Slashdot Mirror
Congress to Investigate ChoicePoint
twzop writes "I just saw a story on the CBS evening news about the previously posted story about ChoicePoint, Inc. in Atlanta, GA getting hacked and US citizens' data being compromised. The story stated that Congress was going to get involved by investigating the scandal and that there was a large class action lawsuit against the private firm."
What was the size of the data leaked? I've seen figures vary, I'm wondering if anyone knows, including ChoicePoint.
Since when has this country used intellectual elite as a pejorative term?
It's just congress getting ready to solicity another round of bribes...err campaign contributions. How many Enron executives are in jail again? Yeah.
Before we get too excited about the possibility of justice, let's remember that it's only a crime if it wasn't a rich person that did it.
It seemed like the hacking hype had died down, but we'll now start hearing all about "hackers" and "identity theft" again as little packages on news shows! oh boy!
The Washington Post has an article(reg required) today about Beth Plowman, a Damascus international public health adviser, was shocked when she discovered that a $27,240 arbitration judgment had been levied against her for credit card charges incurred by an identity thief who bought sporting goods all across Europe.
I do a lot of computer security work in my area, and trust me when I say that many, many places have either no or woefully inadequate security present.
One place I did a job for actually had a symbol AP in the ceiling of the factory, login: Symbol, pass: (blank) and unencrypted transfers. The domain admin acct (win2k) had no password, and guest was active. They also bungled up a RAS so that anybody that knew that number had "root".
Those were just external security issues.. It took 50 hours to barely fix their problems.
Still, problems are abound just like that: No or bad security. Many times, it has to do with plain laziness, not thinking anybody cares about us, just not knowing, or trying to do security and maintainence without understanding.
Another amazing this is how well modem-scanners work these days... Back in the day, all the security nuts cared about dial-back and other things... Now, everybody thinks of always-on internet so you need a firewall. Not so. Many machines have dialup gateways or interfaces in which most are just not configured. Even (to my knowledge, I use freeBSD and linux) Windows RAS server has dialback capability.
Now, why Congress wants to scrutnize them, well.. Wonder if they've secured THEIR wireless network since I was in DC...
What I find odd about the reportage of this story is that noone seems to be pointing out that Choicepoint was also responsible for providing Florida with some of the data it used to strip people from the voter rolls back in 2000. That wasn't exactly good either.
Choicepoint - and their competitors such as TransUnion, have become unrelegated "authorities" on people's personal data for far too long. A leak like this was inevitable. Honestly, I think our data has leaked before, but because only California has a (recently made) law dictating that victims must be told of such losses, nobody was informed when it happened in the past.
I'm not normally a "Big brother is watching you" kind of girl, but the amount of power these companies have over our lives - the ability to deny us life, home, and auto insurance, to get a home or auto loan, to even get a job! - is insane. Especially when you try to correct inaccurate information and they refuse to accept it! For example, I don't rent, I own my own house. But for years I've tried to correct that - and my status, which is married, not single - and have had them tell me flat out that THEIR data is correct and I must be dreaming about my husband & house...
Tepp
Congress has failed us in the security department
- Open borders for illegal immigration - open door to terrorists
- Letting illegal aliens go free after being caught with advice that they should show up for their court hearing at a latter date
- Letting state, local governments sell personal information for decades
- Letting voting laws get so inadequate to allow anyone to walk up and vote on demand using a provisional ballot - resulting in fraud
Choicepoint is a public company
This is the third time my identity has been stolen this week...I loose my damn dog and keys less then i loose my identity!!!
On a more serious note: Big brother
So if big brother, has like all this information on us (creditcard numbers places we freq eat and stupid random intel like that), then what if THEY get hacked? Wouldnt that mean hell for everybody thats ever been in america? I could only imagine standing in line at a public school to get my friggin id back, but how would they validate whose who? if theres no pictures, oculd you just steal somebody's drivers liscence or wallet and say that your them?
Your skill in reading has increased by one point!
Choicepoint CEO personal info here.
Nice segue from the previous "most disgusting story of the day" which in my opinion was the newly appointed committee member to the DPIAC. Excuse me while I cough up both my identity AND my lunch....
It is too easy for companies to be careless with people's personal data and it will take a serious threat of penalty to make them put in extra expense and effort to guard it properly. The same kind that make airlines so carefull about safety i.e. closing down the shop type of penalty.
Can anyone tell me why ChoicePoint never did any deeper background checks on their clients knowing full well that identity theft is at an all time high? Didn't they have enough time to ramp up their security protocols to prevent this sort of thing from happening? Plus, who the !@#$% gave ChoicePoint permission to gather data on me?
.NET establishment. Gather all personal info on one database. Currrently, it's a mistake to put all the eggs in one basket.
Funny, ChoicePoint kind of reminds me of what Microsoft wants to do with their
!@#$% whole-grain cereal. When I want fiber, I eat some wicker furniture. - G. Carlin
This ID theft fiasco is but the tip of the iceberg. ChoicePoint helped throw Florida voters off the registration lists in the infamous 2000 election, and made a pretty penny off 9-11. God knows what else they're up to. See http://www.gregpalast.com/ Quote: "For ChoicePoint, with its 15-billion-plus records on every living and dying being in the United States, Ground Zero would become a profit center lined with gold. Contracts would gush forth from War on Terror fever not hurt by the fact that ChoicePoint did something for George W. Bush that the voters would not: select him as our president." Full article at http://www.gregpalast.com/detail.cfm?artid=356&row =0
Request: removal of personal information from your database.
I never gave your company permission to use any public record that belongs to me in a profiteering method. Social Engineers have accessed your database and have potentially compromised personal information belonging to potentially every US citizen, including myself. Reference:
http://www.msnbc.msn.com/id/6969799/ .
I request that any information about myself, removed be removed from the choicepoint database. I am forwarding this email to the offices of the DOJ, President Bush, Vice President cheney and John Hostlettler to inform them of the request that I am making. Also ccing to ombudsman@npr.org.
I am appalled that this corporation dares rob me of the basic right of privacy and security that the constitution protects. I demand my information be immediately removed, my file shredded and evidence of such to be delivered to me.
Two things here. One there's lot's of data that's not really needed.
Two ChoicePoint needs to backup it's customers when it comes to consequences of it's failure. In other words it accepts financial and legal liabiliy (to me) for the consequences of it's failure.
And last, inefficiencies be damned. Data doesn't really need to be centralized. Talk about single point of failure.
I didn't know anybody watched cbs anymore...
Schneier wrote about this in his blog.
...just my 2 gil.
Bush and the GOp used Choicepoint as the
...
= 358&row =0
hatchetman in an attempted coup of demcratically elected president of venezuela, Hug Chavez:
U.S. Attempting to Fix Venezuela Vote
(Greg Palast, August 10, 2004)
Will The Gang That Fixed Florida Fix the Vote in Caracas this Sunday?
OUR President has decided that THEIR president has to go. This is none too easy given that Chavez is backed by Venezuela's poor. And the US oil industry, joined with local oligarchs, has made sure a vast majority of Venezuelans remain poor. . . . Therefore, Chavez is expected to win this coming Sunday's recall vote. That is, if the elections are free and fair. . . . They won't be. Some months ago, a little birdie faxed to me what appeared to be confidential pages from a contract between John Ashcroft's Justice Department and a company called ChoicePoint, Inc., of Atlanta. The deal is part of the War on Terror.
Justice offered up to $67 million, of our taxpayer money, to ChoicePoint in a no-bid deal, for computer profiles with private information on every citizen of half a dozen nations. The choice of which nation's citizens to spy on caught my eye. While the September 11th highjackers came from Saudi Arabia, Egypt, Lebanon and the Arab Emirates, ChoicePoint's menu offered records on Venezuelans, Brazilians, Nicaraguans, Mexicans and Argentines.
The fix that was practiced in Florida, with ChoicePoint's help, deliberate or not, appears to be retooled for Venezuela, then Brazil, Mexico and who knows where else. . . . Here's what it comes down to: The Justice Department averts its gaze from Saudi Arabia but shoplifts voter records in Venezuela. So it's only fair to ask: Is Mr. Bush fighting a war on terror -- or a war on democracy?
more here:
http://www.gregpalast.com/detail.cfm?artid
eat shiat and bark at the moon
Score another major issue that was instigated by the New Media (bloggers).
Why is it such a concern that something as benign as a 10 digit number, plus information that can be found in the phone book, should be of such a concern? One reason is that armed with such a small amount of information, someone can do a tremendous amount of harm to people, and the companies those people do business with.
Someone can get a driver's license in your name, and build a bad driving record, or worse, in your name. And the state will insist it is you. The affected state will file this with your state, and your own state may cancel your driver's license because it looks like you moved to the other state. In extreme situations you could be arrested.
Someone can get a bank account in your name. Then with these checks that have your SSN and address on them, make a hundred fraudulent purchases totaling tens of thousands of dollars, on an account they probably stuck just $250 in to get it open. This will ruin your rating with banks, which is kept by a separate reporting agency not subject to the same reviews as the 3 big credit reporting agencies are.
There are many other kinds of examples, including opening credit accounts. The common problem in all of these is the assumption that by having certain information, the person with it must actually be you. Those of us familiar with security protocols already know that having the very information you give to someone else to show who you are, enables who you just gave it to to masquerade as you. Most people are honest but a slight few are dishonest. Theft of identity information has been happening for decades but it is only now becoming so widespread that politicians and lawmakers are no longer going to be able to hide their head under the carpet and pretend it doesn't exist in order to avoid the hard choices they will have to make.
And remember, this is identity theft; it is not authenticity theft. Identity only says who you are. We need to stop businesses and governments from assuming that identity is authenticity.
now we need to go OSS in diesel cars
Didn't we just got rid of them? / just askin
systems. It is very telling to see who is running what. Take a look at ChoicePoint, T-Mobil, etc.
I prefer the "u" in honour as it seems to be missing these days.
This form of hearsay shouldn't be allowed on slashdot. It's only going to [eventually] lead to false reporting and scandal. I thought we learned something from "Rathergate" (as much as I hate to call it that) How about you get us an actual story?
What most people fail to understand is that this is not one of few incidents but a general problem that happens when organizations are trying to force people to give our personal data.
Whenever an organization other than the IRS, lenders, or certain employers asks you to give out your social security number you better decline. This applies particularly to schools and landlords. Remember that schools are now required to use other types of student identifiers and landlords cannot refuse you as tenant if you do not give them your social security number. You certainly shouldn't.
Even funnier is how many Slashdotters are referencing his sight. I guess it just proves that everyone has an agenda.
ChoicePoint sold data to customers that turned out to be criminals. These criminal customers did not "hack" into the system, they were granted paid access to it. At best/worst the criminals did a bit of social engineering to appear as a legitimate business. Otherwise the feat involved no technological illegitimate access. I think that is the scariest part of the story.
Two wrongs don't make a right, but three lefts do.
Because of this political debt, the Congress will block any serious investigation of Choicepoint.
That whole firm should be liable for every cent lost. Accepting requests for data via fax without ever seeing original documents is negligent. How can anyone ever expect to avoid identity theft when you have places like this working against you, giving all the important stuff out to any nigerian con artist with scissors a photocopier and a fax machine. I might as well reply to all the emails I get to see if I stand a better chance for a share of the few million each nigerian guy that emails me seems to have.
ChoicePoint data theft widens to 145,000 people
Class action lawsuits were essentially outlawed by the Rupublican Congress and President Bush this week. Nobody will ever get any damages from Choicepoint.
No electrons were harmed creating this post, though some may have been subjected to electrical and/or magnetic fields.
Class dismissed. (As in the "no class" action suit.)
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
I wonder if they'll ask Hank Asher, who started the company (and DataBase Technologies), about his cocaine flights into Florida for Iran/Contra. Or how John Poindexter (of Iran/Contra) got them that fat contract for TIA, and saved it as the secret MATRIX program when TIA got too hot for Congress. Or about that Florida voter-purge list, with over 40K legitimate Florida voters prevented from voting in 2000, and again in 2004. Maybe Asher will have some answers that won't get the coincidence theorists freaking out about how this one company could be so lucky for so long with the same people.
--
make install -not war
These companies need to be held responsible for the results of letting private information slip through their fingers.
They make money off or people's personal information. They should stand up and reimburse people for losses when they fuck up and let said information out to the wrong people.
H.
When VCR's are outlawed, only outlaws will have VCR's.
Please don't bring NPR into this... we give in... you win....
In previous dealings with Revenue Canada back before 1997 i remember a women telling me that all our data was stored by Equifax an American company. Is it possible that canadian data is also being stolen as equifax has no legal requirement to let us know either???!!??!!
Seeing as how ChoicePoint DBT helped deny voting rights to legitimate voters in order to get Bush elected in 2000, Democrats are probably looking for some way to bring this up at the investigation.
I think it'll be fun. I'll have popcorn in hand watching C-SPAN whenever this happens.
...the rulings were that persons affected by the identity thefts were not *customers* of the info bureau(s), therefore... bureau(s) not liable.
Lame, lame, lame.
Bwilde.
If they're admitting to 145K, that means it was probably 10 or 100x that amount.
Last night, the president of the place was on CNN in a white sweater being "ah shucks". And he looked like a con man who used a media consultant to tell him what to say.
I hope they go bankrupt, and everybody gets cancer over there.
At times like these I'm glad I live in a country that puts the rights of a corporate entity over the rights of an individual.
It reminds me of that cheer they did in high school...
Be, regressive, be, be, regressive. R-E-G-R....
The tricky thing is how to fix this. As a data mining consultant I organize the purchase of hundreds of thousands of dollars worth of sensitive data for our clients. And in all of these purchases, I have never seen a vendor proactively validate that my team, or my client's were bona fide.
One would hope that these vendors check that our companies are statutory entities and that our e-mail and mailing addresses are associated with these entities, but these can all be spoofed or are difficult to verify. We often sign legal agreements, but that doesn't matter much if I'm a thief.
Fundamentally, the onus of identification should fall on the government. A system of encrypted public keys used to electronically transfer data between verified entities could prevent this from being a problem.
Regardless, the type of data that Choicepoint sells (predominantly personal credit) is used throughout the banking and insurance industries. If companies are restricted from using the information, it will become meaningless, and markets will regress to less efficient states and we will all lose in the end.
With the spread of identity theft, its time that we who undertand a bit about social egineering make identity theft obsolete and start creating more bunk identities.
Next time you change apartments, get all your utility bills put in the name of someone who doesn't exist. Then when that identity gets stolen who cares?
Get a credit card for your pet if you can.
The more fake identities that are out there the less identity theft matters, and the less companies like choicepoint will be relevant.
So come on everyone... lets make up fake people!
- over 3 million Americans had fraudulent ID theft (the worse kind), and 10 million total had some type of ID theft
- ID theft victims spent a total of 300 million hours "fixing" their problems.
- Fraudulent ID theft averaged $10,000 stolen. The total cost of all ID theft is $50 billion.
- the monetary cost to fix fraudulent ID theft averages $1,200 per ID victim.
But in reading this report the bias that "businesses are the true victims" shows up. The $5 billion in costs to the identity victim (and 300 million hours of time) is described as "Individuals whose information is misused bear only a small percentage of the cost of ID Theft" (pg 6). That's a bad way of thinking about it for several reasons:- 300 million hours of victims' time = 300 million hours of research and investigative time = a 'donation' of at least a few billion dollars.
- The ID theft victim gets hit with real and lasting costs. Companies get to write off their losses, or use insurance and pass their costs on to consumers. A year after ID theft is discovered, the theft is just a blip in a spreadsheet to the companies where the stolen identity was used. The victim will still be writing letters, finding new ramifications, and losing time and sleep over the matter.
- Those 300 million hours also = stress, lost time from work, family, charities, plus also extra medical expenses.
- "15 percent of ID Theft victims reported that their personal information was misused in nonfinancial ways. The most common such use reported was to present the victim's name and identifying information when someone was stopped by law enforcement authorities or was charged with a crime." What's the cost of your kid seeing you arrested because someone else used your name? Not to mention...
- Now that the government gets data from Choicepoint and others, and because the government has no legal responsibility to find or fix bad data in its files, the rest of your life could be hobbled by bad data and you won't quite know why.
So basically Choicepoint and the credit card reporting agencies are creating a "public bad." Like polluters, they force other people and companies to bear the cost of problems they've created. 300 million hours and $5 billion dollars would = fantastic security finished in months if the companies themselves had to pay these costs. Instead, 10 million people are forced to do their own cleanup work, and the fact that 9.999 million people have already done the job doesn't make it any easier for you when you're the victim.Id Theft can be extremely painful to resolve.
I had (regular) mail stolen from my mail box (before I realized how bad it is to actually use your mailbox for outgoing mail), at first I thought it was a post office screw up, but several months later, I got a call from a bank employee who just completed a transaction which he thought was fishy. He asked my if I had just cashed a four figure check there. When I told him that I hadn't he warned me that somebody was stealing my Identity. I called my credit card companies to get new cards and security added to my accounts, contacted all of the big three credit agencies and got a hold put on my credit, contacted the local police.
The next thing I knew it was raining collection notices on me.
This guy was printing checks with my name and driver's liscense number. For Id, he had a printer which could create fake driver's liscenses with all of my information, but his face and description.
Fortunately, I was lucky, this guy got pulled over for a faulty brake light and the officer looked into the car and saw over a dozen driver's liscenses on the back seat of his car, all with his picture on them, but different names. The officers told me that I was the one in a hundred whose Identity Thief was caught.
Now, 8 years later, I can share some lessons with you. Trust me, you don't want any of this to happen to you, arguing with collection agencies is no fun at all, they assume that everybody is a slimeball.
1) Get a shredder. Get two in case the first one breaks. Shred everything that has anything that can identify you. Id Theives also dumpster and dump dive to look for your information, don't give them any help. shred shred shred...
2) Get your annual credit report from the big three credit bureaus. Take the time to review it, carefully. They each have a formal procedure for clearing up problems. Follow it to correct your information. They can be reached here http://www.creditreporting.com/
3) Check your credit and bank statements, you never know what they have on you or when they get it.
4) If it does happen to you, file a police report immediately. This report number is your best defense against the onslaught of collection agencies that will soon be banging down your door.
Clearly, the more aggregated information can be, the higher the value because those using it do not have to look so far to get other, related facts about a subject.
Perhaps the form of regulation on the topic of information security for these large clearinghouses should be to keep as much information isolated as possible...so that even if there is a fault, the effects are minimized.
This approach works in plenty of scenarios as far as contingency planning and fault tolerance goes. Faults and failures can occur, but in this case, the owners of the information should work towards containment for the sake of those they are representing (that is, those they have data about).
I am interested to see how the proposals for regulating this industry emerge, or if they will be squelched by various lobbies. We'll see.
http://www.privacyrights.org/ar/CPResponse.htm
According to ChoicePoint, their tenant rental history includes landlord debt, criminal, eviction, registered sex offender and FBI searches. Their employment background check report includes information on arrest and conviction history including fugitive files, state and county criminal record repositories, prison, parole and release files from state Department of Corrections, Administrative Office of Courts and other state agencies, in addition to credit history, employment verification, education verification, license credentials and certification verification, and business or personal reference verification.
Everyone, I'm as outraged with the ChoicePoint fiasco as everyone else. I know that discussion needs to take place so we all understand the problem. But I think we are all past that point. What are we going to do about this issue? I dont think that we can expect the government to prevent ChoicePoint from doing what it does. ChoicePoint has too much clout with Bush and company. I think three reasonable requests, however, are: 1. Allow consumers to review ALL records which may be sold 2. Allow consumers to update mistaken records with clear response times. 3. Mandate these companies to inform customers whose information has been stolen within, say, 2 weeks. Unfortunately, these will require an act of Congress. How can we do this? Do you think that we can get this done or is this just wishful thinking? I suggest we create an auto-mail website where people can put in their name/city and a custom email is sent to congress people asking for such a law. Is there something like this out there? I know CapWiz does this, but some org would need to sponsor it and promote it. Any ideas? Anything we can do at the personal level?
It is ridiculous that all ur life is based on puny number known as ur social security number! :-
:-p
But as long as this is convenient, it would be hard for govt./companies to use a different tact.
I have a suggestion to improve this
1. Access #1, Use one number to access/read ur info (it should not include ur modify number #2, then it defeats the purpose).
2. Modify #2, Use another number to modify/write to ur history.
To modify ur credit history u need to provide both numbers. To access/read ur info, only #1 needs to be provided (all data is indexed under #1). So even if #1 is lost b'coz somebody hacked into the neighbourhood choicepoint, they cannot modify ur history.
What do u genii think of this scheme?
~AJ~
> Congress was going to get involved by investigating the scandal and that there was a large class action lawsuit against the private firm.
Wonderful timing on the new legislation to limit class action lawsuits, isn't it? Not that class action lawsuits are good... they tend to line the lawyers' pockets rather than helping the people that were hurt. But they do have that whole punishment aspect. Maybe checkpoint should be required to publish the SSNs of their board of directors on the web. Just for an hour.
No, maybe not that. But they should hardly get away scott-free. Maybe a year's profits should go to fight identity theft. Or some such. Ah, well.
Why can't individuals copyright their own personal information (name, address, SS#, phone number) which all combined create a unique ID, and then sue any company holding that information with a violation of the DMCA?
Remember that under the provisions of the DMCA, they can't REVERSE ENGINEER, which is exactly how these credit reporting agencies gather information about you.
I think it's high time individuals treated themselves like corporations. Corp's are protected under the New America, people are not. Therefore, I advise you to incorporate yourself and then you'll gain new rights under this brave new world we are existing in.
TTYL
(name withheld to prevent identity theft)
If telephones are outlawed, then only outlaws will have telephones.
ChoicePoint/DBT originally produced a list of about 8000 voters to remove from the electoral rolls. Katherine Harris got back to them and told them to widen the net - by omitting a few data integrity requirements, such as middle names, dates of birth, and dates and details of their convictions - and assured ChoicePoint that they needn't worry about the number of false positives in the list. This increased the size of the list to about 58,000 voters, more than half of whom were African-Americans.
When the fraud was officially investigated, ChoicePoint admitted to a false-positive rate of up to 15%, which was already far in excess of Bush's lead in the Florida poll. Later, an independent investigation showed an error rate of more than 90% - some 55,000 voters, some 30,000 of whom were black.
This is a flat-out lie. Read some first-hand accounts of voter disenfranchisement for yourselves. Voters were erroneously scrubbed from the electoral roll, were not adequately notified in advance, tried to vote anyway and were turned away - simple as that.It's surprising how many people don't know this when it's actually very well documented; in fact, the story broke long before the election actually took place. My suggestion to the doubters is to watch Unprecedented: The 2000 Presidential Election , a very thorough documentary on the topic.
Attack its weak point for massive damage!
In partnership with to Hank Asher, Floridian Iran/Contra coke pilot, ChoicePoint was founded by Derek Smith, whose DNA analysis company scored a multimillion dollar contract to identify victims from Ground Zero samples.
--
make install -not war
From the article text:
He worries that thieves will eventually do to him what sheriffs detectives in Los Angeles say they've done to more than 700 other people -- reroute his mail, ring up credit card debts, buy a car or even commit a felony in his name.
As if the thieves themselves weren't bad enough? Now I can't trust my sheriff's department! Why, just the other day, I gave some officer all my financial data over his website. Why would they do a thing like this? </sarcasm>
Solomon Chang
"Twice half-assed makes an ass whole." --Solomon K. Chang
Now that Congress is looking into it, I can sleep better at night!
Amazon.com
Barnes & Noble
When this story broke a week or two ago, somebody here posed the question of how you know if you are one of the people whose information was stolen. I replied along the lines of, "You'll know because you'll get a letter from attorneys notifying you that you are part of a class action lawsuit against ChoicePoint." Looks like that might actually be the right answer! What do I win?
I had to laugh when my local TV station reported that ChoicePoint got "hacked" and then promised that they would provide some tips to protect yourself from identity theft.
I thought "But CHOICEPOINT gave the info away goddammit, there isn't anything those people CAN do to protect themselves from a bone-headed company like ChoicePoint giving their info to a bunch of criminals."
Stupid local news just reported whatever their corporate overlords told them to...
I've been writing nastygrams to NPR all week, viz: ChoicePoint were not "hacked", and the data were not "stolen". ChoicePoint sold the data through their regular sales channels. And presumably the fraud ring made payments, 'coz they kept this up for a year.
And yes, ChoicePoint are likely only the tip of the iceberg, though they're one of the larger, and newer firms. Larger means more data and more attractive target. Newer means they've had less time to get experienced (trans: to f*ck up before and get burned), so their internal controls are poor. Economies of scale in data accumulation and sales means that ChoicePoint are among the bigger targets. Doing research a few weeks ago (before the story broke) I found a lot of trails leading back to them.
That said: there are many sources of such information, and we can expect to see more similar stories emerge.
I've had a decade-plus career in the information business -- healthcare, consumer credit. And several gigs have use CP or its predecessors for data sources. Trust, it's scary shit.
What part of "gestalt" don't you understand?
Change "request" to DEMAND , send it certified snail mail, and send a copy to your lawyer (and inform Choicepoint in the letter that you're doing so.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
I also wonder - the root cause of identity theft is the absolute unwillingness of anyone in Congress to step up to the plate and enact legislation that will penalize the misuse of personal information (warehousing it qualifies). As a result, identity theft is almost a no-brainer.
What's their solution? Biometrics and national ID cards? Yeah, right. It's just one MORE avenue that thieves will have to rape innocent people. More information about more people, the security of which is only as strong as its weakest link. If anything, Congress ought to drop the investigation of Choicepoint (which I believe only a PR move anyway), and investigate itself to figure out the reason behind the endless governmental ineptitude when it comes to keeping small problems from snow-balling into major catastrophes.
I guess enough of the green stuff can make even the most horrid of stenches smell like a bed of roses.
"To my mind, the whole concept of the credit bureau is on ethically shaky ground anyway ... do business have the right to defend themselves against the normal costs of doing business, by placing their own customers at risk?"
Depends on how you define "normal". It's not like the risks in running a business have remained steady. More and more people are engaging in unethical (even if not illegal), and illegal acts against businesses*. Ultimately we all pay, one way or another.
*Technology emboldens them every bit it does businesses.
Howard Dean had the momentum and the support structure to be the next president of the US(I have some personal misgivings of the man, but I feel this to be true), until that first primary, and the sceram played on cable news channels so very many times. That sunk him in the public opinion, and that was that.
The point is, people are fickle. You don't think that congress would turn on ChoicePoint if they thought they'd start taking heat from their constituents? I think these [democratic] senators would like nothing more than to be seen as the guys (and girl) that took a big business by the horns and fought in the name of consumer privacy.
Synergy is your friend
Chip H.
"Since the sales began in November, ChoicePoint CEO Derek Smith and President Douglas Curling have sold 472,000 ChoicePoint shares worth nearly $21 million, according to the executives' Securities and Exchange Commission filings."
"In an interview with Journal-Constitution reporters Thursday, Smith said he first found out about the identity theft problem in late December or January, which would be about two months after the company notified California law enforcement officials.
Smith said his stock sales aren't inappropriate."
"Rule 10b5-1 plans are relatively new. 'The main limitation on the ability to use a Rule 10b5-1 plan is that it must be adopted while the executive does not possess material nonpublic information,' [Jacob S.]Frenkel [Chairman of chairman of the securities enforcement and white-collar practice at the Shulman, Rogers, Gandal, Pordy & Ecker law firm in Rockville, Md.] said. 'If he does, the plan is not valid.'"
"Smith said he did not learn of the breach of confidentiality of consumer information until just before mentioning it in a January meeting of the audit committee of ChoicePoint's board."
"'The mere fact that they make that statement begs this question: If a CEO did not know some significant information about the company, why did he not know?' Frenkel said."
Anyone else smell a rat?
In another story, Georgia's insurance commissioner says ChoicePoint has 90 days to "show us that they have their act together" or be barred from doing business with insurance companies in the state..
"ChoicePoint CEO Derek Smith said his company was a victim of criminals and that critics are being unfair. "
"It hurts," he said. "It's difficult because no one is giving us credit. It's been awful for my family. It's been awful for our employees."
Wah, wah, wa-a-a-ah!
Try the UK version of information laws:
You may automatically have access to any information that a company holds on you for any reason, for a reasonable administration fee (generally ~£30).
A company is not allowed to hold information on you without your consent.
If a company does hold information on you, it is not allowed to pass this information on to another party without your consent.
When a company seeks your consent, you must be informed of the purpose of the information storage. Use of information for marketing purposes requires separate consent to information storage for other purposes.
Mostly, it seems to work.
Caveat: IANAL, this is just the interpretation of an informed observer for the purposes of discussion and I am only trying to express the general terms of the law, not the specifics.
> annual credit report... http://www.creditreporting.com/
FYI the "free report" offered at the top of that page snares you into a continuing service you must then cancel. For the "FREE as in required by law" annual credit report go here:
Apparently, some of the choice point executives knew there was going to be quite a bit of fallout over this. This morning's Atlanta Journal/Constitution (reg. required - Google cache anyone?) is reporting that:
I'm not tense. I'm just terribly, terribly, alert.
By ROBERT LUKE, MATT KEMPNER
The Atlanta Journal-Constitution
Published on: 02/25/05
Thirteen days after the arrest of a suspect in the ChoicePoint identity theft case -- and more than three months before the problem surfaced publicly -- the company's top two executives began selling their stock.
Since the sales began in November, ChoicePoint CEO Derek Smith and President Douglas Curling have sold 472,000 ChoicePoint shares worth nearly $21 million, according to the executives' Securities and Exchange Commission filings.
Smith said Thursday that he did not know about the security breach at the Alpharetta-based company until well after he began selling the stock. Curling was not available for comment Thursday.
The stock sales -- for what the executives described as estate planning and asset diversification -- continued this week, even as ChoicePoint's shares began to tumble nearly 10 percent. The identity theft was disclosed publicly only last week.
ChoicePoint chief marketing officer James Lee said outside advisers suggested continuing with the trading program. "Their advice is that the program is fine, even in light of the recent events," he said.
"If you are trying to make the case that this is somehow insider trading, you are going down the wrong road," Lee said.
The selling of stock by Smith, the CEO, and Curling, the company's president, normally wouldn't raise eyebrows, since the sales were part of a prearranged stock trading plan allowed under SEC rules.
Lee said ChoicePoint's board approved the stock trading plan on Oct. 26, the day before police in Los Angeles -- after being tipped off by ChoicePoint -- made their only arrest in a case that has become the biggest security breach in the company's history. ChoicePoint is notifying about 145,000 people that their personal information -- possibly including their Social Security numbers and credit reports -- may have been sold to identity thieves.
Smith and Curling have been selling shares of their company's stock weekly since Nov. 9, when their Rule 10b5-1 trading plans took effect. The plans expire in April.
SEC inquiry likely
In an interview with Journal-Constitution reporters Thursday, Smith said he first found out about the identity theft problem in late December or January, which would be about two months after the company notified California law enforcement officials.
Smith said his stock sales aren't inappropriate.
"I didn't do anything that I had any belief that was inappropriate or whatever," he said. "To the extent that it gives any impression of anything that I knew or the company knew that would have weighted on the value of the stock, then that would be unfortunate. Because it certainly isn't true."
A lawyer familiar with the enforcement of federal securities laws thinks an inquiry by the Securities and Exchange Commission is inevitable.
"Even with this public statement that he did not know until January about the problems in California does not mean that the SEC will not ask questions anyway," said Jacob S. Frenkel, chairman of the securities enforcement and white-collar practice at the Shulman, Rogers, Gandal, Pordy & Ecker law firm in Rockville, Md.
"The SEC will not only ask him, but they also will ask everybody who knew about the information, including what they told others and when they told them," said Frenkel, a former SEC enforcement lawyer and federal prosecutor. "They are going to look at anybody who may have traded the stock."
Smith said he has not been contacted by the SEC about the stock sales.
Smith and Curling have sold about 64 percent of the total 737,380 shares they have until April to sell under the plan, after exercising employee stock options permitting them to acquire the shares at various prices. The prices they paid for the stock were significantly below the market price at the time of sale, allowing the executives to make significan
I'm not tense. I'm just terribly, terribly, alert.
Choicepoint didn't get hacked, except in the social engineering sense. They just didn't follow their own procedures for vetting out their customers and allowed some Bad People (tm) access. Then they didn't detect the unusual activity of a pack of crooks bulk downloading customer data. Shoddy all the way around.
Some articles were saying 500,000. ChoicePoint says only 145,000, but who do you think is more believable. I guess we have about a 1 in 300 chance of getting a ChoicePoint letter next week.
Homeland Security and other state and federal enforcement agencies are ChoicePoint's biggest customers. That is mainly because governement efforts to build security databases have been dismal failures (TIPS, FBI, airlines).
So do you think the government is going to seriously repimand an essential company?
You've had your idenity stolen the gov has decided to waste some of your tax dollars on giving old people a crash course in technology...
Get your torrents...
I got an email from my mother this morning. She tells me since yesterday morning, people from mortgage companies have been calling her at work, supposedly in response to her request for a quote. She asks them where they got her name, and they tell her "you signed up on a website" (her words, not mine).
She's all convinced that ChoicePoint sold her out, but she lives in Michigan, where there are no disclosure laws to protect citizens. Anybody know how she can find out if her data were sold to these fraudsters?
Humpty Dumpty was pushed.
"Individuals should have the right to challenge an inaccuracy, and to provide documentation disproving it."
I've been caught up in this. My credit report(s) are all riddled with errors. No fraud (fortunately), but definite errors, like addresses that I've never lived at being listed as residences, constant misspellings of my name, etc. I never used a purposely misspelled name as a DBA or anything, so why should it be allowed on my credit report? It's incorrect information, and Experian refuses to remove it or even tell me where the hell they got it from in the first place.
This entire system is crap.
I live i Norway and receive from time to time a copy of the information that credit bureaus have given out about me.
In fact, they are obligued to. Every single time they send out anything about me, even if it says "no remarks", they have to send me a letter, stating what they said, and who they said it to.
I think this is the minimum you should require from your lawmakers.
Another point I have not seen made here is that any compay that deals in such information needs a license from the authorities. Other companies cannot just buy data in bulk. They have to provide the identifying data on the subjects on which they want credit information.
Eg., when I sign a mobile phone contract, I provide my data to the mobile operator, the operator uses it to request credit information. If they do not have my id from the outset, they cannot get it from the credit bureaus.
Mods: How is this flamebait. Choicepoint is a private company who collects your information without your consent.
The government and private companies collect and sell this information to Choicepoint. Some of it is public, but I consider much of the information to be private.
94% of Repubs and 21% of Dems voted to renew the Patriot Act
I would expect that his group of people would know by now not to take everything they read in the news at face value. Since that does not seem to be the case, I would just like to correct several errors of fact in this blurb about the ChoicePoint incident. First of all, ChoicePoint did not get hacked. There was no breach of our network and no internal or customer information was compromised. Second, ChoicePoint is not a private firm; we are a public company and trade on NYSE as CPS. Third, I think it erroneous to call this a 'scandal' as ChoicePoint did nothing illegal. We ourselves were a victim of fraud, and we are working very closely with law enforcement to continue to track down and prosecute the perpetrators of this crime. Finally, we ourselves are, and have been for years, encouraging a national discussion on this industry and strongly support independent regulation.
h tml
As others have mentioned, we have notified about 145,000 people nationwide that their information might have been compromised and we have, at our own expense, purchased tri-bureau credit reports and a one year credit monitoring service for each of them. We also, as our CEO has said in interview, are not ruling anything out in terms of what we may do to further assist those who do fall victims of identity theft. Please, if you have more questions on what is going on and what ChoicePoint is doing about it please visit http://www.choicepoint.com/news/statement_0205_1.
A couple other bits of note:
There are laws in place, namely the FCRA (Federal Fair Credit Reporting Act), that do already regulate what constitutes permissible purposes for information to be disclosed. We operate very strictly by these regulations already in place. In addition, the FACT Act, which went into effect in 2004, mandates that consumers may obtain free copies of their reports and may, as they always have been able to, contest items they believe to be inaccurate. You can visit www.choicetrust.com to review your personal records kept by ChoicePoint.
And for those of you who are interested in some of the work ChoicePoint does to fulfill our vision of creating a safer and more secure society through the responsible use of information:
-We, as previously noted, operate the CLUE (Comprehensive Loss Underwriting Exchange) database to which insurance underwriters contribute claims data so that they can more accurately assess risk to keep premiums low.
-We operate Volunteer Select, a service for non profit organizations. Background checks may be purchased at cost (ChoicePoint makes no profit) on volunteers to ensure that a convicted child molester two weeks out of jail will not be able to volunteer to work with young children (a real example).
-We operate ChoicePoint Cares which funds DNA testing to solve cold cases and process rape kits that local municipalities cannot afford to process on their own. Our funding has lead to several convictions and has helped to free those wrongly imprisoned.
-We operate ADAM an alert program that had lead to the safe return of more than 800 missing and kidnapped children.
There's a very simple solution to all of this. No company should be allowed to transfer personal information on citizens to another company unless 50% of the price of that transaction is passed on to the citizen. Provides an incentive for citizens to keep their information up to date, and a disincentive to companies sharing information at the same time.
Unprecedented.
Attack its weak point for massive damage!
Unprecedented.
Attack its weak point for massive damage!