ChoicePoint Promises To Write 'Personal Information Should Be Protected' 500,000 Times, Promises Not To Do It Again
from the pointless dept
ChoicePoint had already been hit with $15 million in fines and damages for, what was at the time, the largest credit-card data leak ever (though it lost that title to TJX earlier this year). But 44 states have gotten in on the action, hitting the company with a staggering $500,000 more and an agreement that it will put better security in place. ChoicePoint says it has reformed its ways and is working to solve its problems, but forgive us for being skeptical -- particularly when the company seems to have another big problem, in the form of incorrect data. The new deal with the states says that ChoicePoint will extend the same, supposedly better level of protection to all its consumer records, instead of just those covered by the Fair Credit Reporting Act, as required by the FTC settlement, and ChoicePoint says it will more stringently check out new customers for its data. A ChoicePoint exec brags that the company "has become a model of privacy protection" since the breach -- but if it's so concerned about consumer privacy, why did it take these further steps only as part of a settlement with the attorney generals, and not on its own? Never mind the fact that it apparently only decided security was important after a massive breach. It's really hard to believe that ChoicePoint, or indeed any other company in a similar situation, has any interest in proactively improving its security, since there's little financial incentive for them to do so. Instead, they can just leak data, pay the miniscule fines, make some changes, issue a press release, and move on.
Reader Comments (rss)
(Flattened / Threaded)
by me on Jun 1st, 2007 @ 5:28pm
Choicepoint is implementing much stronger security measures internally through leveraging open source software.
(reply to this comment) (link to this comment)
by me2 on Jun 1st, 2007 @ 6:09pm
I certainly hope they are doing better than sudo... they would be better off with Symark's full suite of Power products... God help them if they went with CA however...
(reply to this comment) (link to this comment)
correction by Anonymous Coward on Jun 1st, 2007 @ 6:58pm
Please correct: "attorney generals" should be "attorneys general" Thank you
(reply to this comment) (link to this comment)
Re: by Anonymous Coward on Jun 1st, 2007 @ 7:33pm
I certainly hope that was a joke. Having source code readily available (hence open source) makes it SO much easier to break . I'm going to assume it's a joke, but some people really can't tell sarcasm (with text I'm at a loss half the time on the web) and they should know that if that comment ISN'T a joke that it should be.
(reply to this comment) (link to this comment)
Re: Re: by Charles Griswold on Jun 1st, 2007 @ 8:14pm
Open Source makes flaws in software easier to find (for both black-hats and white-hats), but it also makes it much easier patch. When a major flaw is found in open-source code, someone will typically have a patch for it in a matter of days (if not hours). That is a much better response time than is typical for most closed-source projects.And FYI, none of that was intended as sarcasm.
(reply to this comment) (link to this comment)
*seething rage* by Tarky7 on Jun 2nd, 2007 @ 7:34am
Fume, Fume, Fume...
Rage, Rage, Rage...
*mumbling*
'One of these days were going to have a real necktie party !'
(reply to this comment) (link to this comment)
Hear, hear by Brad Eleven on Jun 2nd, 2007 @ 7:41am
Of course only the AC will bash Open Source from the long-disproven assertion that it's somehow less secure because the source code can be read by anyone.
Open Source is superior and more secure for exactly this reason. Pop quiz: When's the last time *you* read any Open Source? Do you think that in the source archive, there's a plain text file called "FOR SECURITY PERSONNEL ONLY" that outlines all of the known vulnerabilities?
You're either an idiot, a corporate shill, or both, AC. That little FUD turd dried up back in the 90s. You're an embarrassment to whomever's paying you.
Bonus question: When was the last time you heard of an Open Source security hole? If you actually did, how long before it was closed? Now compare/contrast to Microsoft's track record.
(reply to this comment) (link to this comment)
Re: Re: Re: by Anonymous Coward on Jun 2nd, 2007 @ 6:33pm
Hours are all you need to steal data.
(reply to this comment) (link to this comment)
Re: Hear, hear by Anonymous Coward on Jun 2nd, 2007 @ 6:35pm
Hmmm. Respecting someone who spouts ad hominem ad nauseum? Screw that.
(reply to this comment) (link to this comment)
Re: Hear, hear by Charles Griswold on Jun 2nd, 2007 @ 10:38pm
Actually, I've heard about quite a few security holes in open source software. I usually hear about them because a security patch was being released, so the answer to your second question is "immediately". :-) In contrast, Microsoft's track record isn't quite as good.(reply to this comment) (link to this comment)
Re: Re: Re: Re: by Semicharm on Jun 3rd, 2007 @ 9:35am
Yes hours can be bad, but you fail to mention the alternative, that with closed source software, thieves usually have at lest a week to a month to run amok. Now, which sounds better to you?(reply to this comment) (link to this comment)
Re: Re: Hear, hear by SailorRipley on Jun 4th, 2007 @ 8:52am
After your first reply and FUD about open source, your access to the moral high ground has been denied.
(reply to this comment) (link to this comment)
Add Your Comment