ATLANTA – Nearly eight months after federal regulators touted a settlement they secured with ChoicePoint Inc. over a data breach, the government has not paid any money to victims from a $5 million fund that was to be set up as part of the agreement.
The Federal Trade Commission also has not yet implemented procedures for how the 800 fraud victims it has identified so far can apply for and receive compensation from the fund, nor has it hired anyone to administer the fund on behalf of the agency, said spokeswoman Claudia Bourne Farrell.
"That's under review," Farrell said Tuesday. Responding to an open records request by The Associated Press, Farrell said the commission is trying to develop a plan to distribute the money "expeditiously and efficiently."
Jessica Rich, assistant director of the FTC's division of privacy and identity theft, said in a statement released to AP on Wednesday that "law enforcement is still identifying victims and we want to make sure we have the right people."
"We are hoping to complete the process soon," Rich wrote.
The disclosure about the money not yet being distributed comes as the President's Identity Theft Task Force adopted interim recommendations on addressing the problem of identity theft. The interim recommendations, announced Tuesday and highlighted in an FTC news release, included extending restitution for victims of identity theft and helping victims get easier access to police reports about the misuse of their personal information.
Rep. Edward Markey, D-Mass., a member of the House Telecommunications and Internet Subcommittee who has authored legislation to protect consumers' personal information, said the FTC isn't moving fast enough.
Markey said the "victims should immediately receive the compensation they urgently need to protect themselves from exploitation by identity thieves." He added, "Further delay is unacceptable."
ChoicePoint spokesman Matt Furman said Wednesday, "Our goal has always been to respond to consumers, in whatever state they may live." He added, "We have full faith that the FTC is working hard to come up with a process to ensure that the money we contributed to help consumers is wisely spent for the benefit of anyone actually affected."
Alpharetta, Ga.-based ChoicePoint, which collects, sells access to and analyzes information on consumers, agreed Jan. 26 to pay the FTC $15 million to settle charges that the company's security and record-handling procedures violated consumers' privacy rights when thieves infiltrated the company's massive database.
The money included a $10 million fine — the agency's largest ever — and $5 million for the victims' fund. Furman said the company paid the money around the time of the settlement.
Settlement documents say the money for victims was to be deposited into a fund administered by the commission or its agent "to be used for equitable relief, including but not limited to consumer redress." Farrell said she assumes the 800 victims the agency identified would be eligible for payments. She was unable to say whether any victims have inquired about the fund.
The settlement also permitted the FTC to use money from the fund to pay any expenses from administering the fund. Farrell said no expenses have been paid.
The settlement said that any money from the fund not paid out to victims, for administrative expenses or for other unspecified relief would go into the U.S. Treasury. ChoicePoint doesn't have the right to challenge the FTC's use of the fund, the agreement says.
The data breach involved thieves posing as small business customers who gained access to ChoicePoint's database, possibly compromising the personal information of 163,000 Americans, according to the FTC. The company discovered the breach more than four months before disclosing it to the public in February 2005. ChoicePoint has said authorities asked it to keep the information secret initially.
The company did not admit to any wrongdoing in the FTC probe. Since the breach, ChoicePoint has made changes to its customer credentialing procedures and implemented safeguards designed to prevent another breach of its database, earning credit from some industry analysts. The company said it has learned a lot from the episode.
ChoicePoint's database, which contains Social Security numbers, real estate holdings and current and former addresses, has about 19 billion records. The company's customers include insurance companies, financial institutions and federal, state and local agencies.