ChoicePoint Settles With 44 States Over Massive Data Breach

ChoicePoint Inc. (CPS) has settled with 44 U.S. states over a data breach that resulted in criminals potentially having accessed personal information from more than 145,000 consumers.

The company, which sells information about consumers to employers, marketers, and others, agreed to adopt stronger security measures and pay $500,000 to the states, Connecticut Attorney General Richard Blumenthal said in a statement.

ChoicePoint said in 2005 that criminals posing as legitimate businesses had accessed consumer data, including Social Security numbers and credit histories.

The Alpharetta, Georgia-based company was one of several to announce large-scale security breaches in 2005, making identity-theft a higher-priority issue for many legislators and regulators.

In a statement, ChoicePoint characterized the settlement as "fair and reasonable."

ChoicePoint's shares rose 13 cents to $43.75 in Thursday afternoon trading on the New York Stock Exchange.

"This does clear the air," said Brian Ruttenbur, an analyst at Morgan Keegan in Nashville.

The company trades at about 24 times its expected 2007 earnings, which is a relatively high multiple for its sector, Ruttenbur said.

Because ChoicePoint generates strong cash flow, there is talk of its potentially being bought by private equity firms, which is propping up its price, Ruttenbur said.

The attorneys general had alleged the company failed to adequately protect consumers' personal data.

In January 2006, ChoicePoint settled a case with the Federal Trade Commission involving the security breach.

Under that settlement, consumers can seek to be reimbursed for losses from identity theft.