honoluluadvertiser.com

Sponsored by:

Comment, blog & share photos

Log in | Become a member
The Honolulu Advertiser
Posted on: Friday, January 27, 2006

Data broker hit with record $15M penalty

By Joseph Menn
Los Angeles Times

The Federal Trade Commission yesterday fined ChoicePoint Inc. $15 million to settle charges stemming from a major data breach last year.

JOHN AMIS | Associated Press

spacer spacer

The Federal Trade Commission hit data broker ChoicePoint Inc. with the largest civil penalty in the agency's history yesterday for allowing sensitive information on 163,000 consumers to get into the hands of Los Angeles con artists last year.

The commission levied a $10 million penalty, on top of $5 million in restitution, making the total worth more than 10 percent of the company's profit last year. The agency declared that the company gave false assurances to the public about its security precautions while being so careless that it sold information to a purported business customer whose own ChoicePoint file identified a link to possible fraud.

Other con artists posing as customers applied for multiple accounts from the same publicly available fax machine, submitted revoked business licenses and in at least one case omitted the applicant's surname, according to the commission.

While some of the FTC's allegations were previously reported, many of the details were new, including complaints that the company failed to inquire after would-be customers applied with suspended articles of incorporation, mismatching addresses on supporting documents, and contact numbers belonging to residential or cellular phones.

Revealed because of a California disclosure law, the ChoicePoint breach launched a national debate about data security that has prompted new laws in more than a dozen states and 18 pieces of proposed federal legislation.

Most are aimed at making it harder for identity thieves to get Social Security numbers and other information that can be used to open credit accounts and make fraudulent purchases in the names of innocent consumers.

In announcing yesterday's settlement, FTC Chairwoman Deborah Platt Majoras said the commission wanted to serve notice to other businesses that consumer information must be protected.

Data security "must be a priority for financial and corporate America," she said. She also signaled that the agency would continue to lead in the enforcement of identity theft.

The action generally won praise from consumer groups. The penalty "is a lot of money," even for a big company like ChoicePoint, said Chris Hoofnagle, West Coast director of the nonprofit Electronic Privacy Information Center. "It shows that the FTC is getting serious about security."

ChoicePoint still faces several private lawsuits over the data breach. The Securities and Exchange Commission also is investigating whether Chairman Derek Smith and another top executive improperly sold company shares before the breach became public.

The FTC cited ChoicePoint for violating the Fair Credit Reporting Act, which requires buyers of credit reports to have a proper purpose, and for violating basic fair-practices laws.

In legal papers filed with the settlement, the FTC said ChoicePoint improperly released nearly 10,000 credit reports and that about 800 cases of identity theft resulted. The $5 million in restitution will be distributed to those people and future victims of the data breach.

ChoicePoint didn't admit to the FTC assertions or to any wrongdoing in the settlement. It did agree to revamp its procedures in several ways, including instituting mandatory visits to many customers.

Even after a charge for the penalty, the Alpharetta, Ga., company yesterday reported fourth-quarter earnings of $28 million on revenue of $258 million.

ChoicePoint shares dropped $3.35, or 7 percent, to $42.95 after the settlement was announced.