ChoicePoint Fraud Illustrates Identity Threat

ByABC News
February 16, 2005, 4:42 PM

Jan. 26, 2006 — -- The shaky security surrounding companies that aggregate U.S. consumers' personal and credit information has stoked fears of identity theft, and today one of the biggest companies, ChoicePoint Inc., paid the price for a breach in its security. The Federal Trade Commission announced that ChoicePoint would pay $15 million to settle charges it violated consumer privacy rights and federal laws.

When ChoicePoint announced last year it had informed more than 30,000 Californians that their personal and financial information had been compromised by thieves who had accessed the company's database, alarms went off for the consumers affected. But many privacy advocates were far from shocked.

ChoicePoint is a Georgia-based data collection firm that compiles personal and credit information about individuals and then sells access to its database to government agencies and businesses. Under California law, data collection companies like ChoicePoint must notify the state's residents when security breaches involving their personal data occur. In October 2004, the company discovered that identity thieves masquerading as legitimate corporations were given access to the Social Security numbers, credit reports, and personal information of thousands of Californians.

The company sent out about 35,000 notification letters last February, and ChoicePoint later sent letters to an additional 110,000 consumers who might have been affected, including some outside of California.

"We take this very seriously. We're not trying to shy away from it," ChoicePoint spokesman James Lee said last year after the notification letters were initially sent out.

The personal records of 145,000 consumer were potentially compromised, according to a settlement agreement announced today by the FTC. The settlement includes a $10 million fine and an additional $5 million in compensation to be paid to consumers.

Though most consumers follow guidelines to protect sensitive information like banking and credit card account numbers, anyone is susceptible to an incident like the ChoicePoint fraud, privacy experts say.

"Ultimately, this is a good example of the unfortunate situation that there really is no way an individual can prevent theft," said Beth Givens, director of Privacy Rights Clearinghouse, a consumer advocacy group based in San Diego. "They can reduce risk by doing all those things we tell them to do. But you can't prevent identity theft -- you can only reduce your risk."