Customer Data Stolen

by Chris Kenton on February 16, 2005

Hackers broke into ChoicePoint, a company that aggregates consumer data and resells it to the government and businesses, and stole thousands of private records with sensitive data like credit records and Social Security numbers. About 35,000 customers in California have been notified that their records were compromised.

The story is scary enough on its face–enough to make any Californian monitor their credit reports even if they haven’t been notified. But what is mind-boggling is the deliberate mis- and dis-information that ChoicePoint is putting out about the whole debacle.

In the first place, ChoicePoint, which aggregates records all across the U.S., is trying to claim that the problem is limited to California. What some of the articles covering this story fail to mention is that the only reason Californians were notified, is that there is a state law requiring companies to notify customers whose computerized data has been compromised. So according to ChoicePoint, the problem is limited to California, simply because that’s the only state where they actually have to admit they left the door open to hackers. I’m sure the hackers, while pillaging the database, were doing geographic selects on California. Don’t worry if you live in Ohio. They don’ t have to report there, so there’s no problem. Trust me.

Second, a spokesperson for ChoicePoint claims they’re not even really sure that any data was compromised. That’s comforting. You mean, you’re collecting sensitive data on hundreds of thousands of customers, and you don’t even know when those records have been hacked? So, um, if you can’t tell whether data has *actually* been compromised, how are you able to say the problem is limited to California?

I’m one of those people who believes that sharing consumer information is a necessary part of an information economy. I’m also one of those people who believes regulation is not the best first line of defense. But when I see companies like ChoicePoint, I really start to question my judgement. If it weren’t for a California law requiring them to come clean or face open-ended damages for their security lapse, no consumers would even know they were at risk for having their identity stolen.

But this is the really scary part. On the day they are being flogged for failing to secure the crown jewels, on the day they are openly, shall we say, equivocating about the scope of the problem… wait for it… THEIR STOCK IS CLIMBING.

{ 0 comments… add one now }

Leave a Comment