This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."

Download it now to read this article plus other related content.

Getting the Point
by Mark Baard
ChoicePoint put data breaches on the front page of The Wall Street Journal, into corporate boardrooms and the consciousness of Americans.

ChoicePoint CISO Richard Baich's protestations in 2005 that his company was the victim of fraud, not a hack, sound almost archaic now.

"This is not an information security issue," Baich told Information Security shortly after ChoicePoint disclosed 163,000 customer records had been accessed. "My biggest concern is the impact this has on the industry from the standpoint that people are saying ChoicePoint was hacked. No we weren't. This type of fraud happens every day."

In fact, the incident underscored the vulnerability of sensitive data to many attack vectors, from classic computer hacks to trusted insiders to thieves like the ChoicePoint fraudsters. They posed as legitimate business customers and set up accounts to obtain the type of information that ChoicePoint typically sold third parties.

It's not that ChoicePoint was the first or the worst data breach, but it was spectacular, driving countless companies to take steps to avoid Choice-Point's miserable--and very public--experience, which was resolved when it paid $10 million in fines and $5 million compensation to consumers after it reported

Requires Free Membership to View

the breach to California regulators and consumers. ChoicePoint executives got a good tongue-lashing before Congress for good measure.

"The message to ChoicePoint and others should be clear: Consumers' private data must be protected from thieves," FTC Chairman Deborah Platt Majoras said in a statement. "Data security is critical to consumers, and protecting it is a priority for the FTC, as it should be to every business."

But data owners still have a long way to go to secure critical information and prevent fraud, says Gartner analyst Avivah Litan.

"[Data breaches are] still happening," Litan says. Since ChoicePoint was breached, more than 215 million personal records have been lost by entities responsible for them. TJX, Gap Inc., Monster.com and TD Ameritrade this year alone have joined ChoicePoint, the VA and many others as standard-bearers for shoddy data security.

This was first published in January 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: