The U.S. Federal Trade Commission (FTC) is looking for victims of a data breach at ChoicePoint announced in early 2005.

Victims with out-of-pocket expenses due to the breach have until Aug. 18 to file claims and be eligible for payments from a $5 million fund that ChoicePoint agreed to pay in its January 2006 settlement with the FTC.

The FTC has now mailed reimbursement claim forms to 2,400 consumers who may have been victims of identity theft due to the breach, the agency said in a speech. The FTC has mailed claim forms to 1,000 consumers since December 2006, it said.

In addition, the FTC has created a Web site where consumers who do not receive a claim letter can download a claim form and get more information about the claims process.

Data broker ChoicePoint announced in early 2005 that identity thieves had set up fake businesses as a way to buy personal information from the company. The breach, affecting about 163,000 U.S. residents, set off a debate in the U.S. Congress about data breach protections, but Congress has yet to pass a data breach notification bill.

In its January 2006 settlement with the FTC, ChoicePoint agreed to pay a $10 million fine in addition to the $5 million victims fund. The company also agreed to third-party security audits every other year until 2026.

ChoicePoint also agreed in May to pay a $500,000 fine and change the way it screens new customers in a settlement with 43 states and the District of Columbia.

Claim forms must be postmarked by Aug. 18. The amount applicants receive will depend on a number of factors, including the total number and size of claims that the agency receives, the FTC said.