Office of the Attorney General
Attorney General Stumbo Reaches Settlement with ChoicePoint
Attorney General Greg Stumbo, along with the attorneys general of 43 other states, announced a settlement with ChoicePoint to resolve allegations that the company failed to adequately maintain the privacy and security of consumers’ personally identifiable information that was in its control.
ChoicePoint is a provider of identification and credential verification services to businesses, government and non-profit organizations. ChoicePoint, among other things, collects, maintains, and distributes consumers’ personally identifiable information. In February 2005, ChoicePoint announced that criminals posing as legitimate businesses gained access to consumers’ personally identifiable information. In the wake of these crimes, ChoicePoint, using the California breach notification law as a guide, mailed more than 145,000 notices to consumers across the country whose information may have been viewed or acquired by the criminals.
In January 2006, ChoicePoint settled a separate case with the Federal Trade Commission about the data breach, and paid $10 million in penalties and $5 million in consumer redress.
As part of the settlement with the states, ChoicePoint will make significant, ongoing changes in the way that the company credentials new customers who have access to personally identifiable information.
"We are pleased to join with the other states in reaching this settlement," said Attorney General Stumbo. "The changes required by this settlement will help consumers by providing better protection against wrongful access to their personal information at ChoicePoint. Separately from this settlement, this Office will continue to work with the Kentucky Legislature to enact a law requiring Kentucky's businesses and state agencies to notify consumers in the event of a breach of the security of their personal information."
Also as part of this settlement, ChoicePoint will pay $500,000 to the states. Kentucky will receive $5,500 of this payment for use to fund consumer education and enforcement of the consumer protection laws.
Redress pursuant to the FTC settlement is available for out-of-pocket expenses for identity theft that resulted from the ChoicePoint breach. The deadline to submit a redress claim form to the FTC is June 22, 2007. If consumers meet the eligibility requirements for redress, they can complete the redress form and submit that for consideration. More information is available at: http://www.ftc.gov/bcp/conline/cases/choicepoint/index.shtm
Examples of expenses for which consumers may be reimbursed under the FTC Order include:
- Unauthorized charges on existing accounts NOT covered by bank or credit card company
- Money paid on new accounts opened in consumer’s name
- Money paid to a debt collector on new accounts opened in consumer’s name
- Cost of ordering new checks
- Cost to file or receive copy of police report
- Notary fees
- Costs associated with correcting unauthorized charges and/or disputing incorrect information – telephone calls; mail, fax, photocopy charges; hourly fees for internet access; travel expenses.
Joining Kentucky in today’s settlement are: Alabama, Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Hawaii, Idaho, Illinois, Indiana, Iowa, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, South Dakota, Tennessee, Texas, Vermont, Virginia, Washington, West Virginia, Wisconsin and the District of Columbia.