ChoicePoint To Pay Up For Data Leaks And Keep On Going
from the who-does-this-help dept
ChoicePoint, the company that leaked the personal info of a huge number of people to identity thieves last year, will pay a $10 million fine to the FTC and put another $5 million in a fund to help victims of its security breach. The company, of course, has admitted no wrongdoing, but says it’s changed it policies in light of the leak. But given how the number of people the company said were affected kept growing and growing — even months later — and the fact that they’d sold information to scammers before, can they really be trusted? The government thinks so, apparently, having given ChoicePoint a huge IRS contract just a few months after the leak. So the company can just move right along, while victims could feel the effects for years to come, particularly since they have little recourse. Of course, fines like this one don’t really seem to be doing much, anyway — just yesterday a financial-planning firm said an employee’s laptop that was stolen contained personal information on 226,000 customers and financial advisers. Like ChoicePoint, it will probably just chalk up any fine as a cost of doing business.
Comments on “ChoicePoint To Pay Up For Data Leaks And Keep On Going”
FTC Wins!
How come the FTC gets more than the victims?
Hate me if you want...
…but I work for a CP subsidiary. I’ve been there less than a year, so I can’t speak to what was actually happening, but I can tell you this much – from talking to my coworkers, things are VERY different now than they were when the leak (sale of consumer data) was announced. Most of the details of the settlement agreement are already in place (e.g. “new procedures to ensure that it provides consumer reports only to legitimate businesses for lawful purposes, to establish and maintain a comprehensive information security program”).
The thing that gets me is that people keep coming back and bashing ChoicePoint, but don’t seem to have the same venom for the dozens of other companies and institutions that have reported leaks. Take, for instance, the University of Colorado. They have had three leaks in 2005 as well. How about LexisNexus – about 318,000 (more than ChoicePoint) potential victims. State of Georgia DMV, 465,000 potential victims. Wachovia, Bank of America, PNC Financial Services Group and Commerce Bancorp: 676,000 potential victims.
These numbers are from the Privacy Rights Clearinghouse page here (privacyrights.org) and I only picked a couple big ones that were related to people actively seeking the data (dishonest insiders, hacking, etc). You could just as easily point out Bank of America’s lost backup tape with 1.2 MILLION records on it, but that tape could justifiably be lost and not in the hands of a criminal.
Yes, CP did a bad thing. Yes, they will pay. Yes, their company name will be associated with data INsecurity for a long time to come. But just because they were the first big one, doesn’t mean they were the worst – just the one that was looked at the most.
Re: Hate me if you want...
The leaks you’re discussing and CP’s leaks were in a different league.
CP’s whole business is giving out data, and in this case, they were HANDING OUT the data to a group of crooks. That’s a lot worse than simply losing a backup tape or having an employee swipe some data. Your whole business is supposed to be with that data, and you’d think that you would take a lot more care of it.
That’s why people focus on CP.
ChoicePoint
Great post. It’s crazy that the IRS is working with ChoicePoint at the same time as the FTC is fining them. This is a lot like the IRS going after credit counseling agencies at the same time as credit counseling was included in the new bankruptcy law.
I recommend calling ChoicePoint today and requesting free copies of all your consumer reports.
CP & business costs
Totally ignorant question:
How does ChoicePoint’s $15m in punitive expenses balance against
the revenue CP got from illegally selling their victim’s personal data?
Those of us who are not CEOs, corporate bean counters, or identity thieves wonder.
Carlo’s ‘…cost of doing business’ closing remark hit the nail on the head.
Signs of the times: Enron, ChoicePoint, & the Whitehouse.