http://www.ftc.gov/opa/2006/01/choicepoint.htm "For Release: January 26, 2006 ChoicePoint Settles Data Security Breach Charges; to Pay $10 Million in Civil Penalties, $5 Million for Consumer Redress At Least 800 Cases of Identity Theft Arose From Company�s Data Breach "
Two interesting things: They knew there were problems with subscribers as far back as 2001, and apparently didn't do anything about it (except collect money and turn their heads). They are prohibited from violating the FCRA. Does that mean that if someone gets your ChoicePoint report without permissible purpose, you should not only sue them, but make sure the FTC is notified as a violation of their order? And they paid the biggest fine in history. I guess that means more than CAMCO or any of the other CAs.
Depends on what category of fine. Look at, say, Providian, although that was OCC, and AGs, and mainly restitution: http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/06-28-2000/0001254751&EDATE=
