Information security landmarks: Biggest computer viruses, Internet attacks and data breaches - Information Security Magazine - Page 1

Getting the Point
by Mark Baard
ChoicePoint put data breaches on the front page of The Wall Street Journal, into corporate boardrooms and the consciousness of Americans.


ChoicePoint CISO Richard Baich's protestations in 2005 that his company was the victim of fraud, not a hack, sound almost archaic now.

"This is not an information security issue," Baich told Information Security shortly after ChoicePoint disclosed 163,000 customer records had been accessed. "My biggest concern is the impact this has on the industry from the standpoint that people are saying ChoicePoint was hacked. No we weren't. This type of fraud happens every day."

In fact, the incident underscored the vulnerability of sensitive data to many attack vectors, from classic computer hacks to trusted insiders to thieves like the ChoicePoint fraudsters. They posed as legitimate business customers and set up accounts to obtain the type of information that ChoicePoint typically sold third parties.

It's not that ChoicePoint was the first or the worst data breach, but it was spectacular, driving countless companies to take steps to avoid Choice-Point's miserable--and very public--experience, which was resolved when it paid $10 million in fines and $5 million compensation to consumers after it reported

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

the breach to California regulators and consumers. ChoicePoint executives got a good tongue-lashing before Congress for good measure.

"The message to ChoicePoint and others should be clear: Consumers' private data must be protected from thieves," FTC Chairman Deborah Platt Majoras said in a statement. "Data security is critical to consumers, and protecting it is a priority for the FTC, as it should be to every business."

But data owners still have a long way to go to secure critical information and prevent fraud, says Gartner analyst Avivah Litan.

"[Data breaches are] still happening," Litan says. Since ChoicePoint was breached, more than 215 million personal records have been lost by entities responsible for them. TJX, Gap Inc., Monster.com and TD Ameritrade this year alone have joined ChoicePoint, the VA and many others as standard-bearers for shoddy data security.

This was first published in January 2008