×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

ChoicePoint Data Stolen By Imposters

timothy posted more than 9 years ago | from the smarter-decisions-safer-world dept.

Privacy 381

swight1701 writes "Criminals posing as legitimate businesses have accessed critical personal data stored by ChoicePoint Inc., a firm that maintains databases of background information on virtually every U.S. citizen. The incident involves a wide swath of consumer data, including names, addresses, Social Security numbers, credit reports and other information. ChoicePoint notified between 30,000 and 35,000 consumers in California that their personal data may have been accessed by "unauthorized third parties." No obvious notice appears to be on their website."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

381 comments

Ineptness to the point of being evil (5, Insightful)

Eric Smith (4379) | more than 9 years ago | (#11674251)

The MSNBC article quotes the consumer notification:
You should continue to check your credit reports frequently for the next year.
If I get the notification, I'm going to request that ChoicePoint pay the costs for me to subscribe to unlimited credit report access from all three credit bureaus. IIRC, that costs about $100/year for each bureau. Since it's ChoicePoint's screwup, I shouldn't have to pay the costs necessary for early detection of fraud in my credit report.

The article further quotes ChoicePoint spokesman Chuck Jones:

But ChoicePoint has no way of knowing whether anyone's personal information actually has been accessed
Why the hell are they allowed to keep a dossier on me if they don't have any mechanism in place to allow them to track how it is used and by whom? This is insane!

The correct solution to this problem, IMNSHO, is for the courts to determine that personal, financial, and credit records relating to an individual are the COPYRIGHTED PROPERTY OF THAT INDIVIDUAL, and may not be provided to any other party without the owner's explicit consent. Not a blanket consent to provide the data to anyone inquiring, but specific consent to provide it to XYZ Corporation.

Re:Ineptness to the point of being evil (3, Insightful)

bryce1012 (822567) | more than 9 years ago | (#11674281)

The problem with that approach, of course, is that it requires the granting of "copyright" and the associated powers to individuals, and not the ??AA. Or other money-grubbing corporations. Who's gonna support that?

Re:Ineptness to the point of being evil (4, Insightful)

shanen (462549) | more than 9 years ago | (#11674305)

Very insightful, and I agree that we need a legal principle that personal information belongs to the individual--but I think we should go farther. I think we should require that the personally-identifiable personal information only be stored on the computer of the person who owns it--and that the authorities need to show probable cause and get a search warrant before they have any acces to it. However, a lot of it should be covered under the Fifth Amendment, too.

Probably won't happen, however. In fact, we are going in the other direction and the companies that hold your data legally "own" it in most cases.

By the way, don't you recognize this particular company? Same one that helped BushCo purge all those voters in 2000. I think they got out of the voter purging business before 2004, but I haven't really been tracking it.

Re:Ineptness to the point of being evil (3, Informative)

eh2o (471262) | more than 9 years ago | (#11674409)

oh, *that* choicepoint... well at least we know that the data stolen was 99% inaccurate. right?

Re:Ineptness to the point of being evil (5, Insightful)

Riddlefox (798679) | more than 9 years ago | (#11674558)

Very insightful, and I agree that we need a legal principle that personal information belongs to the individual--but I think we should go farther. I think we should require that the personally-identifiable personal information only be stored on the computer of the person who owns it--and that the authorities need to show probable cause and get a search warrant before they have any acces to it. However, a lot of it should be covered under the Fifth Amendment, too.

Just out of curiousity, how do you propose that I store personally identifiable information such as my name and address on a computer owned by me when I wish to make a purchase online? How can I have my paycheck electronically deposited into my banking account if my employer can't store my personal information? How is H&R Block going to prepare my taxes for me if they can't enter any of my information on a computer that I don't own? Am I going to have to tell Netflix my name and address and credit card info every single time I want another movie?

Re:Ineptness to the point of being evil (5, Interesting)

mingot (665080) | more than 9 years ago | (#11674591)

By the way, don't you recognize this particular company? Same one that helped BushCo purge all those voters in 2000. I think they got out of the voter purging business before 2004, but I haven't really been tracking it.

Off topic, really, but I have to vent. They screwed my wife out of a job this year. We were recently married and they failed her background check on her name on file with the credit bureaus not matching the name on her application. They also dragged ass fixing the problem and had a policy in place to NOT notify they potential employer that they had made a mistake.

Data ownership (4, Informative)

EmbeddedJanitor (597831) | more than 9 years ago | (#11674641)

The problem with this is that *you* don't own the data kept about you. You might have the right to view the data, but you don't own it. Since just about forever, various companies have been tracking various info about people (buying habits, credit history etc). They track these for their benefit (and their customers) - not yours.

When they lose the data, as far as they are concerned they have lost some of their business information (ie. someone accessed their data without paying).

That the data is about you, and could be damaging to you is incosequential to them. Anyone could have bought the data from them anyway.

Re:Ineptness to the point of being evil (5, Insightful)

LostCluster (625375) | more than 9 years ago | (#11674320)

The correct solution to this problem, IMNSHO, is for the courts to determine that personal, financial, and credit records relating to an individual are the COPYRIGHTED PROPERTY OF THAT INDIVIDUAL, and may not be provided to any other party without the owner's explicit consent. Not a blanket consent to provide the data to anyone inquiring, but specific consent to provide it to XYZ Corporation.

Courts aren't going to help you with that at all. The copyright on information belongs to the writer, not the subject of the piece. Just think what your copyright concept would do to the news media...

Re:Ineptness to the point of being evil (3, Informative)

Anonymous Coward | more than 9 years ago | (#11674341)

Welcome to the future. Better get used to it.
O'Harrow explores how the government is teaming up with private companies to collect massive amounts of data on citizens and how, he writes, "More than ever before, the details about our lives are no longer our own. They belong to the companies that collect them, and the government agencies that buy or demand them in the name of keeping us safe."

No Place to Hide: Behind the Scenes of Our Emerging Surveillance Society [democracynow.org]

Re:Ineptness to the point of being evil (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11674357)

No, legislation is the solution, not the courts. And if personal info were copyrighted we would have all sorts of BS like England does where celebrities can sue for being called whiny in print. What we need is a happy medium, the details of which should be worked out by somebody less tired than me.

Re:Ineptness to the point of being evil (1)

Eric Smith (4379) | more than 9 years ago | (#11674397)

You're right that legislation would probably be needed to grant ownership of the data to the subject.
And if personal info were copyrighted we would have all sorts of BS like England does where celebrities can sue for being called whiny in print.
I don't think so. "Whiny" is a subjective description, not factual information about a person, and even if there was an objective standard for it, as soon as the person said one whiny thing in a public place, it would no longer be private data.

OT (1)

Anonymous Coward | more than 9 years ago | (#11674428)

"Whiny" wasn't a specific example, just general hyperbole. I've seen several such cases won by plaintiffs in Britain and they've all been for things that seem to me unremarkable.

Re:OT (1)

Eric Smith (4379) | more than 9 years ago | (#11674467)

Yes, but my point isn't just about "whiny". If it's data that can be gathered about you in public, not due to any unintentional lapse of privacy, then it isn't private data, and wouldn't be subject to my proposed ownership arrangement.

For instance, a random entity shouldn't be able to find out what insurance carrier and plan I use. But if I post to Usenet that I subscribe to the Blue Cross HMO plan, then I would no longer be able to assert that as being private data that I exclusively own.

Re:Ineptness to the point of being evil (5, Insightful)

yog (19073) | more than 9 years ago | (#11674421)

This is really scary.

The thing that bothers me is that some data is unchangeable, e.g. US social security #, date of birth, and mother's maiden name. Once it's out there, you're screwed.

Once someone has this data they can really do a number on you because that's all most commercial sites seem to require in terms of validation. They can take out credit cards in your name, perhaps even access your bank account if they have access to your checking account number.

I think that eventually, and unfortunately, there's gonna have to be a law. No organization except the social security administration should be allowed to store our SS #, for example. Heck, at the rate things are going, they may have to start allowing people to change their SS # to start fresh.

A friend never allows her SS # to be used for anything. Not banks, not schools, not health insurance. They squawk and scream and threaten and she stands firm. No, she says, you can't have it. It's only for her retirement, not for generic identification purposes. So far she has successfully evaded spreading her most precious identifying information all over the internet in god knows how many incompetently coded and poorly safeguarded databases. Massachusetts also allows one to use a generated code instead of SS # on drivers licenses.

This thing is really out of hand. Of course, it's going to cost credit card companies millions of dollars when bogus bills start bouncing, and that's probably when the powers that be finally wake up and address the problem.

Re:Ineptness to the point of being evil (2, Insightful)

miu (626917) | more than 9 years ago | (#11674511)

This thing is really out of hand. Of course, it's going to cost credit card companies millions of dollars when bogus bills start bouncing, and that's probably when the powers that be finally wake up and address the problem.

Fraud is a cost of business to credit card companies, the only way that the credit card companies would actually pay the price here would be if people actually stopped using them. Short of that drastic and unlikely occurrence any level of theft and fraud will be absorbed and paid by the customer.

Re:Ineptness to the point of being evil (1)

damiangerous (218679) | more than 9 years ago | (#11674584)

A friend never allows her SS # to be used for anything. Not banks, not schools, not health insurance.

Banks require your social security number for tax reporting purposes. It's a Federal law (you get that 1099-INT each each with interest bearing accounts, for example), as the IRS has a vested interest in your finances. You cannot "opt out", any more than you could opt out of giving your employer your SS#.

Re:Ineptness to the point of being evil (0)

Anonymous Coward | more than 9 years ago | (#11674646)

You are not required to have an SSN. Yes you can opt out, it's just that they have made it incredibly difficult to do so.

Re:Ineptness to the point of being evil (0)

Anonymous Coward | more than 9 years ago | (#11674621)

No, the solution is a law that says your SSN can not be used for authentication. If SSN numbers were only used for identification this would not be a problem, but too many places use your SSN as a secret password when it is no more secret than your name.

Re:Ineptness to the point of being evil (5, Informative)

eh2o (471262) | more than 9 years ago | (#11674459)

according to a new federal law, The Fair and Accurate Credit Transactions Act (passed in Dec 2003) you are entitled to a free comprehensive credit report yearly. The big three have an official website at www.annualcreditreport.com (no link b/c they reject unofficial referals) where you can claim your report. (though its not available yet for the mid and eastern states, it will be by the end of 2005).

Re:Ineptness to the point of being evil (1)

Eric Smith (4379) | more than 9 years ago | (#11674480)

Yes, and that is a good thing. But one free credit report from each agency is an inadequate remedy for a lapse like this, which is why I would demand that ChoicePoint buy me a subscription.

As of Saturday afternoon, I had not received any notification from ChoicePoint. I'll watch my mailbox.

Re:Ineptness to the point of being evil (0)

Anonymous Coward | more than 9 years ago | (#11674534)

Although "not allowed" you can quite easily get around it. Just use an address west of the Mississippi, and when they ask for any recent addresses, give 'em where you live now.

Works like a charm.

-- ac

Re:Either that...or... (1)

symbolic (11752) | more than 9 years ago | (#11674603)

...make companies that want to reap the rewards for harvesting and prostituting personal information, also bear the consequences.

One thing I'd have to wonder...what would a company like ChoicePoint be doing with someone's personal data(like Social Security Number), unless they had been explicitly authorized to have it? As far as I'm concerned, ChoicePoint might very well be the unauthorized third party.

Re:Ineptness to the point of being evil (2, Insightful)

Kenrod (188428) | more than 9 years ago | (#11674662)

The solution is for the government to create a Commision with real power (like the SEC) to police these guys and fine/imprison those found negligent. The information industry has become too critical to be allowed to betray the public trust without serious repercussions. These bastards have had a free ride up to now (ChoicePoint's web page says "ChoicePoint® Reports Record Revenue, EPS").

We need a full investigation. ChoicePoint's liability could be enormous. It is clear a cover-up may be going on.

It's time to Arthur Andersen [findlaw.com] these bastards out of business.

Imposters? (-1)

Anonymous Coward | more than 9 years ago | (#11674279)

EROR: speil cheker not vvorking

I enjoy... (4, Funny)

softspokenrevolution (644206) | more than 9 years ago | (#11674282)

I really enjoy how the graphic on the front page of their site reads: "Smarter decisions. Safer world."

It's pretty silly.

Re:I enjoy... (2, Funny)

Koiu Lpoi (632570) | more than 9 years ago | (#11674392)

Heh, yes. It also says they were 'featured' in the Washington Post not long ago. Seems they're going to get 'featured' again!

if i *accidentally* ... (5, Insightful)

GNUALMAFUERTE (697061) | more than 9 years ago | (#11674287)

Run over someone with my car, i am responsable, and it's a crime. Even if i didn't mean to.

Companys should be held responsable for the data they hold.

Re:if i *accidentally* ... (0)

Anonymous Coward | more than 9 years ago | (#11674374)

RE:Companys should be held responsable for the data they hold.

ya damn right they should!

Re:if i *accidentally* ... (2, Insightful)

Koiu Lpoi (632570) | more than 9 years ago | (#11674380)

Correct. However, there's no justice in this world. You're an individual - you hold FAR less power and influence than even a small corporation.

Re:if i *accidentally* ... (1)

Jeff DeMaagd (2015) | more than 9 years ago | (#11674462)

I don't think the two necessarily connect.

Companies definitely should be held responsible for the data they hold, and the costs incurred by their mistakes.

But a driver that broke no law other than being at the wrong place at the wrong time shouldn't, and isn't necessarily held responsible. In the US, it really depends on the state.

Re:if i *accidentally* ... (5, Insightful)

ScrewMaster (602015) | more than 9 years ago | (#11674508)

More importantly, they should be held responsible for what happens to people when that stored information is stolen or otherwise misused. And if the punishing of that company for its negligence forces it out of business ... tough. It simply isn't enough to say, "Sorry, and oh, by the way, we've implemented some new security policies so this shouldn't happen again. We hope. Once again, sorry for the inconvenience." Really, it's more akin to collecting all kinds of flammable and explosive materials and storing them in a rickety old warehouse in the middle of a populated area. You shouldn't be able to get off with an apology and a promise to do better when that warehouse explodes, flattens the nearby buildings and kills a bunch of people.

Does that sound like an extreme example? Perhaps it is. But lives can be shattered in other ways besides being blown to bits. And I'm sure there will be a few deaths involved, as people with medical conditions suddenly find themselves without means, because some identity thief just bought himself a brand new house at their expense. No, the Information Age is proving to carry some serious risks, and those risks are largely due to cavalier treatment of personal data.

I'm not sure what it will take before some standards are put in place, with appropriate penalties for failure to maintain them. Probably won't happen now, with "tort reform" on the way and limits being placed on class-action lawsuits. Certainly not in the corporate-friendly period we find ourselves in. Hell, the government can't even enforce quality-of-service standards on the damn phone companies anymore. But at some point, enough people (enough voters) are going to get hurt by this problem that something will have to be done. The only question is whether the cure will be worse than the disease.

Legal question (5, Interesting)

mctk (840035) | more than 9 years ago | (#11674289)

Supposing my identity stolen and used for fraudelent activity. If we could trace the identity theft back to ChoicePoint, could they be held liable (in any sense of the word)?

Re:Legal question (5, Informative)

MillionthMonkey (240664) | more than 9 years ago | (#11674536)

Supposing my identity stolen and used for fraudelent activity. If we could trace the identity theft back to ChoicePoint, could they be held liable (in any sense of the word)?

Ordinarily in a case like this a class action would be brought against the company. The "Class Action Fairness Act" will shift class actions from state to federal court. Ostensibly this was done to prevent venue shopping- where you look for the state with the most favorable laws for your class action suit- but it also has the nice property that federal courts rarely agree to hear class action lawsuits, citing differences in state law. The Act effectively puts an end to all class action suits without explicitly banning them.

If you're a victim of identity theft because your Social Security number was compromised by ChoicePoint, you'll have to hire a lawyer yourself, prove that the identity theft was a result of ChoicePoint's negligence, and your case will be heard separately from those filed by any other plantiffs.

Hmm very serious...... (-1)

Anonymous Coward | more than 9 years ago | (#11674290)

PWNED

So who ELSE is affected!? (3, Interesting)

Buran (150348) | more than 9 years ago | (#11674291)

The story says that these things "are seldom limited to a single geographic area" ...

SO WHO THE FUCK ELSE HAD THEIR INFO STOLEN!? WHAT STATES!?

We want to know! NOW! Why are they refusing to disclose vital information? I'd be VERY angry to find out that someone committed identity theft, these people knew of the stolen info, and they didn't tell me.

Re:So who ELSE is affected!? (5, Insightful)

LostCluster (625375) | more than 9 years ago | (#11674338)

They're only telling the California residents because only California has a state law that requires notification... sound like a law that needs to be passed in 49 other states.

Re:So who ELSE is affected!? (2, Informative)

petsounds (593538) | more than 9 years ago | (#11674436)

It's a good start, but I don't think it goes far enough. There's no requirement to publically acknowledge break-ins, only that individuals be notified. For instance, T-Mobile has yet to publically fess up for their year-long security breach [theregister.co.uk] and show no signs of ever doing so.

Re:So who ELSE is affected!? (0)

Anonymous Coward | more than 9 years ago | (#11674460)

^mod parent up

Re:So who ELSE is affected!? (1)

Buran (150348) | more than 9 years ago | (#11674504)

That is not an excuse. The fact that you happen to live in another state doesn't mean they have less of an obligation to you.

So I say again, where is the disclosure?

Re:So who ELSE is affected!? (2, Informative)

|<amikaze (155975) | more than 9 years ago | (#11674588)


Well, from a legal standpoint, it certainly does. If there is no law in your state requiring them to do so, then legally they don't have that obligation to you. Morally, I believe they are obligated to, but morality isn't the same as legality now is it?

Re:So who ELSE is affected!? (2, Interesting)

greenplato (23083) | more than 9 years ago | (#11674679)

This is a great time to hunker down and read Harry Frankfurt's essay "On Bullshit." [jelks.nu]

This fellow James Lee is the Jackson Pollock of bullshit artists. I can see how this statement cound get the parent's goat: "Lee said law enforcement officials have so far advised the firm that only Californians need to be notified."

Of course, because California is the only state that requires notification. Duh.

You read his statements and they stick out like a sore thumb, in opposition to the universe as you know it. You wonder if he is either incompetent or lying. But it's really neither, he bullshitting you. This is what Frankfurt says:

It is impossible for someone to lie unless he thinks he knows the truth. Producing bullshit requires no such conviction. A person who lies is thereby responding to the truth, and he is to that extent respectful of it. When an honest man speaks, he says only what he believes to be true; and for the liar, it is correspondingly indispensable that he considers his statements to be false. For the bullshitter, however, all these bets are off: he is neither on the side of the true nor on the side of the false. His eye is not on the facts at all, as the eyes of the honest man and of the liar are, except insofar as they may be pertinent to his interest in getting away with what he says. He does not care whether the things he says describe reality correctly. He just picks them out, or makes them up, to suit his purpose.

Thats only what they are required to report (0)

Anonymous Coward | more than 9 years ago | (#11674292)

The 35,000 people are all in California. There are probably hell of alot more peoples data stolen. Since the only state that requires stolen data to be reported is Cali. Whats 35,000 * 50 states.

Thats what I call one big screwup

Re:Thats only what they are required to report (5, Funny)

Koiu Lpoi (632570) | more than 9 years ago | (#11674367)

I highly doubt they would refuse to report that data had been stolen from other states, just because they don't have do.

Re:Thats only what they are required to report (4, Insightful)

Eric Smith (4379) | more than 9 years ago | (#11674387)

Then let them publicly deny that any data has been stolen relating to residents of other states.

I very much doubt that they're willing to do this. They're only providing any notification becuase they're required by law to do so; left to their own devices they would ignore it entirely.

Re:Thats only what they are required to report (4, Interesting)

FuzzyDaddy (584528) | more than 9 years ago | (#11674405)

1. Lee [Choicepoint spokesperson] said law enforcement officials have so far advised the firm that only Californians need to be notified.

2. The incident happened months ago, and ChoicePoint just got permission from law enforcement to disclose the incident.

I would say it's pretty likely they wouldn't report data thefts about people in other states...

Re:Thats only what they are required to report (1)

Koiu Lpoi (632570) | more than 9 years ago | (#11674439)

Good point, I forgot for a moment we were talking about a corporation.

Welcome to the downside... (4, Insightful)

ducomputergeek (595742) | more than 9 years ago | (#11674299)

of our information driven world. Something like this was bound to happen eventually and highlights something that really needs to be brought back into the focus of public discource: just how much information should be readily available. Your credit score now is one of your most valuable assets and something you rarely heard about five or ten years ago. Now its mentioned every 30 seconds. Because of the ease of gaining this information, employers, and just about anyone can get your credit score even if legally the shouldn't be.

Next big issue is going to be medical records online. While having such information in once location could be of great benefit to doctors and hospitals around the world, there are also dangers as well, like your HMO, employers, or if your a public figure, the media getting their hands on otherwise private medical records.

Re:Welcome to the downside... (1)

demachina (71715) | more than 9 years ago | (#11674435)

The desperate need is for social security numbers to be replaced with an encrypted digital signatures, and when you use it for something there is an authentication test required to prove you know the password to it.

The idea that your life can be destroyed if someone just acquires your name and social security number is insane. Social Security numbers are security through obscurity and they completely stopped working when the Internet came in to being.

And no I don't want the government to institute an all knowing, all seeing national identity system, which appears to be what they are shoving down the throats of states through drivers licenses, which will apparently become a unified national ID unless a state decides to forgo Federal funding for things like highway construction.

I just want them to mandate that secure digital signatures superceede social security numbers.

Re:Welcome to the downside... (1)

RobertLTux (260313) | more than 9 years ago | (#11674634)

Due to the federal guidelines/regs (google for HIPAA) is is a felony to have your medical records on a unsecured computer. chances are any NET transmit of medical records will be via a ssl tunnel or otherwise secured for transit. Yes this bit does only apply to USA persons but i would think "YOUR" regs should be better

poor credit score keeps me safe. (5, Funny)

isbhod (556556) | more than 9 years ago | (#11674307)

My credit is so poor that stealing my identiy is only going to hurt them. I mean they think they are gettign a free ride, but when Rocko breaks down their door looking for past due payments boy will they be in for a suprise, hell this might be the best thing to ever happen to me!

Re:poor credit score keeps me safe. (2, Funny)

Landaras (159892) | more than 9 years ago | (#11674389)

Your post reminds me of what I tell my female friends.

I am at a negative risk of contracting STDs. As in, not only is my likelihood non-existent, but the more time you spend around me, the more your likelihood of contracting anything goes down.

Yes, I realize I am posting this with on Valentine's Day. I believe anyone who can't laugh at themselves needs to lighten up :).

Acceptable losses (3, Insightful)

erroneus (253617) | more than 9 years ago | (#11674318)

Incidents such as these are actually rather rare. People abusing information collected either through neglect or in other ways is not as common as proper use.

All those foolish people who protested the collection and sale of personal data of private citizens should be ashamed since the prosperity of this country depends greatly on the efficiency of business. And if you don't like it in this country any more go some place better! There isn't any place better you say? Then shoot yourself now because there's nothing you individuals can do to change things to your liking anyway.

(The preceding was stated as an opposite to my actual feelings on the matter to illustrate how ridiculous I feel the opposing view might be. There are no acceptable losses when it comes to privacy and the right of everyone to keep what they have earned. Loss of privacy opens the door for unscrupulous people to do bad things and reduces an individual's ability to protect one's self.)

'legitimate' (1)

convolvatron (176505) | more than 9 years ago | (#11674323)

exactly what criteria are used to distinguish between a 'legitimate business' and someone who is going to use the information to steal my identity. or someone who, inadvertently or not, will pass the data to someone who is. the whole model is flawed.

legitimate == paying (0)

Anonymous Coward | more than 9 years ago | (#11674344)

They probably just got stiffed on the access charges.

The real problem here isn't the break-in... (5, Insightful)

Anonymous Coward | more than 9 years ago | (#11674327)

They say "Criminals posing as legitimate businesses have accessed critical personal data stored by ChoicePoint Inc."

If the data was that critical and personal, why was it available to "legitamate businesses" in the frist place?
Are a set of articles of incorporation and a pile of money all I need to 'legitimately' access "databases of background information on virtually every U.S. citizen"?

Re:The real problem here isn't the break-in... (1)

Koiu Lpoi (632570) | more than 9 years ago | (#11674427)

To answer your question, yes. I'm suprised that you're suprised.

Re:The real problem here isn't the break-in... (5, Funny)

AndroidCat (229562) | more than 9 years ago | (#11674500)

They're only criminals because they didn't pay for their access, duh. ;)

From: http://choicepoint.com/about/overview.html (1)

wizzardme2000 (702910) | more than 9 years ago | (#11674329)

"For almost a century ChoicePoint has been a trusted source and leading provider of decision-making information that helps reduce fraud and mitigate risk."

Rrriiight....

Excellent! (4, Informative)

Anonymous Coward | more than 9 years ago | (#11674330)

Well, this is really excellent news. American Radio Works did a show partially covering ChoicePoint's data gathering activities recently:

No Place To Hide [publicradio.org]

It was truely disturbing. Now that we're permanently at war with the Forces Of Evil (terrorists, for now) people should get used to not having any privacy. Sigh.

Never heard of these guys (0)

Anonymous Coward | more than 9 years ago | (#11674332)

What is their relationship with the Arkansas outfit Axciom whose computers were hacked into awhile ago?

And what do either of them have to do with Intellectual Ventures, UCANN and the Carlyle Group... well OK, let's start with Axciom first.

Re:Never heard of these guys (1)

AndroidCat (229562) | more than 9 years ago | (#11674514)

Ah yes, that's who I was thinking of! ("Hey, isn't this story some kind of slow dupe?")

Do a little quick math (4, Interesting)

JoeShmoe (90109) | more than 9 years ago | (#11674336)

California, population approx 30 million, or 1/10 of the US population.

So, the number of stolen identies is probably closer to 300,000 to 350,000. Only California has a law that forces companies to disclose these kinds of risks to personal data, but I think it's a fairly safe assumption that the theives didn't target just California records (in fact, if they wanted to use them for identity theft, it would make more sense to excluse California records because those indidivuals would be on alert).

So, potentially one in every one hundred people in the US now has their electronic profile available for identify theft. That's a scary (although I'll admit unlikely) idea.

Closing question...what exactly is the f'ing differences between a "legitamate" company accessing this ChoicePoint database an an "illegimate" company? Wouldn't theft of database access be just as much a risk? If Sam's Wholesale Cookies can browse through the database, concievable so can any employee of Sam's Wholesale Cookies or anyone who breaks into a Same's Wholesale Cookies computer. Is there not a single person in all of government who sees the folly of having all the eggs in one basket? Not even a secure basket...the free sample basket by the front door of the mall.

- JoeShmoe
.

"Criminals posing as legitimate businesses" (5, Funny)

toby (759) | more than 9 years ago | (#11674345)

C'mon! Does every story on /. have to be about Micro$oft?

Re:"Criminals posing as legitimate businesses" (0)

Anonymous Coward | more than 9 years ago | (#11674390)

lol, i get it, too bad the moderators did'nt

Re:"Criminals posing as legitimate businesses" (0)

Anonymous Coward | more than 9 years ago | (#11674430)

> lol, i get it, too bad the moderators did'nt

everyone *got it*, it just wasn't funny.

No Changes Forthcoming (4, Insightful)

zentec (204030) | more than 9 years ago | (#11674351)

The government is one of ChoicePoint's largest customers, so you can be certain that there will be zero rules and regulations imposed on ChoicePoint or similar companies. Nor will you see any changes to the Fair Credit Reporting Act, which affords no penalty to companies that report wrong information on individuals other than once proven incorrect, it is removed.

If this incident doesn't create intense public outrage and a rash of calls to legislators demanding change, then I doubt there will ever be changes that protect individual identity and information.

Furthermore, I would propose that every individual that finds ChoicePoint's egregious lack of security reprehensible, to draft a letter demanding a full explanation and any details relating to whether or not their information has been stolen. I don't expect this company to come clean, but just imagine the hassle of having to reply to hundreds of thousands of letters.

Maybe having to deal with thousands of peeved off consumers will clean up their act.

Re:No Changes Forthcoming (2, Informative)

MerlynDavis (637066) | more than 9 years ago | (#11674548)

For the most part, Choicepoint deals in public records...items that are available to the general public (if you have the time, energy, and knowledge of where to look).

However, there is some data they possess which isn't public records (DMV records mostly) which require special privledges to access. I would hope that they actually review who has access to that information, and not give it out to persons without legitimate needs.

I think the main concern is that fact that this data is aggregated for use, without any sort of controls on who can see it, and for what reason.

good reason to... (0)

Anonymous Coward | more than 9 years ago | (#11674360)

stay off the grid as much as humanly possible...

No obvious notice appears to be on their website. (1)

BossMC (696762) | more than 9 years ago | (#11674382)

"No obvious notice appears to be on their website."

You think? The last thing they need is a ton of people making transactions of various sorts to plug the logfiles. Further, the less this gets out, the less chance of it being exploited by uninformed black hats!

More of ChoicePoint's greatest misses (3, Informative)

Platinum Dragon (34829) | more than 9 years ago | (#11674391)

People opposed to the Bush victory in 2000 claim that ChoicePoint [dkosopedia.com] may have aided in voter disenfranchisement.

*This is not an endorsement of the linked site or the opinions expressed there. I just recall these claims from a Slashdot submission I made a couple years ago related to this.

Re:More of ChoicePoint's greatest misses (0)

Anonymous Coward | more than 9 years ago | (#11674444)

oh come now. We all know that Kos is a flaming pinko commie ;)

Re:More of ChoicePoint's greatest misses (0)

Anonymous Coward | more than 9 years ago | (#11674633)

Why the smiley? Zuniga IS a flaming pinko commie.

Remember the Florida election of 2000 ? (4, Informative)

furballphat (514726) | more than 9 years ago | (#11674398)

Remember the Florida election of 2000 when a private database company scrubbed thousands of eligible voters from the rolls? Well now one of the co-founders of Database Technologies is back in the headlines -- he's working with law enforcement agents in Florida to create what may soon expand into a national surveillance system. We talk with privacy expert Wayne Madsen, investigative reporter Greg Palast and a top intelligence official from the state of Florida.

When is Joe Six pack going to wake up to the fact that in secret the government has conspired to create a dossier on every citzen in this country and this is who they hired to do it:

Hank Asher then creates the MATRIX as a state level network version of the TIA office. Essentially continuing the TIA office, but freeing it from congressional oversight and federal whistleblower protections. He admits smuggling millions of dollars worth of cocaine in 1981 and 1982. Coincidentally at the time when the Iran-Contra dealings were in full swing.
But this is only speculation. Could there be more of a link between illegal dealings between Hank Asher and the republican party? OF COURSE THERE IS!

In 1992, Asher founded Database Technologies, which later merged with ChoicePoint. In 1999, he founded Seisint Inc. by merging two companies. He is still on Seisint's board of directors, and continues to play an active role in the company.During the 2000 presidential election ChoicePoint, gave Florida officials a list with the names of 8,000 ex-felons to "scrub" from their list of voters. But it turns out none on the list were guilty of felonies, only misdemeanors.

So there we have it. We went from having a domestic spying agency run by a five time felon to having the same domestic spying program sans congressional oversight and whistle blower protections run by a convicted drug smuggler who has proven that he'll break the law to further the republican agenda.

http://www.oldamericancentury.org/oh_republicans .h tm

A Florida law enforcement data-sharing network is about to go national. In the name of counterterrorism, the Departments of Justice and Homeland Security are pouring millions of dollars into the system to expand it to local law enforcement agencies across the nation. It's called Matrix, which stands for Multistate Anti-Terrorism Information Exchange. According to the Washington Post, the computer network accesses information that has always been available to investigators but brings it together and enables police to access it with extraordinary speed. Civil liberties and privacy groups say the Matrix system dramatically increases the ability of local police to snoop on individuals.

http://www.democracynow.org/article.pl?sid=03/08 /0 7/1427223

The Florida company that built the database was founded by the man behind ChoicePoint and Database Technologies. The companies administered the contract that stripped thousands of African Americans from the Florida voter roles before the 2000 election.

Although narrower in scope than John Poindexter's controversial Terrorist Global Information Awareness program, Matrix may serve a similar purpose because it provides unprecedented access to US residents regardless of their criminal background. And states are eager to participate in the new program. On Tuesday, the Department of Homeland Security announced plans to launch a pilot program in state law enforcement data-sharing among Virginia, Maryland, Pennsylvania and New York.

Copycriminals (1)

Doc Ruby (173196) | more than 9 years ago | (#11674417)

What's the difference between a "legitimate" business that uses my personal info without my permission, and a "criminal" one? Just the law, and perhaps the degree of abuse in which they engage. Today's legit biz is tomorrow's spammer - and sometimes the reverse.

All this info must be protected by copyright. I transfer a copy of my personal info to a receiver in a specific transaction, with the right to copy it only as required to complete that transaction, unless expressly allowed otherwise. When they "share" it with other parties, or retain it beyond that transaction, they're violating my copyright. As would any further distribution beyond their organization. They're all a bunch of criminals - we need catastrophes like these to be legally documented in violation of our rights, our copyrights, and remedied as appropriate to the damage.

Yeah, thank goodness only AUTHORIZED third parties (3, Insightful)

loggia (309962) | more than 9 years ago | (#11674450)

...can see your social security number, your credit report, your addresses...

...anytime they want...

...um...

...whew?

It was CHINESE triads, AP reports (0)

Anonymous Coward | more than 9 years ago | (#11674468)



It was CHINESE triads, AP reports.

Re:It was CHINESE triads, AP reports (0)

Anonymous Coward | more than 9 years ago | (#11674545)

No it was Saddam and his WMDs and extremists.

Contact them... (1)

chocochip (456883) | more than 9 years ago | (#11674488)

Let them know what you think. Ask if your information was compromised. Make them feel the pain!

Contact Link [choicepoint.com]

Re:Contact them... (1)

emptybody (12341) | more than 9 years ago | (#11674553)

I filled out the form.

Category - Affected Consumers.

I would like to know if my personal data was compromised during your recently discovered - or any other known - security breach.

Thank you.

were only californians notified... (0, Redundant)

museumpeace (735109) | more than 9 years ago | (#11674496)

because only california has a law requring such notice? What I mean is: Aren't there people outside of california whose personal information may have been taken?

Where's the Upside? (5, Interesting)

LighthouseJ (453757) | more than 9 years ago | (#11674529)

I RTFA and it says that ChoicePoint aggregates my information and sells it. I interpret "aggregates" as it crawls through and acquires my personal information without my knowledge. I never signed anything saying ChoicePoint can keep and handle my information how they see fit, nor did I receive anything that says some company has my information so I know. Am I alone in saying that no company should be able to profit off of my existance? If that's not bad enough that ChoicePoint has made a living selling my information of which I won't see a dime, now criminals have my personal information and now I have to stay on guard to see if the criminals do anything notably bad in my name.

This whole companies' existance and screwup just stamps out all notions of privacy I had, now not only theives profitted from me without even notifying/asking me, but now criminals can benefit from my existance too.

Re:Where's the Upside? (2, Informative)

_randy_64 (457225) | more than 9 years ago | (#11674674)

For some more info on ChoicePoint, check out this article [msn.com] from a couple months ago in the Washington Post. I was surprised it was seen here on Slashdot too. Gives a little more background on what they do and how they do it.

ping? (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11674537)

pong.

Before you OH NOE, there's a solution. (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11674538)

http://www.privacy.ca.gov/financial/cfreezeon.htm
It's heavy handed, sure. You're effecitvely DOS'ing yourself, and things may take longer to open windows, etc.. But better safe than sorry.

Lets all laugh at security (4, Interesting)

Toloran (858954) | more than 9 years ago | (#11674546)

I used to work at a mortgage insurance agency as a temp doing data entry. I would see 100 or so SSN a day. They don't track who enters what data so I could of easily wrote down a few SSNs along with the person name, phone number, address, etc without anyone knowing I had done it. Even if they make extra-super-duper-sure that they people accessing the information are legit, there is absolutely no assurance that the person handling your information is honest.

A better solution (4, Insightful)

nasor (690345) | more than 9 years ago | (#11674567)

Rather than taking extreme measures to ensure that social security numbers are kept private, people need to simply stop pretending that a social security number is some sort of magic password that can be used to prove that someone is who they claim to be. SSNs should be treated about the same as phone numbers; assume that everyone has one, but also assume that everyone knows it.

"Law Enforcement Clearance?" (2, Interesting)

bmasel (129946) | more than 9 years ago | (#11674575)

"The firm was only given clearance by law enforcement officials to disclose the incident two weeks ago, Lee said"

Now why exactly would they need permission to tell me (if I were a CA resident) that I should be worried about my data being misused? The certainly didn't need any cop's permission to amass it, not to hand it to a "legitimate" customer.

Choicepoint also helped Bush attack US democracy (0, Flamebait)

plinius (714075) | more than 9 years ago | (#11674580)

Greg Palast reported on it.

http://www.gregpalast.com/detail.cfm?artid=217&r ow =2
http://www.gregpalast.com/detail.cfm?artid=327 &row =2

Also see here:

www.electionfraud2004.org

You still think the "exploit" was an accident?

fuck 4 dick (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11674583)

are just way over 4s poosible? How

Snail mail campaign (1)

kybred (795293) | more than 9 years ago | (#11674600)

Any lawyers out there want to draft a template letter that folks could send to ChoicePoint. The letter would be a demand that they remove all your personal info they have, since they have not shown that they can keep it secure.

Anybody? Anybody? Anybody? Bueller?

kybred

CEO and CTO should be shot on CNN, live. (0)

Anonymous Coward | more than 9 years ago | (#11674619)

that is all.

So many are happy that our gvrmnt pushes.... (0)

Anonymous Coward | more than 9 years ago | (#11674665)

windows. [netcraft.com]
So many ciminals (read Al Qaeda), and so easy to get our information and our money.

So the funny thing here, is that if windows costs so little, what is the costs of break ins like this?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...