It also said later that was taking steps to better protect customer data, pointing to a "rigorous re-credentialing of broad categories of customer accounts," as well as changes that included masking or truncating sensitive personal identifier information, such as Social Security numbers and driver's license numbers.

The $10 million penalty is being levied for violations of the Fair Credit Reporting Act (FCRA), Majoras said. Though ChoicePoint collected and maintained billions of pieces of consumer data -- including consumer names, Social Security numbers as well as bank and credit card details -- the company failed to implement reasonable procedures for protecting the data, she said.

In its decision, the FTC slammed ChoicePoint, saying it did not have reasonable procedures in place to screen prospective subscribers, and turned over sensitive personal information to subscribers whose applications raised obvious 'red flags.' The FTC said ChoicePoint approved customers to its service who lied about their credentials and used commercial mail drops as business addresses. In addition, the applicants reportedly used fax machines at public commercial locations to send multiple applications for separate companies.

According to the FTC, ChoicePoint also failed to tighten its application approval procedures or monitor subscribers, even after it got subpoenas from law enforcement authorities alerting it to fraudulent activity that dated back to 2001.

The agency also charged that ChoicePoint violated the FTC Act by making false and misleading statements about its privacy policies.