Thursday, May 05, 2005

The Five Most Shocking Things about the ChoicePoint Debacle

A good article in CSO Magazine is forceful, and focuses on the implications for corporate security officers.

"At first, the ChoicePoint security breach seemed not only ordinary but almost insignificant. That same month, February, saw stories that had bigger numbers (Bank of America, 1.2 million names and Social Security numbers) and more sex appeal (T-Mobile, Paris Hilton) than the predictable details of the ChoicePoint case. Thousands of victims, compromised Social Security numbers, an arrest on charges of identity theft. Yada yada yada.
But somewhere along the way, the ChoicePoint saga became the spark that caused an explosion.
Maybe it was the fact that this wasn't a hack. Personal information of nearly 145,000 people wasn't stolen from ChoicePoint. In fact, the company sold the information to inadequately vetted bogus businesses--this when the company itself helps other businesses verify creds.
Maybe it was that the people whose information was compromised weren't customers of ChoicePoint, just accidental citizens of the vast databases of the Alpharetta, Ga.-based information broker.
Maybe it was the way that ChoicePoint behaved after the breach: from an initial, bumbling response that smacked of marketing, to a changing story about what had happened and how the company was responding, to the revelation that top executives had sold millions of dollars worth of stock between the time the fraud was discovered and when it was announced to the public.
Or maybe it was this last twisted bit of irony: ChoicePoint chairman and CEO Derek V. Smith had recently written two books about how individuals can protect themselves in the information age.
You can't make this stuff up."

Labels: , , ,


Post a Comment