[JURIST] The US Federal Trade Commission (FTC) [official website] announced [FTC press release] Thursday that ChoicePoint [corporate website] will be required to pay $10 million in civil penalties and $5 million to customers affected by last year's identity theft incident [JURIST report] as a result of making false and misleading statements to consumers regarding their information safety policies. The FTC charged ChoicePoint with violating the Fair Credit Reporting Act [text] by misrepresenting the security of their information database. As a result of a security weakness in the ChoicePoint database, hackers gained access to the personal information of over 163,000 ChoicePoint customers, leading to at least 5,000 cases of identity theft. The settlement obligates ChoicePoint to conduct comprehensive background checks for every business requesting access to the database, to establish and maintain a more effective information security system, and requires that outside security professionals audit the system every year until 2026. Read the complaint [PDF text] and the final judgement and order [PDF text]. CNET has more.