Choicepoint Agrees To Better Protect Consumers' Info, Announces North Carolina AG Cooper

AG wins changes to help prevent identity theft from company whose 2005 breach compromised information about 145,000 consumers

May 31, 2007 -- Raleigh -- North Carolina Attorney General Roy Cooper along with the attorneys general of 43 other states today announced that ChoicePoint has agreed to make changes to better protect consumers’ personal information. “Businesses that have our personal information need to be careful how they use it and who they share it with,” said Cooper. “We’ll keep pushing companies and government agencies to do a better job of keeping our information from falling into the wrong hands.”

Article continues below...

Today’s agreement resolves allegations made following a major security breach that ChoicePoint failed to adequately protect personal information that was in its control, placing people at greater risk of identity theft. In February 2005, ChoicePoint announced that criminals posing as legitimate businesses had gained access to personal information such as Social Security Numbers and driver’s license numbers for more than 145,000 consumers through ChoicePoint. At the urging of Cooper and other attorneys general, ChoicePoint notified people including North Carolinians whose information may have been viewed or acquired by the criminals.

ChoicePoint is a Georgia-based company that compiles information about consumers that is used by business, government and non-profit organizations to verify someone’s identity or check their credentials. Under the agreement, ChoicePoint will make a number of significant changes in the way it checks out new customers who want access to personal information. ChoicePoint will now require written certification of a customer’s identity and the purpose behind their request before releasing information. In addition, the company has agreed to audit customers’ use of its data, and to conduct extra checks including on-site visits when needed to any customers whose activity raises a red flag. The company will also pay $500,000 to the states. The Federal Trade Commission previously took action against ChoicePoint and the company resolved that case in January 2006 by paying $10 million in penalties and $5 million to a fund for consumers. Consumers who became victims of identity theft due to the ChoicePoint breach have until June 22, 2007 to apply to the FTC for repayment of their out-of-pocket expenses, such as money paid on new accounts opened by the thief in their name or costs associated with filing a police report or correcting unauthorized charges. More information is available at: http://www.ftc.gov/bcp/conline/cases/choicepoint/index.shtm.

The ChoicePoint breach also led Cooper to push for new laws that require businesses and state and local governments to notify North Carolinians when their personal information may have been lost or stolen. A total of 115 security breaches have been reported to Cooper’s Consumer Protection Division since those laws took effect.

Source: North Carolina Attorney General