ChoicePoint's data breachannouncement in February, spurred by a 2003 California breachnotification law, was the first of dozens of such announcements in2005.