ChoicePoint Promises To Write 'Personal Information Should Be Protected' 500,000 Times, Promises Not To Do It Again

from the pointless dept

Fri, Jun 1st 2007 4:19pm — Carlo Longino

ChoicePoint had already been hit with $15 million in fines and damages for, what was at the time, the largest credit-card data leak ever (though it lost that title to TJX earlier this year). But 44 states have gotten in on the action, hitting the company with a staggering $500,000 more and an agreement that it will put better security in place. ChoicePoint says it has reformed its ways and is working to solve its problems, but forgive us for being skeptical -- particularly when the company seems to have another big problem, in the form of incorrect data. The new deal with the states says that ChoicePoint will extend the same, supposedly better level of protection to all its consumer records, instead of just those covered by the Fair Credit Reporting Act, as required by the FTC settlement, and ChoicePoint says it will more stringently check out new customers for its data. A ChoicePoint exec brags that the company "has become a model of privacy protection" since the breach -- but if it's so concerned about consumer privacy, why did it take these further steps only as part of a settlement with the attorney generals, and not on its own? Never mind the fact that it apparently only decided security was important after a massive breach. It's really hard to believe that ChoicePoint, or indeed any other company in a similar situation, has any interest in proactively improving its security, since there's little financial incentive for them to do so. Instead, they can just leak data, pay the miniscule fines, make some changes, issue a press release, and move on.

12 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

me, 1 Jun 2007 @ 5:28pm

Choicepoint is implementing much stronger security measures internally through leveraging open source software.
[ link to this | view in chronology ]
- Anonymous Coward, 1 Jun 2007 @ 7:33pm
  
  Re:
  I certainly hope that was a joke. Having source code readily available (hence open source) makes it SO much easier to break . I'm going to assume it's a joke, but some people really can't tell sarcasm (with text I'm at a loss half the time on the web) and they should know that if that comment ISN'T a joke that it should be.
  [ link to this | view in chronology ]
  - Charles Griswold, 1 Jun 2007 @ 8:14pm
    
    Re: Re:
    I certainly hope that was a joke. Having source code readily available (hence open source) makes it SO much easier to break.
    Open Source makes flaws in software easier to find (for both black-hats and white-hats), but it also makes it much easier patch. When a major flaw is found in open-source code, someone will typically have a patch for it in a matter of days (if not hours). That is a much better response time than is typical for most closed-source projects.
    
    And FYI, none of that was intended as sarcasm.
    [ link to this | view in chronology ]
    - Anonymous Coward, 2 Jun 2007 @ 6:33pm
      
      Re: Re: Re:
      Hours are all you need to steal data.
      [ link to this | view in chronology ]
      - Semicharm, 3 Jun 2007 @ 9:35am
        
        Re: Re: Re: Re:
        Hours are all you need to steal data.
        Yes hours can be bad, but you fail to mention the alternative, that with closed source software, thieves usually have at lest a week to a month to run amok. Now, which sounds better to you?
        [ link to this | view in chronology ]
me2, 1 Jun 2007 @ 6:09pm

I certainly hope they are doing better than sudo... they would be better off with Symark's full suite of Power products... God help them if they went with CA however...
[ link to this | view in chronology ]
Anonymous Coward, 1 Jun 2007 @ 6:58pm

correction
Please correct: "attorney generals" should be "attorneys general" Thank you
[ link to this | view in chronology ]
Tarky7, 2 Jun 2007 @ 7:34am

*seething rage*
Fume, Fume, Fume...

Rage, Rage, Rage...

*mumbling*

'One of these days were going to have a real necktie party !'
[ link to this | view in chronology ]
Brad Eleven, 2 Jun 2007 @ 7:41am

Hear, hear
Of course only the AC will bash Open Source from the long-disproven assertion that it's somehow less secure because the source code can be read by anyone.

Open Source is superior and more secure for exactly this reason. Pop quiz: When's the last time *you* read any Open Source? Do you think that in the source archive, there's a plain text file called "FOR SECURITY PERSONNEL ONLY" that outlines all of the known vulnerabilities?

You're either an idiot, a corporate shill, or both, AC. That little FUD turd dried up back in the 90s. You're an embarrassment to whomever's paying you.

Bonus question: When was the last time you heard of an Open Source security hole? If you actually did, how long before it was closed? Now compare/contrast to Microsoft's track record.
[ link to this | view in chronology ]
- Anonymous Coward, 2 Jun 2007 @ 6:35pm
  
  Re: Hear, hear
  Hmmm. Respecting someone who spouts ad hominem ad nauseum? Screw that.
  [ link to this | view in chronology ]
  - SailorRipley, 4 Jun 2007 @ 8:52am
    
    Re: Re: Hear, hear
    After your first reply and FUD about open source, your access to the moral high ground has been denied.
    [ link to this | view in chronology ]
- Charles Griswold, 2 Jun 2007 @ 10:38pm
  
  Re: Hear, hear
  When was the last time you heard of an Open Source security hole? If you actually did, how long before it was closed? Now compare/contrast to Microsoft's track record.
  Actually, I've heard about quite a few security holes in open source software. I usually hear about them because a security patch was being released, so the answer to your second question is "immediately". :-) In contrast, Microsoft's track record isn't quite as good.
  [ link to this | view in chronology ]