2,750 Maryland Residents Personal Data Were Placed at Risk When Choicepoint Sold Information to Fraud Ring in 2005
BALTIMORE, Md. - Attorney General Douglas F. Gansler announced on Monday that his Consumer Protection Division, along with the offices of 43 other attorneys general, have entered into a settlement with the company ChoicePoint to resolve allegations that the company failed to adequately maintain the privacy and security of consumers personal information that was in its control.
ChoicePoint gathers personal information such as credit information, social security numbers, employment history, and information from court records on individuals nationwide. The largest data broker in the country, Choicepoint maintains and sells information to businesses and government agencies.
In February 2005, ChoicePoint announced that it had experienced a major security breach, and that a fraud ring had gained access to its database. Over the course of a year, posing as legitimate businesses, the ring gained access to approximately 150,000 personal records, and of those, 2,750 Maryland residents personal data were placed at risk. The ring used some consumers personal credit information to buy items such as jewelry, consumer electronics, and computers. In the wake of these crimes, ChoicePoint, mailed more than 145,000 notices to consumers across the country whose information may have been viewed or acquired by the criminals.
This settlement requires ChoicePoint to make significant, ongoing changes in the way that the company credentials new subscribers to its services. The scope of this settlement is broader than the settlement ChoicePoint entered into with the Federal Trade Commission (FTC) in January 2006, and imposes additional requirements:
ChoicePoint is prohibited from misrepresenting the extent to which it will maintain and protect the privacy and security of consumers personal information;
ChoicePoint must ensure the legitimacy of a subscribers business before allowing access to personal information and must develop red-flag indicators of fraudulent applications; and
ChoicePoint must conduct audits of all new subscriber activity and random audits of all subscriber activity on at least 10% of subscribers each year, and perform audits of certain subscribers if red flags are present in the subscribers activity.
An individuals personal information should never be put at risk by companies who gather this type of information, said Attorney General Gansler. These types of data collection companies have the responsibility of taking all steps necessary to ensure that the data is protected. Redress pursuant to the FTC Order is available for out-of-pocket expenses for identity theft that resulted from the ChoicePoint breach. The deadline to submit a redress claim form to the FTC is June 22, 2007. More information is available at http://www.ftc.gov/bcp/conline/cases/choicepoint/index.shtm .
The other states entering into todays settlement are: Alabama, Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Hawaii, Idaho, Illinois, Indiana, Iowa, Kentucky, Louisiana, Maine, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, South Dakota, Tennessee, Texas, Vermont, Virginia, Washington, West Virginia, Wisconsin and the District of Columbia.
Source: Md. Attorney General Douglas F. Gansler