Have you been following the ChoicePoint story at all? ChoicePoint is a big credit-reporting firm, and they recently admitted that they sold some 150,000 credit reports to a gang of crooks that had posed as legitimate businessmen. At first they were only going to notify Californians who were affected since California law required them to do so, but after the predictable outcry they agreed to notify the non-Californians as well. Later we learned that they underreported the number of affected people at first, and that they had the data stolen in October but didn't say anything about it until much later, and finally that two executives made a fortune selling shares between the discovery of the theft and the public announcement of it. If you've ever wondered why Hollywood makes corporations and their executives out to be greedy, soulless, evil bastards, this would be a pretty good example.
And after all that, ChoicePoint CEO thinks he's the real victim here.
ChoicePoint Chief Executive Derek Smith said Thursday he supports congressional hearings and tighter regulation of the data collection industry, if necessary, after revelations his company was duped into giving criminals access to its massive database of consumers' personal information.His face drawn and eyes weary from two days of meetings in New York with investors, Smith said Thursday in his most extensive interview to date that he is working around the clock to keep shareholders and customers from running away.
He said his company is investigating whether anyone internally was involved in the breach, but he stressed there has been no evidence of that.
"If we knew somebody had done something internally, we would tell you that," Smith said in an hourlong interview.
Smith said he believes his company is as much a victim in the episode as the roughly 145,000 Americans whose personal information may have been viewed by criminals.
"I wish we would have caught it sooner," Smith said.
He added, "The painful part for me is that our mission is being called into question."
ChoicePoint says its mission is to arm customers with the information necessary to verify that the people they are doing business with are who they say they are. That selling point has been turned on its head by bandits who were given access to the company's database by duping it into thinking they were someone they were not.
Anyway. This Chron story has some more on the real victims here. Bruce Schneier says this will happen again unless the government forces the ChoicePoints of the world to behave, since they have no economic incentive to do so.
One good thing that may come out of this is a new law that would give Texans the same right to be notified of a security breach as Californians. Latinos for Texas has the story.
On the heels of the revelation of a major security breach at data broker Choicepoint, a State Representative Eddie Rodriguez (D-Austin) has introduced a measure to give Texas consumers the right to know when crooks infringe on their financial DNA.“We only know about the Choicepoint fiasco because security breach legislation enacted in California requires notification when consumer data are compromised,” said Representative Eddie Rodriguez. “Texans should have the same right to know, so they can take steps to protect themselves.”
The bill, HB 1527, would require companies to alert their customers if a breach of security has put them at risk of identity theft. Recent reports that a fraud ring gained access to the personal and financial information of an estimated 11,081 Texans from computer databases maintained by ChoicePoint, Inc. This incidence underscores the need for tougher safeguards to protect Texas consumers against identity theft. The ChoicePoint files that were compromised contained such sensitive information as Social Security numbers linked to names and addresses. Already, an estimated 750 people were reportedly targets of an identity theft scheme as a result of the ChoicePoint security breach.