Oct 26 2009

ChoicePoint fined for security breach

Category: Security BreachDISC @ 1:10 pm

Seal of the United States Federal Trade Commis...
Image via Wikipedia

Into The Breach; Protect Your Business by Managing People,

Atlanta Business Chronicle reported on Monday, October 26, 2009 that ChoicePoint Inc. will pay federal regulators $275,000 for a data breach in 2008 that compromised the personal information of 13,750 people and put them at risk of identify theft, the Federal Trade Commission reported.

The company, now owned by Reed Elsevier Inc., also agreed to strengthened data security requirements. ChoicePoint now must report to the FTC every two months for two years detailed information about how it is protecting the breached database and certain other databases and records containing personal information.

The moves settle Federal Trade Commission charges ChoicePoint failed to implement a comprehensive information security program protecting consumers’ sensitive information, as required by a previous court order.

In April 2008, ChoicePoint turned off a key electronic security tool used to monitor access to one of its databases, and for four months failed to detect that the security tool was off, according to the FTC. During that period, an unknown person conducted unauthorized searches of a ChoicePoint database containing sensitive consumer information, including Social Security numbers. The searches continued for 30 days. After discovering the breach, the company brought the matter to the FTC’s attention.

The FTC alleged that if the security software tool had been working, ChoicePoint likely would have detected the intrusions much earlier and minimized the extent of the breach. The FTC also claimed ChoicePoint’s conduct violated a 2006 court order mandating that the company institute a comprehensive information security program reasonably designed to protect consumers’ sensitive personal information.

The FTC’s prior action against ChoicePoint involved a data breach in 2005, which compromised the personal information of more than 163,000 consumers and resulted in at least 800 cases of identity theft. The settlement and resulting 2006 court order in that case required the company to pay $10 million in civil penalties and $5 million in consumer redress.

Choice Point Victim
httpv://www.youtube.com/watch?v=90qWVtAuE_A

Reblog this post [with Zemanta]

Tags: ChoicePoint, Choicepoint breach, ChoicePoint fined, Federal Trade Commission, FTC, Identity Theft, Reed Elsevier, Security Breach, social security, Social Security number