ChoicePoint ain't the victim here

ChoicePoint ain't the victim here.

I'm so freaking sick of today's headlines claiming that “hackers” somehow broke into ChoicePoint's
(obscenely comprehensive) consumer databases and obtained information
which allowed them to then steal people's identities. This is a story
that's been discussed on Dave Farber's Interesting People mailing list since yesterday, and the truth of the matter — reported correctly only by MSNBC thus far — is that a group of criminals managed to create fake businesses and then set up entirely valid accounts with ChoicePoint in the name of those businesses, and then obtained the information about consumers via those accounts.

Notice the difference? If it's reported that nefarious hackers broke
into ChoicePoint and stole the data, then ChoicePoint comes out looking
like a victim. On the other hand, if it's reported that the failure was
in ChoicePoint's internal mechanisms for verifying the validity of an
account application, the existence of the company behind that
application, and the right of that company to obtain credit
information, then ChoicePoint is revealed as a remarkably large part of
the problem. Add to that the fact that ChoicePoint is only notifying
consumers in the one state that requires them to (hell, there isn't
even a note about it on the company's news release page), and doing so four months after they sold consumer data to criminals, and the story truly does take on a different character.  [Q Daily News]

Leave a comment