ChoicePoint must pay $15 million in wake of ID thefts.
Sacramento Bee (California)
Data Broker ChoicePoint Inc. will pay $15 million to settle federal charges that its lax security practices allowed California identity thieves to steal the private information of about 163,000 Americans, the Federal Trade Commission said Thursday.
ChoicePoint will pay $10 million – the largest civil penalty in FTC history — for massive data security breaches that took place after its staff ignored several red flags, the federal regulator said.
The firm, based in suburban Atlanta, will also pay $5 million to compensate consumers affected by its lapses.
That includes 800 people who became identity theft victims after the ChoicePoint breaches in 2004.
“The message to ChoicePoint and others should be clear: Consumers’ private data must be protected from thieves,” FTC Chairwoman Deborah Platt Majoras said.
“Protecting it is a priority for the FTC, as it should be to every business in America,” she said after FTC members voted 5-0 to approve the settlement.
Carmen Balber, a staffer with the Santa-Monica-based Foundation for Consumer and Taxpayers Rights, said the $15 million penalty is a victory for all consumers.
“If they don’t protect the information, now they know they will pay,” she said.
The security breach occurred in Los Angeles and was not immediately disclosed by the company.
When the news did get out a year ago, it triggered a national furor about privacy in the digital age, congressional hearings and new federal and state laws.
ChoicePoint collects and sells personal information about consumers, including their names, Social Security numbers, birth dates, addresses, employment information and credit histories.
Clients include more than 50,000 businesses and governments.
News of the settlement – under which the company admitted no wrongdoing — and a bad earnings report drove ChoicePoint shares down 7 percent. The stock dropped $3.35 to close at $42.95.
ChoicePoint’s fourth-quarter profit for the period that ended Dec. 31 fell to $27.6 million on revenue of $257.8 million.
It had a $39.2 million profit on $232.5 million in sales a year ago.
ChoicePoint’s chief administrative officer, Steven W. Surbaugh, said the news wasn’t all bad: The company’s revenues hit a record $1 billion in 2005, up 15 percent.
The FTC alleged that ChoicePoint repeatedly failed to properly screen its clients to determine if they had a legal right to access the databases.
The FTC added that, even after receiving subpoenas from law enforcement agents alerting it to fraudulent activity going back to 2001, ChoicePoint still failed to tighten its security procedures.
The agency also charged that ChoicePoint violated federal law by falsely assuring the public its privacy and security policies were sound when they were not.
In reality, the FTC said, ChoicePoint did few checks on the Los Angeles thieves who applied for multiple database accounts using public fax machines and mail drops.
The settlement requires ChoicePoint to visit its clients more often to ensure databases are not being misused.
It must also subject itself to an independent security audit every two years for the next 20 years.
——————
The Bee’s Andrew McIntosh can be reached at (916) 321-1215 or [email protected]
