Choicepoint to pay $15m for data breach

US credit data firm ChoicePoint will pay $15 million to settle charges that it failed to adequately protect customers' financial information following a data breach where a gang of criminals posing as businessmen managed to gain access to around 163,000 personal records.

  0 Be the first to comment

Choicepoint to pay $15m for data breach

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The US Federal Trade Commission (FTC) says Choicepoint has agreed to pay $15m - which consists of $10 million in civil penalties and $5 million to compensate customers - to settle charges that its security and record-handling procedures violated consumers' privacy rights and federal laws.

The FTC says at least 800 cases of identity theft arose from the data breach, which occured in late 2004.

In a statement, FTC says ChoicePoint did not have reasonable procedures in place to screen prospective subscribers and turned over consumers' sensitive personal information to individuals who raised obvious 'red flags'.

The FTC alleges that ChoicePoint approved individuals who lied about their credentials and used commercial mail drops as business addresses. Applicants also reportedly used fax machines at public commercial locations to send multiple applications for purportedly separate companies.

The settlement requires ChoicePoint to implement new screening procedures for subscribers, to establish and maintain a comprehensive information security programme, and to obtain audits by an independent third-party security professional every other year until 2026.

Commenting on the settlement, Deborah Platt Majoras, chairperson of the FTC, says: "The message to ChoicePoint and others should be clear: Consumers' private data must be protected from thieves."

News of the settlement coincides with an earlier announcement from brokerage firm Ameriprise Financial that a laptop containing personal financial information on around 158,000 clients was stolen from an employee's vehicle.

Ameriprise, which was spun off from American Express last year, says it has mailed notification letters to approximately 158,000 clients whose names and internal account identification numbers were stored in a data file on the laptop computer.

The laptop - which was stolen in late December - also contained the names and social security numbers of an unspecified number of current and former financial advisers, who are also being notified of the theft.

Ameriprise says client accounts could not be accessed with the information stored on the file and it believes the theft was "a random criminal act".

Sponsored [New Report] Managing Fraud Risks with Synthetic Data: A Practical Approach for Businesses Services Industry

Related Company

Keywords

Comments: (0)

[Webinar] PREDICT 2025: The Future of AI in the USFinextra Promoted[Webinar] PREDICT 2025: The Future of AI in the US