The Federal Trade Commission has announced that it has sent claims forms to more than 1,400 consumers who may have had out-of-pocket expenses due to identity theft connected with alleged security lapses at ChoicePoint Inc.
Earlier this year, Alpharetta, Ga.-based ChoicePoint, a major supplier of consumer data to the insurance industry, reached a settlement with the FTC to pay $10 million in civil penalties and $5 million in consumer redress to settle FTC charges that its security and record-handling procedures violated consumers' privacy rights and federal laws, the agency said.
According to an FTC statement, the fine represented "the largest civil penalty in FTC history."
ChoicePoint last year acknowledged that personal financial records of more than 163,000 consumers in its database had been compromised.
In 2004, criminals posing as legitimate businesses were reported to have accessed critical personal data being stored by ChoicePoint, which "maintains databases of background information on virtually every U.S. citizen," FTC said.
The $5 million in consumer redress will be used "to reimburse consumers for expenses due to identity theft caused by ChoicePoint's security breach," said the FTC.
"With the assistance of law enforcement agencies," the agency noted, it identified consumers who may have incurred expenses due to the security breach and was sending "claims forms for reimbursement" to them.
The FTC added that consumers who do not receive forms by Dec. 15, but who believe they have identity-theft-related expenses due to the ChoicePoint incident, may also download and submit a claim form. All claims forms must be postmarked by Feb. 4, 2007 to be considered for reimbursement, said the FTC. The forms are available at www.ftc.gov/choicepoint, or consumers may call 1-888-884-8772.
Examples of eligible out-of-pocket expenses include money paid on fraudulent accounts opened in a consumer's name, the cost of ordering new checks, and the cost of obtaining a police report, the FTC said.
Other expenses may include unauthorized charges on existing accounts not covered by a consumer's bank or credit card company; money paid to a debt collector for fraudulent accounts; cost of phone calls, faxes, e-mails, copies and travel expenses related to trying to straighten out affected accounts; the cost of a credit monitoring service, including identity theft insurance; and lost disability or unemployment insurance payments as a result of the identify theft.
According to the FTC, ChoicePoint "sells to more than 50,000 businesses the personal information of consumers, including their names, Social Security numbers, birth dates, employment information and credit histories."
For its part, ChoicePoint denied that it keeps or maintains "credit reports, banking records, credit card transaction data, or any other private financial information on consumers."
Since the breach, ChoicePoint has cited a number of privacy enhancements that have been or are being made by the company.
The changes include: discontinuing sale of products that contain "sensitive personally identifiable information (e.g., Social Security and drivers' license numbers) in selected markets, at a cost of $15-to-$20 million in revenue," ChoicePoint said.
The company said it altered processes for distributing sensitive information, established a centralized corporate credentialing center, strengthened credentialing procedures and is "recredentialing" existing customers.
It also said it has a new policy for response and notification to consumers in the event of a security breach, enhanced network security, and additional encryption technology.
The company said it has created an "independent chief credentialing, compliance and privacy officer" position.
Further information for consumers is available by e-mailing cpredress@ftc.gov.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.