ChoicePoint Acquiesces Paying Fine to Settle Data Breach Suit

ChoicePoint Inc., the data brokerage company, said that it is ready to pay $10 Million as settlement towards a class-action lawsuit against it for allowing a security breach that exposed over 160,000 people's personal information. The company disclosed the data breach in early February 2005.

Alpharetta, Georgia-based ChoicePoint declared its settlement decision on January 25, 2008, and accompanied with it the company's financial estimates for Q4 of 2007. ChoicePoint, however, didn't admit that it was in any way answerable for the security failure under the legal settlement, which still awaits court's approval.

A spokesman for ChoicePoint said that the settlement includes a lawsuit from a shareholder filed against the company in the Georgian District Court of United States. All the other suits filed against ChoicePoint with respect to the data hack were earlier settled, cancelled, or resolved, the spokesman informed.

Meanwhile, the federal SEC, or Securities and Exchange Commission, announced in the fourth week of January 2008 that the agency had finished investigating ChoicePoint and that it would not enforce any legal action on the company.

The agency began the probe after Derek Smith, Chief Executive Officer and Doug Curling, Chief Operating Officer of ChoicePoint, got an estimated profit of $16.6 Million by selling the company's stocks before the disclosure of the breach on February 15, 2005.

Following the settlement, Deborah Platt Majoras, Chairman of the FTC, said that the fine the commission levied was the largest ever imposed. ComputerWorld reported this on January 28, 2008. Along with the fine, the FTC said that ChoicePoint must establish a trust fund of $5 Million to benefit those individuals who became victims of identity theft due to the breach. Further, ChoicePoint was required to conduct security audits at every interval of two years for the coming twenty years.

Deepak Taneja, CEO, Aveksa, told SCMagazineUS on January 28, 2008 that the incident of breach at ChoicePoint indicated how important it was to enhance corporate governance. He said that business teams and security teams need to jointly work towards developing appropriate mechanisms to secure enterprise data and allow only appropriate people to access such data.

» SPAMfighter News - 2/5/2008