The Atlanta-based company agreed to pay US$500,000 to the states, in addition to adopting new security controls, including more stringent credentialing requirements when considering new clients - businesses, government agencies or nonprofits - who want access to ChoicePoint’s stockpile of consumer information.
The agreement, announced Thursday by the attorneys general of a number of states, is the most recent fallout resulting from ChoicePoint’s failure to adequately protect private information from hackers posing as customers, who illegally accessed a database.
Matt Furman, a ChoicePoint spokesman, told SCMagazine.com that the settlement -which resulted out of an investigation launched by the attorneys general of 43 states and the District of Columbia - is another voluntary step the company is taking to rid itself of the stigma caused by the breach. The ChoicePoint incident is widely considered the watershed event in information disclosure.
"It's consistent with our efforts to make our security procedures even stronger," Furman said. "We want to make sure customers are who they say they are."
Attorneys general said the agreement will help further protect the nation's citizens.
"This settlement should set a new standard for any company entrusted with private, personally identifiable information," Connecticut Attorney General Richard Blumenthal said in a statement. "Data collection firms hold the key to our financial worlds – data that can irreversibly unlock our personal vault and expose us to identity theft."
The FTC has identified about 1,400 ChoicePoint fraud victims, who will be reimbursed for costs associated with identity theft. Early last year, the agency slapped ChoicePoint with a record US$15 million penalty for shoddy data protection - US$5 million of which will go to customer redress.
"Identity theft is one of the nation’s fastest growing criminal enterprises," Texas Attorney General Greg Abbott said Thursday in a statement. "With businesses and consumers losing billions of dollars each year, law enforcement must aggressively crack down on identity theft."
A ChoicePoint spokesman could not immediately be reached for comment.
ChoicePoint settles with 44 states over 2005 breach
By Dan Kaplan on Jun 4, 2007 10:37AM