ChoicePoint settles with 43 states over data breach

Consumer data provider agrees to better security, periodic audits

ChoicePoint agreed to bolster security and conduct periodic audits in a settlement with 43 states and the District of Columbia stemming from a 2005 data breach in which the personal records of 163,000 consumers were compromised, various news outlets reported today.

Under the settlement, the provider of consumer data will require written certification for access to consumer reports and will conduct on-site visits to verify the legitimacy of some companies that request data, the Associated Press reported.

Matt Furman, ChoicePoint vice president for corporate communications, predicted the new security measures will ultimately be good for the company, which took a beating in the press after the data breach.

“The changes we are making as a result of our conversations with the states are clearly good for our business and, we expect, will ultimately be where the entire industry finds itself,” Furman said in a statement. “In fact, we will be watching with interest as the attorneys general expand their focus on these critical issues across every sector of our economy.”

The periodic audits ChoicePoint agreed to conduct will ensure that its customers in the business world are doing nothing improper with consumer data. ChoicePoint, which will also spend $500,000 for public-education campaigns about identity theft, did not admit to any wrongdoing in the settlement.

In early 2005, the records of 163,000 consumers were compromised after criminals pretending to be legitimate ChoicePoint customers sought details about individuals listed in the company’s database of personal information.

"This step marks a historic first -- the first time a data broker has agreed to safeguard certain sensitive publicly available information, including Social Security numbers, using the same credentialing methods as it uses to safeguard private financial information that is protected by law," Connecticut Attorney General Richard Blumenthal said in a statement quoted by the AP.

Beforeo today’s settlement, ChoicePoint agreed to pay $10 million in civil penalties and $5 million for consumer redress, and decided to limit the sale of information products containing sensitive consumer data, including Social Security and driver’s license numbers.

ChoicePoint apologized to consumers shortly after the breach and offered free credit monitoring, credit reports and identity-theft insurance to the 163,000 affected individuals.

Learn more about this topic

Data breaches plague U.S. companies


Victims of ChoicePoint data breach didn’t take advantage of free offers


A brief history of data breach apology letters


Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.