ChoicePoint Hit With Large Fine For Data Theft

Lam1969 writes "The U.S. Federal Trade Commission has fined ChoicePoint $10 million for a data breach that allowed identity thieves posing as legitimate businesses to steal social security numbers, credit reports, and other data from nearly 140,000 people. This is the largest fine ever levied by the FTC. ChoicePoint also has to set up a 'trust fund' for people victimized by identity thieves. From the article: 'As part of its agreement with the FTC, ChoicePoint will also have to submit to comprehensive security audits every two years for the next 20 years.'" BusinessWeek has some background information on this breach.

What it should be for everyone

[ZachPruckowski]

'As part of its agreement with the FTC, ChoicePoint will also have to submit to comprehensive security audits every two years for the next 20 years.'

Every company should undergo a comprehensive security audit every two years. I mean, security in Jan 2004 is rather different from security in Jan 2002, and both are way different from security today. A system that might have been thought to be secure 2 years ago isn't so hot right now. If I ran a huge, profitable company, I would assign a few people to try to break into my company full-time.

Your identity is worthless to the feds

[MikeRT]

$10,000,000 / 140,000 victims = $71/person. We given fines in the tens of thousand to hundreds of thousands for crack/cocaine/meth, but apparently white collar crime that targets over one hundred thousand people is worth only $71/victim when the identity theft can cost them hundreds of hours of time regaining their identity/fixing records and a lot of grief in general. Not to mention the damage it does to the businesses hit by the scammers.