The FTC said it had fined the Alpharetta, Ga.-based company $10 million and that Choicepoint would pay an additional $5 million that will be used to compensate consumers.
Choicepoint had that its massive database of consumer information was accessed by thieves.
The data breach involved thieves posing as small business customers who gained access to ChoicePoint's database, possibly compromising the personal information of 145,000 Americans. The FTC said the number now stands at 163,000. The company discovered the breach more than four months before disclosing it to the public in February 2005. ChoicePoint has said authorities asked it to keep the information secret initially.
Authorities have said at least 750 people were defrauded in the scam that has fueled consumer advocates' calls for federal oversight of the loosely regulated data-brokering business. The FTC said the number of victims now stands at about 800, but ChoicePoint has noted that charges brought in Los Angeles against one of the thieves involve only 16 victims. The company also is a defendant in several lawsuits and complaints arising from the breach, and several government agencies are investigating.
"The message to ChoicePoint and others should be clear: Consumers' private data must be protected from thieves," Deborah Platt Majoras, chairman of the FTC, said Thursday in a statement.
The $10 million fine is the largest ever levied by the FTC, Majoras said during a news conference. Previously, the largest FTC fine was for $7 million against Boston Scientific related to competition issues, she said.
"This is an important victory for consumers," Majoras said.
The settlement requires ChoicePoint to implement new procedures to ensure that it provides consumer reports only to legitimate businesses for lawful purposes; to establish and maintain a comprehensive information security program; and to obtain audits by an independent third-party security professional every other year until 2026.
The company, which is also is the subject of a pending Securities and Exchange Commission probe, did not admit to any wrongdoing in the FTC probe.
ChoicePoint collects data on individuals, including Social Security numbers, real estate holdings and current and former addresses. It has about 19 billion records, and its customers include insurance companies, financial institutions and federal, state and local agencies.
The SEC is examining stock trades by Derek Smith, ChoicePoint's chief executive officer, and Doug Curling, chief operating officer. Curling and Smith made a combined $16.6 million in profit in the months after the company learned of the data breach and before the breach was made public.
ChoicePoint has said the stock trading was prearranged and approved by the company's board. Company officials said Thursday they continue to cooperate with the SEC probe. They did not give details of the status of the probe.
The settlement came hours after the company reported its fourth-quarter profit fell more than 29 percent.
For the three months ending Dec. 31, ChoicePoint said Thursday it earned $27.68 million, or 30 cents a share, compared to a profit of $39.22 million, or 43 cents a share, for the same period a year ago.
The results missed Wall Street expectations.
Excluding one-time expenses related to the data breach announced in February 2005, ChoicePoint said it earned $39.74 million, or 44 cents a share. On that basis, analysts surveyed by Thomson Financial were expecting earnings of 45 cents a share.
Revenue rose 11 percent to $257.85 million, compared to $232.46 million a year ago.
For all of 2005, ChoicePoint said it earned $140.66 million, or $1.53 a share, compared to a profit of $147.96 million, or $1.62 a share, for the same period a year ago. Twelve-month revenue rose to $1.06 billion, compared to $918.71 million in 2004.
ChoicePoint said it expects 2006 full-year internal revenue growth to be in the 7 percent to 9 percent range, exclusive of any acquisitions.