In 2004, the data broker ChoicePoint was the target of a
security breach that affected 160,000 consumers and resulted in 800 cases of identity theft. In
addition to fines and consumer compensation payments, the Federal Trade Commission (FTC) required
ChoicePoint to implement a stronger security program to prevent the breach from
happening again.
Now, according to Bank Info Security, ChoicePoint’s failure to comply with FTC security
regulations has earned them another fine of $275,000. In explaining the fine,
the FTC described a second data breach that occurred in 2008 and that could
have been detected and addressed much sooner had the broker not disabled an
electronic security monitor. The personal identifying information of 13,750
people was compromised as a result of nearly a month of hacking that went
unnoticed by ChoicePoint.
In addition to the large fine, the FTC is requiring
ChoicePoint to regularly report its methods of database security in detail over
the next two years—a measure which mandates independent reviews of the
company’s security procedures every other year until 2026.