Modernizing Authentication — What It Takes to Transform Secure Access
The Federal Trade Commission this week began cutting checks to people who were the victims of consumer data integrator ChoicePoint's most recent security gaffe, but the paltry settlement -- $18.17 apiece hardly atones for putting thousands of consumers' most sensitive data at risk.
In fact, according to the credit-monitoring service review site Fight Identity Theft, the settlement will barely cover the cost of just one month's worth of surveillance from a reputable credit-monitoring service.
In its statement announcing the payout, the FTC said an administrator is mailing checks to 14,023 people who were victims of ChoicePoint's failed effort to adequately secure consumers' social security numbers and other personal information as a condition of a prior settlement agreement made following the disastrous, high-profile breach in 2005 that exposed the data of more than 163,000 consumers.
That original debacle, in which ChoicePoint employees were duped into handing over consumers' most precious data to an organized identity theft ring, resulted in at least 800 victims having their names, addresses and social security numbers used for a variety of nefarious purposes and drew the wrath of Congress and consumer rights advocacy groups alike.
ChoicePoint, which was acquired by publisher Reed Elsevier in 2008, agreed to pay $10 million in civil penalties -- at the time the largest civil penalty in the agency's history -- and $5 million in "consumer redress" to the FTC in 2006 and agreed to maintain data security procedures to ensure consumer reports were provided only to legitimate businesses for lawful purposes. It was also ordered to obtain independent assessments of its data security program every year through 2026.
But in early 2008, an authorized person managed to access its database and conduct unauthorized searches. Again, ChoicePoint settled with the FTC and agreed to a modified court order that expanded its data security assessment and reporting responsibilities and to "compensate affected consumers for the time they may have spent monitoring their credit" in response to this latest breach.
That's what these $18.17 checks, or little more than $250,000 in total, are supposed to do.
However, it's worth noting that most credit-monitoring service firms charge between $4.95 and $14.99 a month to keep tabs on any unusual activity on a consumer's credit report, so the $18.17 check will likely be little solace to any of the more than 14,000 people affected.
On the bright side, the FTC said the "consumer redress" checks can be cashed directly by the recipients and advises that the agency "never requires the payment of money upfront or the provision of additional information," a sign that it's well aware that the simple process of paying out this tiny sum could possibly lead to other "419-style" scams perpetrated by other aspiring online con artists.
Follow eSecurityPlanet on Twitter @eSecurityP.