Monday, May 16, 2005

A message to ChoicePoint customers: just how helpful is the data you are buying?

The Five Most Shocking Things About the ChoicePoint Debacle - CSO Magazine - May 2005

Maybe it was the fact that this wasn't a hack. Personal information of nearly 145,000 people wasn't stolen from ChoicePoint. In fact, the company sold the information to inadequately vetted bogus businesses--this when the company itself helps other businesses verify cred[entials of employees or others using the data in their databank].

A great point that has been lost in a lot of the reporting. Just how useful is the service they provide when they were spoofed over 50 times by fraudulent users?

These companies always beg the question of which entities are authorized to be their customers to "legitimately" obtain this kind of sensitive data about people? What would stop me from paying to get the data on anyone they had? What criteria would they establish to prevent just anyone from getting at this data? Or, do they not care as long as you have the cash?

ChoicePoint likely would love to keep the focus on how this was just an isolated case where these 50+ users fooled them. But does it even matter that the identities were fraudulent? Would it have been okay if I signed up with my own identity and obtained information on these 145,000 people instead?

No comments:

Post a Comment