The regulatory action against ChoicePoint puts companies on notice that they "must guard the front door as well as guard the back door against hackers," FTC Chairman Deborah Platt Majoras said during a press conference in Washington.

ChoicePoint didn't admit to any of the FTC's allegations about the company's lack of compliance with security regulations. But in a statement, ChoicePoint CEO Derek Smith said the security breach "provided critical lessons from which ChoicePoint, and indeed the entire industry, has learned a great deal."

Smith added that over the past few months, the company has implemented "nearly all of the changes" required by the FTC. That includes a series of information security measures outlined on the company's Web site last week.

ChoicePoint disclosed the breach last February, saying that it had allowed a group of criminals posing as legitimate customers to gain access to personal information about consumers. The incident at ChoicePoint was the first in a series of high-profile breaches that has put information security squarely in the public eye.

Except for the financial penalties, the FTC's settlement with ChoicePoint is similar to deals it reached with Columbus, Ohio-based shoe retailer DSW Inc. in December and Natick, Mass.-based BJ's Wholesale Club Inc. last June. Both of those companies also agreed to beef up their IT security programs and undergo biannual security audits in the wake of data breaches.