US government fines ChoicePoint $10M for data breach

26.01.2006
The U.S. Federal Trade Commission (FTC) has imposed a US$10 million civil penalty against data aggregator ChoicePoint Inc. for a massive data security breach that resulted in the compromise of nearly 140,000 consumer records last year.

In addition to the penalty, which FTC Chairman Deborah Platt Majoras described as the largest ever levied by the agency, ChoicePoint has been asked to set up a $5 million trust fund for individuals who might have become victims of identity theft as a result of the breach.

As part of its agreement with the FTC, Alpharetta, Ga.-based ChoicePoint will also have to submit to comprehensive security audits every two years for the next 20 years.

"This is an important victory for consumers," Majoras said. "This tells companies that they must protect sensitive consumer information. They must guard the front door as well as guard the back door against hackers."

ChoicePoint provides data to credit providers, government agencies, landlords and others who use personal information to grant loans, leases and other contracts.

It publicly acknowledged the data theft last February, but the incident itself took place in the fall of 2004. At the time it made the breach public, ChoicePoint said the theft happened when "a small number of very well-organized criminals posed as legitimate companies to gain access to personal information about consumers."