ChoicePoint To Pay Up For Data Leaks And Keep On Going

from the who-does-this-help dept

ChoicePoint, the company that leaked the personal info of a huge number of people to identity thieves last year, will pay a $10 million fine to the FTC and put another $5 million in a fund to help victims of its security breach. The company, of course, has admitted no wrongdoing, but says it's changed it policies in light of the leak. But given how the number of people the company said were affected kept growing and growing -- even months later -- and the fact that they'd sold information to scammers before, can they really be trusted? The government thinks so, apparently, having given ChoicePoint a huge IRS contract just a few months after the leak. So the company can just move right along, while victims could feel the effects for years to come, particularly since they have little recourse. Of course, fines like this one don't really seem to be doing much, anyway -- just yesterday a financial-planning firm said an employee's laptop that was stolen contained personal information on 226,000 customers and financial advisers. Like ChoicePoint, it will probably just chalk up any fine as a cost of doing business.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Smelly, 26 Jan 2006 @ 1:58pm

    FTC Wins!

    How come the FTC gets more than the victims?

    link to this | view in chronology ]

  • identicon
    CP Employee, 26 Jan 2006 @ 8:13pm

    Hate me if you want...

    ...but I work for a CP subsidiary. I've been there less than a year, so I can't speak to what was actually happening, but I can tell you this much - from talking to my coworkers, things are VERY different now than they were when the leak (sale of consumer data) was announced. Most of the details of the settlement agreement are already in place (e.g. "new procedures to ensure that it provides consumer reports only to legitimate businesses for lawful purposes, to establish and maintain a comprehensive information security program").

    The thing that gets me is that people keep coming back and bashing ChoicePoint, but don't seem to have the same venom for the dozens of other companies and institutions that have reported leaks. Take, for instance, the University of Colorado. They have had three leaks in 2005 as well. How about LexisNexus - about 318,000 (more than ChoicePoint) potential victims. State of Georgia DMV, 465,000 potential victims. Wachovia, Bank of America, PNC Financial Services Group and Commerce Bancorp: 676,000 potential victims.

    These numbers are from the Privacy Rights Clearinghouse page here (privacyrights.org) and I only picked a couple big ones that were related to people actively seeking the data (dishonest insiders, hacking, etc). You could just as easily point out Bank of America's lost backup tape with 1.2 MILLION records on it, but that tape could justifiably be lost and not in the hands of a criminal.

    Yes, CP did a bad thing. Yes, they will pay. Yes, their company name will be associated with data INsecurity for a long time to come. But just because they were the first big one, doesn't mean they were the worst - just the one that was looked at the most.

    link to this | view in chronology ]

    • icon
      Mike (profile), 26 Jan 2006 @ 10:08pm

      Re: Hate me if you want...

      The leaks you're discussing and CP's leaks were in a different league.

      CP's whole business is giving out data, and in this case, they were HANDING OUT the data to a group of crooks. That's a lot worse than simply losing a backup tape or having an employee swipe some data. Your whole business is supposed to be with that data, and you'd think that you would take a lot more care of it.

      That's why people focus on CP.

      link to this | view in chronology ]

  • identicon
    Emily, 27 Jan 2006 @ 8:58am

    ChoicePoint

    Great post. It's crazy that the IRS is working with ChoicePoint at the same time as the FTC is fining them. This is a lot like the IRS going after credit counseling agencies at the same time as credit counseling was included in the new bankruptcy law. I recommend calling ChoicePoint today and requesting free copies of all your consumer reports.

    link to this | view in chronology ]

  • identicon
    eskayp, 27 Jan 2006 @ 1:56pm

    CP & business costs

    Totally ignorant question:
    How does ChoicePoint's $15m in punitive expenses balance against
    the revenue CP got from illegally selling their victim's personal data?
    Those of us who are not CEOs, corporate bean counters, or identity thieves wonder.
    Carlo's '...cost of doing business' closing remark hit the nail on the head.
    Signs of the times: Enron, ChoicePoint, & the Whitehouse.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.