ChoicePoint, a US-based credit checking service, has been fined $15 million by the Federal Trade Commission (FTC) after hackers gained access to personal financial records of more than 163,000 of its customers.
The FTC was concerned that ChoicePoint had failed to implement sufficient security measures in authenticating new customers. “Obvious red flags”, such as companies registered at post office boxes rather than genuine addresses, were ignored, it reported.
The $10 million fine in civil penalties is the largest fine of its type ever to be imposed by the FTC. ChoicePoint will also have to pay a further $5 million to a fund set up to compensate affected consumers.
ChoicePoint is now obliged to demonstrate improvements in its security procedures, and will be audited every other year until 2006.
“The message to ChoicePoint and other should be clear,” said Deborah Platt Majoras, the chairman of the FTC. “Consumers’ private data must be protected from thieves.”
The company offers authentication and verification for credit card transactions designed to “reduce fraud and mitigate risk”. Hackers were able to sign up as legitimate collection agencies looking to check customers’ credit ratings, leading to 900 instances of identity theft.