Tuesday, February 15, 2005

ChoicePoint Information Theft: An Omen

I read at MSNBC that 30,000 - 35,000 California residents were warned that "unauthorized third parties" may have accessed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir personal information, such as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir names, addresses, Social Security numbers, credit reports and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r information. The data was stolen from ChoicePoint, an Atlanta-based firm that describes itself as "a trusted source and leading provider of decision-making information that helps reduce fraud and mitigate risk. ChoicePoint has grown from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 nation's premier source of data to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 insurance industry into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 premier provider of decision-making intelligence to businesses and government."

ChoicePoint claims cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 data was stolen through 50 fake companies that were set up to access cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 data. MSNBC says "The incident was discovered in October, when ChoicePoint was contacted by a law enforcement agency investigating an identity cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ft crime. In that incident, suspects had posed as a ChoicePoint client to gain access to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 firm's rich consumer databases."

MSNBC also reports that ChoicePoint "says it has 10 billion records on individuals and businesses, and sells data to 40 percent of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 nation's top 1,000 companies. It also has contracts with 35 government agencies, including several law enforcement agencies."

This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same ChoicePoint that MSNBC profiled last month. In that story company vice president James A. Zimbardi said "We do act as an intelligence agency, gacá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ring data, applying analytics."

If this private intelligence agency is going to collect and publish my personal information, it better be held to a high standard. I bet that California residents aren't cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 only Americans affected by this incident. I have no insider information but I expect to hear more details in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 future.

This story comes on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 heels of a Washington Post report that government contractor SAIC suffered a physical break-in at a San Diego facility on 25 January 2005. Thiefs stole computers "containing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Social Security numbers and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r personal information about tens of thousands of past and present company employees." Aside from this buried announcement, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reason we know of this intrusion is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 California law requiring disclosure to those affected. In SAIC's case, that is 45,000 current and former employees.

Both of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se incidents indicate that California's disclosure law needs to be expanded to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Federal level. How many ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r organizations are leaking personal data without our knowledge?

These two cases also demonstrate my security mantra that prevention eventually fails. Therefore, we need to have robust detection and response mechanisms in place. The best detection mechanism for an individual may be a service that provides access to your credit report (for a fee). This allows you to monitor access to your credit report and spot potentially fraudulent activity. Consumers in certain western US states are already entitled to an annual free credit report from each of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 three credit bureaus. Check this Federal Trade Commission site for more details. It looks like those of us in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 norcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ast will have to wait until 1 September 2005.

Once available, however, it looks like one could order one credit report from each bureau per year. It might be a good strategy to order one from Experian in, say, January, anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r from Equifax in May, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 third from TransUnion in September. The following year, repeat cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cycle, in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same order. This strategy provides a look at your credit report every four months, as opposed to once per year.

The only response strategy is to follow cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Federal Trade Commission's identity cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ft advice.

No comments: