Demonstrating how vulnerable Americans’ personal data is to a breach, the Federal Trade Commission (FTC) has announced a settlement with ChoicePoint, one of the largest data brokers in the U.S., stemming from charges that the company failed to implement a comprehensive information security program protecting consumers’ information.
The FTC said that the company had been required to put the program in place by a previous court order. Ultimately, the failure led to data breach in 2008 that compromised the personal information of 13,750 people and put them at risk of identity theft.
ChoicePoint is now subject to a modified court order that expands its data security assessment and reporting duties, and the company will pay a $275,000 fine.
According to the commission, ChoicePoint turned off a key electronic security tool used to monitor access to one of its databases in April 2008, and it failed to detect that the security tool was off for four months. During that period, an unknown person conducted multiple unauthorized searches of the database containing sensitive consumer information, including Social Security numbers.
The company contacted the FTC after it discovered the breach.
The FTC claims that if the security software tool had been enabled, ChoicePoint likely would have detected the breach in a timely manner and minimized its impact.