Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Congress to Investigate ChoicePoint

CowboyNeal posted more than 9 years ago | from the inquiries-and-enquiries dept.

United States 259

twzop writes "I just saw a story on the CBS evening news about the previously posted story about ChoicePoint, Inc. in Atlanta, GA getting hacked and US citizens' data being compromised. The story stated that Congress was going to get involved by investigating the scandal and that there was a large class action lawsuit against the private firm."

Sorry! There are no comments related to the filter you selected.

oh my (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11772801)

dan rather sucks!

Peter Jennings is worse. (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11772837)

Are you watching this shitfest on ABC right now?

damage size? (4, Interesting)

c0dedude (587568) | more than 9 years ago | (#11772806)

What was the size of the data leaked? I've seen figures vary, I'm wondering if anyone knows, including ChoicePoint.

Re:damage size? (4, Informative)

Anonymous Coward | more than 9 years ago | (#11772848)

It is unlikely anyone can know for sure how much leaked. I believe it happened that they traced some identify theft back to a fictitous company that paid for access to choice point. During this investigation they found other fictitous companies registered with choice point. Do they know all the queries made by the fictitous companies? possible... Have they found all the fictitous companies?

Re:damage size? (1)

Sick Boy (5293) | more than 9 years ago | (#11773273)

It was traced to SEVERAL phoney companies. The same group of people seems to have been behind them, though. Now every other background screening company is scrambling to make sure their clients are fully vetted. It's a mess.

Re:damage size? (0)

chimpo13 (471212) | more than 9 years ago | (#11772861)

I'm from the government and I'm here to help you.

Re:damage size? (1, Flamebait)

EnronHaliburton2004 (815366) | more than 9 years ago | (#11772950)

I'm from a private company, and I'm here to help myself without your consent.

Re:damage size? (5, Interesting)

Shakrai (717556) | more than 9 years ago | (#11773126)

I'm from a private company, and I'm here to help myself without your consent.

I work in the goddamn insurance industry (IT; not sales; I'm not completely evil) and even my co-workers think Choicepoint are a bunch of evil thieving bastards.

My own personal experience with them revolved around the three weeks it took to get them to remove accidents that my sister had on her own automobile policy (i.e: no relation to me!) off of my CLUE report. They claimed that they showed up on my CLUE report because her SSN is only two digits removed from mine.

In the process of trying to get this fixed so that I wouldn't be surcharged for my sisters accidents they stonewalled me and generally tried to walk all over me. Every time we would change something they would need to generate a new clue report. But they could only generate those reports overnight. Apparently the computer system that allows an insurance company to get a copy of your CLUE report in about 15 seconds only allows one copy of the consumer version of that report to be generated -- and it takes several hours for them to generate it.

Furthermore I take exception to the fact that they listed an accident that I had under my parents policy (borrowed car while mine was in the shop). Perhaps I sign away my own rights when I buy my own insurance policy but I don't recall signing anything with my parents insurance company when I borrowed the car that authorized them to release my personal information (SSN/lic #) to Choicepoint. Where the hell is the outrage? I'm sick and tired of companies stockpiling information on me without permission.

In a fair world they wouldn't be allowed to release that sort of information to some data clearinghouse. So what if the insurance industry can't verify your accident record? If you lie to them then it's insurance fraud (felony in most states) and your policy is null and void. Why can't they use that as an enforcement mechanism rather then enriching the likes of Choicepoint and the big-three credit reporters?

Bah! End rant...

Re:damage size? (0)

Anonymous Coward | more than 9 years ago | (#11773251)

I work in the goddamn insurance industry (IT; not sales; I'm not completely evil) and even my co-workers think Choicepoint are a bunch of evil thieving bastards.

Lots of people working for evil companies think what they're doing isn't evil. That plus living a good life, but letting their stock investments work for shitty companies.

Re:damage size? (2, Interesting)

killjoe (766577) | more than 9 years ago | (#11773431)

"In a fair world they wouldn't be allowed to release that sort of information to some data clearinghouse."

It's not a fair world. In this world choicepoint is one of most politically connected companies in the world and nothing will happen to them.

Re:damage size? (1)

Dachannien (617929) | more than 9 years ago | (#11773458)

Wouldn't the police report that resulted from your being in an accident be a matter of public record?

Re:damage size? (2, Insightful)

EmagGeek (574360) | more than 9 years ago | (#11772871)

They probably have no idea. Since they have no restrictions on who they'll sell your data to, there are probably still identity thieves on their customer rolls.

Congress interested in security ??? what a joke (0)

Anonymous Coward | more than 9 years ago | (#11772875)

Congress has failed us in the security department

- Open borders for illegal immigration - open door to terrorists
- Letting illegal aliens go free after being caught with advice that they should show up for their court hearing at a latter date
- Letting state, local governments sell personal information for decades
- Letting voting laws get so inadequate to allow anyone to walk up and vote on demand using a provisional ballot - resulting in fraud

145,000 (4, Informative)

js7a (579872) | more than 9 years ago | (#11773092)

Five posts and nobody's answered the question? It's not as if you aren't directly connected to a zillion ways to find it.

ChoicePoint data theft widens to 145,000 people [zdnet.com]

Nigga please (0)

Anonymous Coward | more than 9 years ago | (#11773373)

If they're admitting to 145K, that means it was probably 10 or 100x that amount.

Last night, the president of the place was on CNN in a white sweater being "ah shucks". And he looked like a con man who used a media consultant to tell him what to say.

I hope they go bankrupt, and everybody gets cancer over there.

Re:145,000 (4, Insightful)

sphealey (2855) | more than 9 years ago | (#11773484)

Well, that number has been "widening" every time ChoicePoint makes a "choice" to reveal more details. Currently the number is 145,000, which I believe is up from 120,000 and 20,000.

The public certainly doesn't know the number. My guess is ChoicePoint (a) knows it is higher (b) doesn't know the total.

sPh

Nothing to see indeed. (3, Insightful)

Anonymous Coward | more than 9 years ago | (#11772816)

It's just congress getting ready to solicity another round of bribes...err campaign contributions. How many Enron executives are in jail again? Yeah.

Before we get too excited about the possibility of justice, let's remember that it's only a crime if it wasn't a rich person that did it.

More like Democrats want to complain (1)

empraptor (748821) | more than 9 years ago | (#11773344)

Seeing as how ChoicePoint DBT helped deny voting rights to legitimate voters in order to get Bush elected in 2000, Democrats are probably looking for some way to bring this up at the investigation.

I think it'll be fun. I'll have popcorn in hand watching C-SPAN whenever this happens.

Re:More like Democrats want to complain (0)

Anonymous Coward | more than 9 years ago | (#11773490)

Hey, if the Democrats were a relevant political force in American, that might have some teeth.

Integrity is in such short supply now it's no longer a valuable commodity. It's like the last tree, a curiosity.

hackers rule 1 (1)

mothis2 (810193) | more than 9 years ago | (#11772823)

The first rule of hacking is dont hack governemnt comps!

No security (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11772826)

Third Post - i failed

lol (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11772829)

Sucks to be Choicepoint! But it doesn't suck as hard as poor Michael Sims being shitcanned for being a whiney expat traitor who would gladly rim Michael Moore after a greasy enchilada squirtshit and call it Baked Alaska.
Excelsior!

Hype (1)

lakerdonald (825553) | more than 9 years ago | (#11772854)

It seemed like the hacking hype had died down, but we'll now start hearing all about "hackers" and "identity theft" again as little packages on news shows! oh boy!

your mom... (-1, Troll)

the trolling stones (862573) | more than 9 years ago | (#11773012)

...poured hot grits on natalie portman.

And that is just the beginning of the nightmare (5, Informative)

schwit1 (797399) | more than 9 years ago | (#11772864)

The Washington Post has an article [washingtonpost.com] (reg required) today about Beth Plowman, a Damascus international public health adviser, was shocked when she discovered that a $27,240 arbitration judgment had been levied against her for credit card charges incurred by an identity thief who bought sporting goods all across Europe.

Re:And that is just the beginning of the nightmare (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11773027)

oh snap!

Re:And that is just the beginning of the nightmare (0)

Anonymous Coward | more than 9 years ago | (#11773118)

Beware the ugly head of corporatism/fascism: binding arbitration clauses [technocrat.net]

Re:And that is just the beginning of the nightmare (1, Funny)

Anonymous Coward | more than 9 years ago | (#11773280)

The Washington Post has an article(reg required)...

I'm going to register as "Beth Plowman"

Trust me, its not just ChoicePoint. (3, Informative)

Creepy Crawler (680178) | more than 9 years ago | (#11772865)

I do a lot of computer security work in my area, and trust me when I say that many, many places have either no or woefully inadequate security present.

One place I did a job for actually had a symbol AP in the ceiling of the factory, login: Symbol, pass: (blank) and unencrypted transfers. The domain admin acct (win2k) had no password, and guest was active. They also bungled up a RAS so that anybody that knew that number had "root".

Those were just external security issues.. It took 50 hours to barely fix their problems.

Still, problems are abound just like that: No or bad security. Many times, it has to do with plain laziness, not thinking anybody cares about us, just not knowing, or trying to do security and maintainence without understanding.

Another amazing this is how well modem-scanners work these days... Back in the day, all the security nuts cared about dial-back and other things... Now, everybody thinks of always-on internet so you need a firewall. Not so. Many machines have dialup gateways or interfaces in which most are just not configured. Even (to my knowledge, I use freeBSD and linux) Windows RAS server has dialback capability.

Now, why Congress wants to scrutnize them, well.. Wonder if they've secured THEIR wireless network since I was in DC...

Re:Trust me, its not just ChoicePoint. (5, Insightful)

Anonymous Coward | more than 9 years ago | (#11772924)

This is very interesting, but didn't ChoicePoint sell this personal information to the people that "stole" it? The issue is that people were buying credit reporting services from choicepoint, since choicepoint is in the business of selling this data to companies. The people who stole this data just posed as real companies, and choicepoint didn't do their homework and check on the black hats' bona fidus.

This is not a hacker issue; no one is claiming a computer was rooted or compromised or that some kid with a script was punching passwords into choicepoint's web site. Choicepoint was selling this data, and the they were human engineered into selling the data to people who had malign intent.

The issue is wether anyone should be selling this stuff AT ALL.

Re:Trust me, its not just ChoicePoint. (3, Insightful)

Creepy Crawler (680178) | more than 9 years ago | (#11772989)

---This is very interesting, but didn't ChoicePoint sell this personal information to the people that "stole" it?

I consider misleading to get information the same as hacking to get it. The only difference is that ChoicePoint was paid. Why should they care?

---The issue is that people were buying credit reporting services from choicepoint, since choicepoint is in the business of selling this data to companies. The people who stole this data just posed as real companies, and choicepoint didn't do their homework and check on the black hats' bona fidus.

Sometimes hacking has to do with throwing up a huge wall of "mistrust" and make the other party believe in something they shouldnt. Still, couldnt you claim that many "legit" companies use this data in what could be considered very improper?

Guess that brings up the question whether we should punish the company(s) or the people who do wrong...

---This is not a hacker issue; no one is claiming a computer was rooted or compromised or that some kid with a script was punching passwords into choicepoint's web site. Choicepoint was selling this data, and the they were human engineered into selling the data to people who had malign intent.

Still, this shows one of my points: Laziness. A "identity" company not checking the corporate identity. And then the people in the "evil" company do evil things.

Who's to be punished?

---The issue is wether anyone should be selling this stuff AT ALL.

Would you accept checks from somebody for medium-large amounts without checking up on who they are, and whether they've bounced checks before?

In reality, the law SHOULD be that you have full access to YOUR information, and can correct provable, factual parts that are incorrect. I really cant answer if they should be selling this data...

Re:Trust me, its not just ChoicePoint. (0)

Anonymous Coward | more than 9 years ago | (#11773257)

It's really a symptom of the same disease. Why bother securing your AP when it works the way it is now? Why bother checking up on company XYZ when they pay with good checks?

You gotta realize, people at these companies don't *feel* like they are dealing with people's lives. They just push a button and access is granted to consumer's data. Then they talk about the weather or the game and go home and forget about work. The only way to ensure security is to put processes in place, and to make people accountable.

Companies don't care about this stuff, because they have little to lose. There's no accountability, no punishment. Even when security holes are found, no attempt is made to embarrass the company, researches are encouraged to keep quiet.

What if the CEO were financially responsible for the losses of *every customer*? What if he could go to jail? I bet he would be checking and double-checking every contact. The whole firm would be paranoid and extra-careful. Which is EXACTLY how they should be, considering what they are dealing with.

People are lazy. People don't care. People do what's best for them only. Wanna change that? Put the punishments and rewards in place, and enforce them.

After this blows over, I bet choicepoint will end up with a small fine, if that. And I'm sure their security is a mess like the poster above mentions. I work in security too, and I shake my head in disbelief at least once a day.

For example, right down my street there's an open AP. And did they just leave it "linksys" like the 10 others around it? No, the bright guy who set it up named it.. THE NAME OF THE BANK. I laugh at loud at that shit. Thanks guys! Now hackers don't even have to *guess* which AP to sniff.

I'd love to go in and point out the problem and offer my services, but they'd probably think I hacked them or something and call the police (almost happened to me once).

It's all really really sad. The sad part is I have no idea which of these companies has my personal info on their computers or not. And if they say they don't, how can you believe them?

Re:Trust me, its not just ChoicePoint. (1)

Creepy Crawler (680178) | more than 9 years ago | (#11773411)

Well, Im unsure what exactly you do, but you could print some nice brochures and mail them to many businesses in the local area for a "Security Checkup". You could even successfully target businesses with outsourced IT to check up on them (like a security task force).

Offer, say, for 1000$ a full, comprehensive network, computer, data security, and personnel scan. Do the usual scare-campaign, but with a very professional slant, such as "how much would this assessment cost in compairson to legal fees?" and such.

Once youre done with the Company X's scan, then give them a comprehensive list of every 'nook and cranny' of whats wrong with their security. Itemize it, and put a price to fix there. You could come off very clean as to say "I put my prices as you wish to have somebody else fix it.

I do this when I need to.. It makes easy money for those who bite.. and it provides a very valuabe service.

How to Fix It? (1)

polv0 (596583) | more than 9 years ago | (#11773408)

The tricky thing is how to fix this. As a data mining consultant I organize the purchase of hundreds of thousands of dollars worth of sensitive data for our clients. And in all of these purchases, I have never seen a vendor proactively validate that my team, or my client's were bona fide.

One would hope that these vendors check that our companies are statutory entities and that our e-mail and mailing addresses are associated with these entities, but these can all be spoofed or are difficult to verify. We often sign legal agreements, but that doesn't matter much if I'm a thief.

Fundamentally, the onus of identification should fall on the government. A system of encrypted public keys used to electronically transfer data between verified entities could prevent this from being a problem.

Regardless, the type of data that Choicepoint sells (predominantly personal credit) is used throughout the banking and insurance industries. If companies are restricted from using the information, it will become meaningless, and markets will regress to less efficient states and we will all lose in the end.

Re:Trust me, its not just ChoicePoint. (2, Interesting)

Anonymous Coward | more than 9 years ago | (#11772984)

Tell me about it.. I worked a short-term contract thru a contract svcs co, where the agency was required to do an additional bkgnd on me, per the client, over and above the normal one they run on all their consultants, since this client was a VERY well-known large financial services company and had a policy of these additional bkgnd checks. One of the first things I discovered upon arrival to begin work, was all of their WinXP machines had no administrator password, and most of the user accts were admin-equiv, also with no passwords. Not to mention the fact that each machine ran an MSDE/MSSQL database that contained that user's client's info, which part of my job was to go around and back up these databases... According to the admin mgr, whom I reported to, these had not been backed up in quite a while. I contacted my agency manager, and told him about this, and he was unsurprised, since he'd dealt with this customer for quite a while. Needless to say, I'll never give this co. a penny of my investment funds...

Not the first time with Choicepoint (5, Interesting)

Wheresmywig (862568) | more than 9 years ago | (#11772868)

What I find odd about the reportage of this story is that noone seems to be pointing out that Choicepoint was also responsible for providing Florida with some of the data it used to strip people from the voter rolls back in 2000. That wasn't exactly good either.

that's why this investigation will go nowhere (3, Interesting)

JoeBuck (7947) | more than 9 years ago | (#11773066)

Choicepoint is the firm that Katherine Harris, who simultaneously served in the Bush campaign and as head vote-counter in Florida (no other democracy allows that, by the way), used to come up with a felon list. The list included thousands of blacks who weren't eligible to vote (at least 5,000). It was set up to disenfranchise everyone who had a similar name (even first initial and last name) as a felon. Considering that blacks voted 90-10 for Gore and that Bush only won the state (officially) by 537 votes, Bush owes his presidency to Choicepoint.

Because of this political debt, the Congress will block any serious investigation of Choicepoint.

Re:that's why this investigation will go nowhere (1, Offtopic)

superpulpsicle (533373) | more than 9 years ago | (#11773134)

Yeah but from the Bush standpoint...

1.) security starts with Iraq

2.) security can only be established with a Patriot Acts

3.) security begins with the FBI, CIA, NSA, Bush security advisors

Apparently it's ok to favor shipping every other IT job abroad, since IT security folks in corporate america are not part of the security equation.

It's about Time (4, Interesting)

tepp (131345) | more than 9 years ago | (#11772872)

Choicepoint - and their competitors such as TransUnion, have become unrelegated "authorities" on people's personal data for far too long. A leak like this was inevitable. Honestly, I think our data has leaked before, but because only California has a (recently made) law dictating that victims must be told of such losses, nobody was informed when it happened in the past.

I'm not normally a "Big brother is watching you" kind of girl, but the amount of power these companies have over our lives - the ability to deny us life, home, and auto insurance, to get a home or auto loan, to even get a job! - is insane. Especially when you try to correct inaccurate information and they refuse to accept it! For example, I don't rent, I own my own house. But for years I've tried to correct that - and my status, which is married, not single - and have had them tell me flat out that THEIR data is correct and I must be dreaming about my husband & house...

It's about Time-Security puncture. (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11772934)

Two things here. One there's lot's of data that's not really needed.

Two ChoicePoint needs to backup it's customers when it comes to consequences of it's failure. In other words it accepts financial and legal liabiliy (to me) for the consequences of it's failure.

And last, inefficiencies be damned. Data doesn't really need to be centralized. Talk about single point of failure.

Re:It's about Time-Security puncture. (5, Insightful)

creysoft (856713) | more than 9 years ago | (#11773217)

You are not a ChoicePoint customer. ChoicePoint cares NOTHING about you. You are a number in a database, with a bunch of corresponding fields. Unless you've paid ChoicePoint for their services, you mean absolutely nothing to this company.

Furthermore, people keep complaining that their information got stolen. It's not your information. It's ChoicePoint's information. It belongs to them, and to the people that purchase access to it from them. They took the time to collect and aggregate it, and they own it. The fact that it may or may not directly affect your life for better or worse in substantial ways does not even enter the equation.

Obviously, there is something fundamentally wrong here that needs to be corrected. In my opinion, information should be held by an organization specicially authorized by the government to do so. The information should be encrypted and secured, and leaks should be punishable by prison time. A standard, open algorithm should be created, to convert the information into a simple number (like a "credit score.") Companies pay for access to these scores. Only upon showing direct need, in a court of law, should specific information be given to specific companies, under strict confidentiality. If a particular company needs to know a specific detail about all of their customers, they can petition to be granted access to that information only, under the same confidentiality agreement.

Furthermore, individuals should be given unfettered access to their own information, on request. (Identity verification should be draconian here.) Individuals should have the right to challenge an inaccuracy, and to provide documentation disproving it.

Granted, it may have some issues of its own, but at least it's a step up from "give everyone's most intimate financial details to every company that pays us a nickel." Any thoughts?

Re:It's about Time (1)

dnoyeb (547705) | more than 9 years ago | (#11773014)

true. this story has run on npr.org as well. The initially only notified california users. But some pressure has them notifying all possible victims now.

Re:It's about Time (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11773047)

can you email me pics of your tits please

Re:It's about Time (0)

Anonymous Coward | more than 9 years ago | (#11773347)

You know, people say things like that, but I've never had a problem with the credit reporting agencies. Once I found a horrible mistake on my credit report (somebody else in another state that I didn't even know somehow got all mixed up with my credit report).

I followed the procedure, and the data was gone within 2 months. Now, of course, MY data might be on someone ELSE'S report, but I'm pretty confident that if I check mine twice a year, I'll catch this stuff.

So I dunno, maybe I have good karma, or my mistake was easy to find, but are you just maybe injecting a little hyperbole into the discussion?

Oh, and the reason this is even possible: government regulation. Let's get these companies heavily regulated so that if the screw up, they actually feel some pain.

"Private" firm (1, Funny)

Anonymous Coward | more than 9 years ago | (#11772889)

I do not think that word means what you think it means ...

Choicepoint is a public company [yahoo.com]

Damn! (2, Interesting)

Primal_theory (859040) | more than 9 years ago | (#11772890)

This is the third time my identity has been stolen this week...I loose my damn dog and keys less then i loose my identity!!!

On a more serious note: Big brother

So if big brother, has like all this information on us (creditcard numbers places we freq eat and stupid random intel like that), then what if THEY get hacked? Wouldnt that mean hell for everybody thats ever been in america? I could only imagine standing in line at a public school to get my friggin id back, but how would they validate whose who? if theres no pictures, oculd you just steal somebody's drivers liscence or wallet and say that your them?

Re:Damn! (2, Interesting)

Creepy Crawler (680178) | more than 9 years ago | (#11772920)

---So if big brother, has like all this information on us (creditcard numbers places we freq eat and stupid random intel like that), then what if THEY get hacked? Wouldnt that mean hell for everybody thats ever been in america? I could only imagine standing in line at a public school to get my friggin id back, but how would they validate whose who? if theres no pictures, oculd you just steal somebody's drivers liscence or wallet and say that your them?

Im no lawyer, but if you just _cant_ prove your identity cause XYZ documents are stolen/lost, you bring acquainances who are legitly proven and they vouch for you. People like that could be friends, family, employees, teachers...

Essentially, its like that Orkut. If you cant prove who you are, people who are proved back you up. And if they lie, its perjury and a bunch of other charges.

Re:Damn! (1)

Primal_theory (859040) | more than 9 years ago | (#11772939)

oh ok, but what if you just get a bunch of your friends who are proven to say that im that otehr guy?

And how does the first guy get prooven? does it start with like the president and his family, work its way down the chain, and then hit the public? or is it one lucky guy that some gov worker belives?

Top post for great justice! (2, Informative)

Anonymous Coward | more than 9 years ago | (#11772899)

Choicepoint CEO personal info here. [slashdot.org]

Nice Segue (1)

dhudson0001 (726951) | more than 9 years ago | (#11772902)

Nice segue from the previous "most disgusting story of the day" which in my opinion was the newly appointed committee member to the DPIAC. Excuse me while I cough up both my identity AND my lunch....

Time to set an example (2, Insightful)

NerdConspiracy (858939) | more than 9 years ago | (#11772911)

It is too easy for companies to be careless with people's personal data and it will take a serious threat of penalty to make them put in extra expense and effort to guard it properly. The same kind that make airlines so carefull about safety i.e. closing down the shop type of penalty.

Screwed by ChoicePoint (5, Interesting)

Agent R (684654) | more than 9 years ago | (#11772921)

Can anyone tell me why ChoicePoint never did any deeper background checks on their clients knowing full well that identity theft is at an all time high? Didn't they have enough time to ramp up their security protocols to prevent this sort of thing from happening? Plus, who the !@#$% gave ChoicePoint permission to gather data on me?

Funny, ChoicePoint kind of reminds me of what Microsoft wants to do with their .NET establishment. Gather all personal info on one database. Currrently, it's a mistake to put all the eggs in one basket.

Re:Screwed by ChoicePoint (2, Informative)

justins (80659) | more than 9 years ago | (#11772980)

Plus, who the !@#$% gave ChoicePoint permission to gather data on me?

The federal government.

Funny, ChoicePoint kind of reminds me of what Microsoft wants to do with their .NET establishment. Gather all personal info on one database. Currrently, it's a mistake to put all the eggs in one basket.

There are many "baskets" like Choicepoint.

Re:Screwed by ChoicePoint (1, Insightful)

iminplaya (723125) | more than 9 years ago | (#11773324)

The federal government.

And who gave them the authority?

Hint: It's something you always have with you. You see him every day in the mirror.

Re:Screwed by ChoicePoint (2, Insightful)

EnronHaliburton2004 (815366) | more than 9 years ago | (#11773000)

Can anyone tell me why ChoicePoint never did any deeper background checks on their clients knowing full well that identity theft is at an all time high?

What's really ironic about this statement is that Choicepoint does background checks for employeers.

Last several times I was accepted for a job, I had to submit myself to a background check provided by Choicepoint.

They could do a similar background check on their clients, but I bet that would be bad for Choicepoint's business.

Re:Screwed by ChoicePoint (1)

Sick Boy (5293) | more than 9 years ago | (#11773196)

A client waved dollars at them. ChoicePoint is like any other company. Get the money first, worry about the consequences later.

Re:Screwed by ChoicePoint (2, Insightful)

killjoe (766577) | more than 9 years ago | (#11773453)

"Can anyone tell me why ChoicePoint never did any deeper background checks on their clients knowing full well that identity theft is at an all time high?"

Because it would cost money that's why. The only reason you know what happened is because the left wing hippies in california passed a law that holds businesses sort of kind of responsible.

Businesses have no morals or conscience. They don't care about you. It's up to you (through your govt) to make sure the businesses don't run amok.

ChoicePoint has many tentacles (4, Interesting)

tbuckner (861471) | more than 9 years ago | (#11772923)

This ID theft fiasco is but the tip of the iceberg. ChoicePoint helped throw Florida voters off the registration lists in the infamous 2000 election, and made a pretty penny off 9-11. God knows what else they're up to. See http://www.gregpalast.com/ [gregpalast.com] Quote: "For ChoicePoint, with its 15-billion-plus records on every living and dying being in the United States, Ground Zero would become a profit center lined with gold. Contracts would gush forth from War on Terror fever not hurt by the fact that ChoicePoint did something for George W. Bush that the voters would not: select him as our president." Full article at http://www.gregpalast.com/detail.cfm?artid=356&row =0 [gregpalast.com]

Re:ChoicePoint has many tentacles (1)

mzwaterski (802371) | more than 9 years ago | (#11772993)

Funny how Mr. Palast doesn't cite any facts in his diatribe on ChoicePoint...

ChoicePoint has many tentacles-Biblio-Palast. (0)

Anonymous Coward | more than 9 years ago | (#11773050)

Even funnier is how many Slashdotters are referencing his sight. I guess it just proves that everyone has an agenda.

Re:ChoicePoint has many tentacles (0)

Anonymous Coward | more than 9 years ago | (#11773162)


So the whole well-documented problem in Florida with regards to the disenfranchised non-felons was another "lie of the liberal media"?

Tsk tsk.. surely you can do better than that.

Re:ChoicePoint has many tentacles (0)

Anonymous Coward | more than 9 years ago | (#11773172)

This ID theft fiasco is but the tip of the iceberg. ChoicePoint helped throw Florida voters off the registration lists in the infamous 2000 election, and made a pretty penny off 9-11.

Whenever there is a tragedy, either natural or manmade, someone is going to make money on it, and 9-11 is no different in that respect than any other. My guess is that architectural firms and building companies are also making a lot of money. The implication seems to be they bribed someone to get the contract or were paid for a service they didn't provide, so it would be interesting to see some proof.

Dear Choicepoint... (1)

Tobias.Davis (844594) | more than 9 years ago | (#11772932)

I sent out this email 2/18/05, still no reply:

Request: removal of personal information from your database.

I never gave your company permission to use any public record that belongs to me in a profiteering method. Social Engineers have accessed your database and have potentially compromised personal information belonging to potentially every US citizen, including myself. Reference:

http://www.msnbc.msn.com/id/6969799/ .

I request that any information about myself, removed be removed from the choicepoint database. I am forwarding this email to the offices of the DOJ, President Bush, Vice President cheney and John Hostlettler to inform them of the request that I am making. Also ccing to ombudsman@npr.org.

I am appalled that this corporation dares rob me of the basic right of privacy and security that the constitution protects. I demand my information be immediately removed, my file shredded and evidence of such to be delivered to me.

Re:Dear Choicepoint... (2, Informative)

Rude Turnip (49495) | more than 9 years ago | (#11773215)

"never gave your company permission to use any public record that belongs to me in a profiteering method."

That's because you don't have the authority to give that permission. Public records belong to the public.

Oh NO!!! NPR? We give in! (0)

Anonymous Coward | more than 9 years ago | (#11773267)

Please don't bring NPR into this... we give in... you win....

Re:Dear Choicepoint... (1, Funny)

Anonymous Coward | more than 9 years ago | (#11773316)

Dear MRS. CHENG (SSN 254-26-2366),

Thank you for your recent letter to ChoicePoint. For almost a century ChoicePoint has been a trusted source and leading provider of decision-making intelligence that helps reduce fraud and mitigate risk. We value each and every message we receive, including yours.

We are constantly updating and refining the information in our secure databases. Due to our secure proprietary technology, we are unable to carry out your request at our time.

We hope you enjoy being a ChoicePoint customer, and we look forward to meeting your risk-management needs in the future.

Please feel free to contact us if you have additional questions!

ChoicePoint Reduces Risk(R)!

Beware (-1, Offtopic)

JJ (29711) | more than 9 years ago | (#11772936)

Anti-American comments about to break out here !!! We all know the USA id the root of all evil in the world. Heck, Amnesty International claims that Iraqi women were better off under Sadaam Hussein and that American soldiers are mass raping them. ((Reality check, please!!!))

Interesting choice (2, Funny)

hshana (657854) | more than 9 years ago | (#11772937)

I didn't know anybody watched cbs anymore...

Re:Interesting choice (1)

humankind (704050) | more than 9 years ago | (#11773030)

Troll...

On a side note, the CBS web site is sponsored by WalMartFacts.com. Surely another sign of the of "liberal media" right?

Bruce Schneier (4, Informative)

Shamashmuddamiq (588220) | more than 9 years ago | (#11772942)

Schneier wrote about this in his blog [schneier.com] .

GOP & ChoicePt in attempted Chavez coup (0, Offtopic)

Cryofan (194126) | more than 9 years ago | (#11772947)

Bush and the GOp used Choicepoint as the
hatchetman in an attempted coup of demcratically elected president of venezuela, Hug Chavez:

U.S. Attempting to Fix Venezuela Vote

(Greg Palast, August 10, 2004)

Will The Gang That Fixed Florida Fix the Vote in Caracas this Sunday?

OUR President has decided that THEIR president has to go. This is none too easy given that Chavez is backed by Venezuela's poor. And the US oil industry, joined with local oligarchs, has made sure a vast majority of Venezuelans remain poor. . . . Therefore, Chavez is expected to win this coming Sunday's recall vote. That is, if the elections are free and fair. . . . They won't be. Some months ago, a little birdie faxed to me what appeared to be confidential pages from a contract between John Ashcroft's Justice Department and a company called ChoicePoint, Inc., of Atlanta. The deal is part of the War on Terror.

Justice offered up to $67 million, of our taxpayer money, to ChoicePoint in a no-bid deal, for computer profiles with private information on every citizen of half a dozen nations. The choice of which nation's citizens to spy on caught my eye. While the September 11th highjackers came from Saudi Arabia, Egypt, Lebanon and the Arab Emirates, ChoicePoint's menu offered records on Venezuelans, Brazilians, Nicaraguans, Mexicans and Argentines. ...
The fix that was practiced in Florida, with ChoicePoint's help, deliberate or not, appears to be retooled for Venezuela, then Brazil, Mexico and who knows where else. . . . Here's what it comes down to: The Justice Department averts its gaze from Saudi Arabia but shoplifts voter records in Venezuela. So it's only fair to ask: Is Mr. Bush fighting a war on terror -- or a war on democracy?

more here:
http://www.gregpalast.com/detail.cfm?artid= 358&row =0

Re:GOP & ChoicePt in attempted Chavez coup (0, Offtopic)

haluness (219661) | more than 9 years ago | (#11772983)

If this is all true and verified where the hell is the outcry? This is slimy tactics to the extreme!

Re:GOP & ChoicePt in attempted Chavez coup (1)

YrWrstNtmr (564987) | more than 9 years ago | (#11773090)

Keyword: "If"

Not saying it is, or isn't, but Palast seems to be lacking a certain number of actual facts, and instead seem to be relying on rhetoric.

Show me the facts.

Score another for the New Media (1)

humankind (704050) | more than 9 years ago | (#11772958)

Score [bsalert.com] another major issue that was instigated by the New Media [bsalert.com] (bloggers).

NoChoicePoint (4, Interesting)

MillionthMonkey (240664) | more than 9 years ago | (#11772959)

From Bruce Schneier: [schneier.com]
ChoicePoint protects its data, but only to the extent that it values it. The hundreds of millions of people in ChoicePoint's databases are not ChoicePoint's customers. They have no power to switch credit agencies. They have no economic pressure that they can bring to bear on the problem. Maybe they should rename the company "NoChoicePoint."

The upshot of this is that ChoicePoint doesn't bear the costs of identity theft, so ChoicePoint doesn't take those costs into account when figuring out how much money to spend on data security....Until ChoicePoint feels those costs -- whether through regulation or liability -- it has no economic incentive to reduce them.

10 million victims lose 300 million hours... (4, Insightful)

geekotourist (80163) | more than 9 years ago | (#11773482)

The FTC IDTheft website has this 2003 report filled with statistics [ftc.gov] :
  • over 3 million Americans had fraudulent ID theft (the worse kind), and 10 million total had some type of ID theft
  • ID theft victims spent a total of 300 million hours "fixing" their problems.
  • Fraudulent ID theft averaged $10,000 stolen. The total cost of all ID theft is $50 billion.
  • the monetary cost to fix fraudulent ID theft averages $1,200 per ID victim.
But in reading this report the bias that "businesses are the true victims" shows up. The $5 billion in costs to the identity victim (and 300 million hours of time) is described as "Individuals whose information is misused bear only a small percentage of the cost of ID Theft" (pg 6). That's a bad way of thinking about it for several reasons:
  • 300 million hours of victims' time = 300 million hours of research and investigative time = a 'donation' of at least a few billion dollars.
  • The ID theft victim gets hit with real and lasting costs. Companies get to write off their losses, or use insurance and pass their costs on to consumers. A year after ID theft is discovered, the theft is just a blip in a spreadsheet to the companies where the stolen identity was used. The victim will still be writing letters, finding new ramifications, and losing time and sleep over the matter.
  • Those 300 million hours also = stress, lost time from work, family, charities, plus also extra medical expenses.
  • "15 percent of ID Theft victims reported that their personal information was misused in nonfinancial ways. The most common such use reported was to present the victim's name and identifying information when someone was stopped by law enforcement authorities or was charged with a crime." What's the cost of your kid seeing you arrested because someone else used your name? Not to mention...
  • Now that the government gets data from Choicepoint and others, and because the government has no legal responsibility to find or fix bad data in its files, the rest of your life could be hobbled by bad data and you won't quite know why.
So basically Choicepoint and the credit card reporting agencies are creating a "public bad." Like polluters, they force other people and companies to bear the cost of problems they've created. 300 million hours and $5 billion dollars would = fantastic security finished in months if the companies themselves had to pay these costs. Instead, 10 million people are forced to do their own cleanup work, and the fact that 9.999 million people have already done the job doesn't make it any easier for you when you're the victim.

Mitigating damages (5, Interesting)

Skapare (16644) | more than 9 years ago | (#11772998)

Why is it such a concern that something as benign as a 10 digit number, plus information that can be found in the phone book, should be of such a concern? One reason is that armed with such a small amount of information, someone can do a tremendous amount of harm to people, and the companies those people do business with.

Someone can get a driver's license in your name, and build a bad driving record, or worse, in your name. And the state will insist it is you. The affected state will file this with your state, and your own state may cancel your driver's license because it looks like you moved to the other state. In extreme situations you could be arrested.

Someone can get a bank account in your name. Then with these checks that have your SSN and address on them, make a hundred fraudulent purchases totaling tens of thousands of dollars, on an account they probably stuck just $250 in to get it open. This will ruin your rating with banks, which is kept by a separate reporting agency not subject to the same reviews as the 3 big credit reporting agencies are.

There are many other kinds of examples, including opening credit accounts. The common problem in all of these is the assumption that by having certain information, the person with it must actually be you. Those of us familiar with security protocols already know that having the very information you give to someone else to show who you are, enables who you just gave it to to masquerade as you. Most people are honest but a slight few are dishonest. Theft of identity information has been happening for decades but it is only now becoming so widespread that politicians and lawmakers are no longer going to be able to hide their head under the carpet and pretend it doesn't exist in order to avoid the hard choices they will have to make.

And remember, this is identity theft; it is not authenticity theft. Identity only says who you are. We need to stop businesses and governments from assuming that identity is authenticity.

Re:Mitigating damages (5, Insightful)

Sancho (17056) | more than 9 years ago | (#11773204)

This is identity infringement. Or is it actually "theft" when people do it to content owners?

Can't have it both ways, Slashdotters.

Re:Mitigating damages (2, Insightful)

Skapare (16644) | more than 9 years ago | (#11773248)

That's an interesting way to look at it. You could say it was stolen from who holds it, and infringing on who it refers to. It's not who it was stolen from who suffers the most. I like this concept.

Class action suit? (1)

rawb (529039) | more than 9 years ago | (#11773016)

Didn't we just got rid of them? / just askin

Re:Class action suit? (1)

amliebsch (724858) | more than 9 years ago | (#11773087)

Only in state courts. All class actions must now be federal.

Re:Class action suit? (1)

bechthros (714240) | more than 9 years ago | (#11773403)

Ah, but state courts *had* to take them. Federal courts don't. They can just take their ball and go home.

congress needs to run netcraft on cracked ... (1)

WindBourne (631190) | more than 9 years ago | (#11773028)

systems. It is very telling to see who is running what. Take a look at ChoicePoint, T-Mobil, etc.

I just saw a story about a story about a story ... (1)

carninja (792514) | more than 9 years ago | (#11773034)

This form of hearsay shouldn't be allowed on slashdot. It's only going to [eventually] lead to false reporting and scandal. I thought we learned something from "Rathergate" (as much as I hate to call it that) How about you get us an actual story?

this is a general problem (0)

Anonymous Coward | more than 9 years ago | (#11773042)

What most people fail to understand is that this is not one of few incidents but a general problem that happens when organizations are trying to force people to give our personal data.

Whenever an organization other than the IRS, lenders, or certain employers asks you to give out your social security number you better decline. This applies particularly to schools and landlords. Remember that schools are now required to use other types of student identifiers and landlords cannot refuse you as tenant if you do not give them your social security number. You certainly shouldn't.

Re:this is a general problem (0)

Anonymous Coward | more than 9 years ago | (#11773083)

I absolutely agree and I am glad to see that states are cracking down on landlords who are pressuring prospective tenants to give them their social security number for credit checks. That's why you pay last month rent or a security deposit to begin with.

I am particularly pleased to see that a number of states are making those basic tenant rights part of anti-disrimination laws.

ChoicePoint NOT hacked (5, Insightful)

G4from128k (686170) | more than 9 years ago | (#11773053)

ChoicePoint sold data to customers that turned out to be criminals. These criminal customers did not "hack" into the system, they were granted paid access to it. At best/worst the criminals did a bit of social engineering to appear as a legitimate business. Otherwise the feat involved no technological illegitimate access. I think that is the scariest part of the story.

Re:ChoicePoint NOT hacked (2, Insightful)

sulli (195030) | more than 9 years ago | (#11773279)

But ChoicePoint maintained data sufficient to do identity theft on the affected consumers, without our permission. They sold these data to the crooks without our permission. That is the real scandal. (I was affected.)

Good (1)

nightherper (635698) | more than 9 years ago | (#11773075)

That whole firm should be liable for every cent lost. Accepting requests for data via fax without ever seeing original documents is negligent. How can anyone ever expect to avoid identity theft when you have places like this working against you, giving all the important stuff out to any nigerian con artist with scissors a photocopier and a fax machine. I might as well reply to all the emails I get to see if I stand a better chance for a share of the few million each nigerian guy that emails me seems to have.

As if (2, Informative)

imnoteddy (568836) | more than 9 years ago | (#11773095)

large class action lawsuit against the private firm

Class action lawsuits were essentially outlawed by the Rupublican Congress and President Bush this week. Nobody will ever get any damages from Choicepoint.

Re:As if (3, Informative)

demaria (122790) | more than 9 years ago | (#11773442)

It just moves the cases from state to federal court under certain circumstances, and limits lawyer fees in coupon settlements. You know, those ones where, if you win, you get $5 off your next purchase, assuming you make a next purchase that is. I'm still waiting to redeem my CRT monitor settlement from the early 90s.

It was passed in the Senate 72-26, with 8 Democrats sponsoring the bill. That's a veto proof majority. That's bipartisan dude.

Y'all have it backwards (2, Insightful)

shanen (462549) | more than 9 years ago | (#11773104)

If Congress wants to get involved, it would be to protect ChoicePoint from being hassled by the peasants. Haven't you been paying attention?

Class dismissed. (As in the "no class" action suit.)

Close Enough For Government Work (5, Interesting)

Doc Ruby (173196) | more than 9 years ago | (#11773179)

I wonder if they'll ask Hank Asher, who started the company (and DataBase Technologies), about his cocaine flights into Florida for Iran/Contra. Or how John Poindexter (of Iran/Contra) got them that fat contract for TIA, and saved it as the secret MATRIX program when TIA got too hot for Congress. Or about that Florida voter-purge list, with over 40K legitimate Florida voters prevented from voting in 2000, and again in 2004. Maybe Asher will have some answers that won't get the coincidence theorists freaking out about how this one company could be so lucky for so long with the same people.

These companies need to be held responsible (1)

Harker (96598) | more than 9 years ago | (#11773213)

These companies need to be held responsible for the results of letting private information slip through their fingers.

They make money off or people's personal information. They should stand up and reimburse people for losses when they fuck up and let said information out to the wrong people.

H.

You would understand... (1)

Vash_066 (816757) | more than 9 years ago | (#11773304)

how easy something like this is if you read "The art of deception" By Kevin Mitnick.

Choice Point = Equifax? Canadian data too? (0)

Anonymous Coward | more than 9 years ago | (#11773310)

In previous dealings with Revenue Canada back before 1997 i remember a women telling me that all our data was stored by Equifax an American company. Is it possible that canadian data is also being stolen as equifax has no legal requirement to let us know either???!!??!!

Previous class actions failed because... (0)

Anonymous Coward | more than 9 years ago | (#11773345)

...the rulings were that persons affected by the identity thefts were not *customers* of the info bureau(s), therefore... bureau(s) not liable.

Lame, lame, lame.

Bwilde.

America, america, god shed his fur on thee (1)

Slashdot is dead (860120) | more than 9 years ago | (#11773401)


At times like these I'm glad I live in a country that puts the rights of a corporate entity over the rights of an individual.

It reminds me of that cheer they did in high school...

Be, regressive, be, be, regressive. R-E-G-R....

The solution to identity theft... (1)

gnat_x (713079) | more than 9 years ago | (#11773443)

With the spread of identity theft, its time that we who undertand a bit about social egineering make identity theft obsolete and start creating more bunk identities.

Next time you change apartments, get all your utility bills put in the name of someone who doesn't exist. Then when that identity gets stolen who cares?

Get a credit card for your pet if you can.

The more fake identities that are out there the less identity theft matters, and the less companies like choicepoint will be relevant.

So come on everyone... lets make up fake people!

It can takes years to fix this sort of thing... (5, Insightful)

Anonymous Coward | more than 9 years ago | (#11773505)

Id Theft can be extremely painful to resolve.

I had (regular) mail stolen from my mail box (before I realized how bad it is to actually use your mailbox for outgoing mail), at first I thought it was a post office screw up, but several months later, I got a call from a bank employee who just completed a transaction which he thought was fishy. He asked my if I had just cashed a four figure check there. When I told him that I hadn't he warned me that somebody was stealing my Identity. I called my credit card companies to get new cards and security added to my accounts, contacted all of the big three credit agencies and got a hold put on my credit, contacted the local police.

The next thing I knew it was raining collection notices on me.

This guy was printing checks with my name and driver's liscense number. For Id, he had a printer which could create fake driver's liscenses with all of my information, but his face and description.

Fortunately, I was lucky, this guy got pulled over for a faulty brake light and the officer looked into the car and saw over a dozen driver's liscenses on the back seat of his car, all with his picture on them, but different names. The officers told me that I was the one in a hundred whose Identity Thief was caught.

Now, 8 years later, I can share some lessons with you. Trust me, you don't want any of this to happen to you, arguing with collection agencies is no fun at all, they assume that everybody is a slimeball.

1) Get a shredder. Get two in case the first one breaks. Shred everything that has anything that can identify you. Id Theives also dumpster and dump dive to look for your information, don't give them any help. shred shred shred...

2) Get your annual credit report from the big three credit bureaus. Take the time to review it, carefully. They each have a formal procedure for clearing up problems. Follow it to correct your information. They can be reached here http://www.creditreporting.com/ [creditreporting.com]

3) Check your credit and bank statements, you never know what they have on you or when they get it.

4) If it does happen to you, file a police report immediately. This report number is your best defense against the onslaught of collection agencies that will soon be banging down your door.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?