ChoicePoint Promises To Write 'Personal Information Should Be Protected' 500,000 Times, Promises Not To Do It Again

from the pointless dept

ChoicePoint had already been hit with $15 million in fines and damages for, what was at the time, the largest credit-card data leak ever (though it lost that title to TJX earlier this year). But 44 states have gotten in on the action, hitting the company with a staggering $500,000 more and an agreement that it will put better security in place. ChoicePoint says it has reformed its ways and is working to solve its problems, but forgive us for being skeptical -- particularly when the company seems to have another big problem, in the form of incorrect data. The new deal with the states says that ChoicePoint will extend the same, supposedly better level of protection to all its consumer records, instead of just those covered by the Fair Credit Reporting Act, as required by the FTC settlement, and ChoicePoint says it will more stringently check out new customers for its data. A ChoicePoint exec brags that the company "has become a model of privacy protection" since the breach -- but if it's so concerned about consumer privacy, why did it take these further steps only as part of a settlement with the attorney generals, and not on its own? Never mind the fact that it apparently only decided security was important after a massive breach. It's really hard to believe that ChoicePoint, or indeed any other company in a similar situation, has any interest in proactively improving its security, since there's little financial incentive for them to do so. Instead, they can just leak data, pay the miniscule fines, make some changes, issue a press release, and move on.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    me, Jun 1st, 2007 @ 5:28pm

    Choicepoint is implementing much stronger security measures internally through leveraging open source software.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    me2, Jun 1st, 2007 @ 6:09pm

    I certainly hope they are doing better than sudo... they would be better off with Symark's full suite of Power products... God help them if they went with CA however...

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jun 1st, 2007 @ 6:58pm

    correction

    Please correct: "attorney generals" should be "attorneys general" Thank you

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Jun 1st, 2007 @ 7:33pm

    Re:

    I certainly hope that was a joke. Having source code readily available (hence open source) makes it SO much easier to break . I'm going to assume it's a joke, but some people really can't tell sarcasm (with text I'm at a loss half the time on the web) and they should know that if that comment ISN'T a joke that it should be.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Charles Griswold, Jun 1st, 2007 @ 8:14pm

    Re: Re:

    I certainly hope that was a joke. Having source code readily available (hence open source) makes it SO much easier to break.
    Open Source makes flaws in software easier to find (for both black-hats and white-hats), but it also makes it much easier patch. When a major flaw is found in open-source code, someone will typically have a patch for it in a matter of days (if not hours). That is a much better response time than is typical for most closed-source projects.

    And FYI, none of that was intended as sarcasm.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Tarky7, Jun 2nd, 2007 @ 7:34am

    *seething rage*

    Fume, Fume, Fume...

    Rage, Rage, Rage...

    *mumbling*

    'One of these days were going to have a real necktie party !'

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Brad Eleven, Jun 2nd, 2007 @ 7:41am

    Hear, hear

    Of course only the AC will bash Open Source from the long-disproven assertion that it's somehow less secure because the source code can be read by anyone.

    Open Source is superior and more secure for exactly this reason. Pop quiz: When's the last time *you* read any Open Source? Do you think that in the source archive, there's a plain text file called "FOR SECURITY PERSONNEL ONLY" that outlines all of the known vulnerabilities?

    You're either an idiot, a corporate shill, or both, AC. That little FUD turd dried up back in the 90s. You're an embarrassment to whomever's paying you.

    Bonus question: When was the last time you heard of an Open Source security hole? If you actually did, how long before it was closed? Now compare/contrast to Microsoft's track record.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Jun 2nd, 2007 @ 6:33pm

    Re: Re: Re:

    Hours are all you need to steal data.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Jun 2nd, 2007 @ 6:35pm

    Re: Hear, hear

    Hmmm. Respecting someone who spouts ad hominem ad nauseum? Screw that.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Charles Griswold, Jun 2nd, 2007 @ 10:38pm

    Re: Hear, hear

    When was the last time you heard of an Open Source security hole? If you actually did, how long before it was closed? Now compare/contrast to Microsoft's track record.
    Actually, I've heard about quite a few security holes in open source software. I usually hear about them because a security patch was being released, so the answer to your second question is "immediately". :-) In contrast, Microsoft's track record isn't quite as good.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Semicharm, Jun 3rd, 2007 @ 9:35am

    Re: Re: Re: Re:

    Hours are all you need to steal data.
    Yes hours can be bad, but you fail to mention the alternative, that with closed source software, thieves usually have at lest a week to a month to run amok. Now, which sounds better to you?

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    SailorRipley, Jun 4th, 2007 @ 8:52am

    Re: Re: Hear, hear

    After your first reply and FUD about open source, your access to the moral high ground has been denied.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This