Join 3,433 readers in helping fund MetaFilter (Hide)


FTC imposes $10M fine against ChoicePoint for data breach
January 26, 2006 2:41 PM   Subscribe

FTC imposes $10M fine against ChoicePoint for data breach The U.S. Federal Trade Commission has fined ChoicePoint $10 million for a data breach that allowed identity thieves posing as legitimate businesses to steal social security numbers, credit reports, and other data from nearly 140,000 people. This is the largest fine ever levied by the FTC. ChoicePoint also has to set up a 'trust fund' for people victimized by identity thieves. From the article: 'As part of its agreement with the FTC, ChoicePoint will also have to submit to comprehensive security audits every two years for the next 20 years.'" BusinessWeek has additional info. Perhaps there might be hope for individual privacy after all. Let's all keep our fingers crossed.
posted by mk1gti (22 comments total)

 
fingers croxxed
posted by malaprohibita at 2:47 PM on January 26, 2006


Good, money is the only thing CP listens to.
posted by uni verse at 2:52 PM on January 26, 2006


Hope they have to pay all at once, if the FTC gives them a payment plan, that would be a joke.
posted by phredhead at 2:53 PM on January 26, 2006


So where will this fine money go? What will it be used for?
posted by redteam at 2:54 PM on January 26, 2006


This is the largest fine ever levied by the FTC

Toothless.
posted by public at 2:56 PM on January 26, 2006


ChoicePoint will also have to submit to comprehensive security audits every two years for the next 20 years.

What ? I guess it will go bankrupt much sooner then that. I supposed it's a limited liability company ?
posted by elpapacito at 2:58 PM on January 26, 2006


$10,000,000 = ~10% of ChoicePoints total equity right now.

They don't appear to have much cash lying around though. If their core business doesn't suffer too badly and their management can deal with the situation reasonably then they will probably survive.

$10,000,000 is a big deal, but it isn't terminal.
posted by public at 3:03 PM on January 26, 2006


In addition to the $10 million fine -- "ChoicePoint has been asked to set up a $5 million trust fund for individuals who might have become victims of identity theft as a result of the breach."
posted by ericb at 3:04 PM on January 26, 2006


What the FTC should do is allow US citizens to show up at their door and walk out the door with every single piece of data ChoicePoint has on them. I feel that ChoicePoint, a private corporation, has absolutely no right to harbor any data about me whatsoever.
Sadly it seems that there's diddly squat that we can do about it. :-|
posted by drstein at 3:05 PM on January 26, 2006


What the FTC should do is allow US citizens to show up at their door and walk out the door with every single piece of data ChoicePoint has on them.

Woah, what you don't have an equivelent of the UK's Data Protection Act in the USA?
posted by public at 3:10 PM on January 26, 2006


Yeah. There are still lawsuits to be sorted out, right?
posted by mr_roboto at 3:11 PM on January 26, 2006


I go for total liquidation of all assets.
"I'll have that desk over there, that computer monitor over there, oh I need a printer, an office chair, that painting on the wall, the credenza, a lamp, your secretary. . .
posted by mk1gti at 3:12 PM on January 26, 2006


Good luck collecting, FTC. Chances that Choice Point will appeal? What are the odds that all or part of this will ever be paid?
posted by fixedgear at 3:15 PM on January 26, 2006


Some info on ChoicePoints financial situation prior to the fine

On-going legal expenses related to the fraudulent data access are currently estimated at $4 to $6 million for 2006, exclusive of any potential settlements, with the majority of these expenses incurred during the first two quarters.

The FTC should really of totally beat them senseless over this, but I guess giving out massive fines to companies is a bit of a disincentive to big businesses to operate in America.

America is to morality as Monaco is to tax.
posted by public at 3:17 PM on January 26, 2006


Woah, what you don't have an equivalent of the UK's Data Protection Act in the USA?

Nope. Nothing of the sort.
posted by octothorpe at 3:40 PM on January 26, 2006


Thanks for the link, public.

One billion dollar total revenue in 2005 is nothing to sneeze at for a company that sells information ..it's clearly an interesting business even not considering the net profit margin.

Notice how the damage that may/may not be inflicted to the people whose data was stolen from Choicepoint may easily surpass a mere USD 5 million trust fund, which is the same as USD 35 for each person !

Also considering litigation costs (which I believe can be written off as exercise cost ? ) their lame security costed them maybe USD 20 Million ? It's a 'success' story no head will roll.

Now thinking again at their revenue..suddendly my personal info has more value to me.
posted by elpapacito at 3:42 PM on January 26, 2006


Why, oh why, is it legal for choicepoint to what they do, at all? I think that they are crooks, and the government that buys their info is crooked, for buying what they can't legally collect, and the "crooks" that got info, are just following suit.
posted by Oyéah at 4:07 PM on January 26, 2006


10 million is nothing--it should have been 100 million.
posted by amberglow at 4:34 PM on January 26, 2006


redteam: I assume this money will ultimately be funneled back to ChoicePoint in the form of voter roll "scrubbing" contracts. Granted, this is a federal agency fining them and the states handle their own rolls but, honestly, the machine is the machine.
posted by aaronetc at 5:22 PM on January 26, 2006


A few years ago, ChoicePoint acquired a company called Database Technologies (DBT Online).

DBT's most notable contract, involved, of all things, the 2000 presidential election in Florida. Specifically, vote suppression. (Some background at wikipedia)

Anyway, ChoicePoint's breach happened when "a small number of very well-organized criminals posed as legitimate companies to gain access to personal information about consumers."

Y'know, I don't even want "legitimate" companies using that information. Too bad ChoicePoint is going to continue doing this without our consent, at our cost, and with no compensation to us.

How about a corporate death penalty? Liquidate CP and use the funds to prosecute identity fraud and compensate its victims.
posted by kurumi at 5:51 PM on January 26, 2006


And that's their 1.4¢.
posted by NewBornHippy at 7:05 PM on January 26, 2006


Liquidate CP and use the funds to prosecute identity fraud and compensate its victims.
posted by kurumi at 5:51 PM PST on January 26


We only execute retarded people, not retarded companies.
posted by Optimus Chyme at 3:51 AM on January 27, 2006


« Older The Works of Nino Rota...  |  ...or why I wish I lived in En... Newer »


This thread has been archived and is closed to new comments