News Stay informed about the latest enterprise technology news and product updates.

ChoicePoint to pay $500,000 to settle with 43 states and D.C.

ChoicePoint, the international poster child for data breaches, has agreed to a settlement with 43 states and the District of Columbia as a result of the incident in 2004 in which 145,000 consumer records were stolen. The settlement requires the company to install more stringent measures to control its data, and pay a fine of…wait for it…$500,000. No, there aren’t any zeros missing from that number. Nor is it $500,000 per state. That’s $500,000 total, or about $3.45 per stolen record. And that money is going to the states themselves and not the consumers who were actually affected by the breach.

Granted, ChoicePoint also has agreed to pay a $10 million fine to the FTC, but consumers won’t see any of that money either. Nor will the banks and credit unions and other institutions who bore much of the cost of the incident. What will go to consumers is $5 million in redress the company agreed to pay last year. But the idea that a $500,000 settlement is a just outcome from this mess doesn’t add up. That’s not much of a deterrent for a company that pulled in more than $1 billion in revenue last year.

Before the news of the data breach broke in early 2005, most consumers had no idea that ChoicePoint even existed, never mind what kind of data the company was collecting and reselling. There are plenty of other companies out there doing much the same thing, and it’s difficult to know what they’re doing to protect that data. But maybe they’d be better off in another line of business. Demand for stolen credit card numbers, Social Security numbers and bank account info is high right now, but so is the supply. If that supply should somehow begin to dry up, it may make more financial sense for companies to sell their records directly to the identity thieves, and then pay the fines on the back end if they ever get caught.

Technorati Tags: , , , ,

Join the conversation


Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

I find it hard to fathom why everyone calls this a "data breach". There was no breach here, they handed the information over to the thieves. This gives people the impression they were hacked into or had a laptop stolen etc. This company was guilty of poor controls, lack of adequate procedures, and mismanagement. This was really a breach of trust.
An excellent point, Michael. I'm not sure what the right phrase is, but maybe security lapse or breakdown is closer to the truth.