Choicepoint Data Breach Essay

AbstractThe ChoicePoint information wear out occurred in 2005. This insider data unwrap brought to light how a company can button up be defenseless to having data stolen from its databases even without any lawsuitsetters case of hacking of their system. By not properly vetting bay for new accounts and indicate for learning conduct to the theft of over a hundred thousand records of peoples individual(prenominal) information.ChoicePoint Data BreachChoicePoint, A data broker, suffered a data prison-breaking in 2005. This breach led to the disclosure of thousands of peoples personal information. We will discuss the type of breach this would fall under, how it occurred, the losings of confidentiality, law, and handiness (C.I.A.), and the types of improvements ChoicePoint could or did undertake to help prevent this from happening again.The ChoicePoint data breach was a type of insider attack that occurred between 2003 and 2005 (Otto, Anton, & Baumer, 2007). According to the textbook, the definition of an insider attack is person with legitimate access intentionally breaches information (Pfleeger & Pfleeger, 2007). This can typically be from an employee or a contractor. But with the ChoicePoint data breach is was actually from customers.The ChoicePoint data breach led to over 145,000 records of personal information world stolen (Polstra, 2005). This was not by any type of hack into ChoicePoints systems but by an individual or a group of people who mathematical function previously stolen information to create fake businesses that would have a need to preform background checks on people. They used the fake businesses to apply for accounts with ChoicePoint. When ChoicePoint reviewed the application for membership they ran a check on the businesses and did not encounter any criminal activity on the owners of these fake companies since they were from stolen information and not the criminals themselves. Since no flags were thrown up ChoicePoint authorized the accounts, and these accounts now had access to retrieve information on people.In terms of the spilles of confidentiality, integrity, and availability there was really only a loss of confidentiality with a minor loss of integrity. The data breach led to the PII of an estimated 145,000 people to be possibly used by the individuals or groups that took the information for improper use. This use could have been for anything like creating credit accounts, loans, etc. Since ChoicePoint data broker of all types of information on people, this loss of data is basically the persons entire life story and everything needed to take bid of that life. The loss of integrity is minimal since the bogus accounts could not change information on the people the integrity of that information was intact. But since the people that performed this breach created accounts from previously stolen information, that was used to create fake businesses, the account it self-importance was not reliable.This then could of put every real account at risk of not being able to perform its needed task due to the possibly of all accounts being re reviewed to control proper reasoning for needing the account. There are multiple things that ChoicePoint can do to improve upon with what happened in 2005. slice ChoicePoint will point out that they were a victim of fraud themselves since it was not an actual hack into their systems (Polstra, 2005). They still failed to vet the applications for accounts and not reporting the breach of data until it was make public. Even then, they still failed to notify everyone until they were made to. This type of handling of the situation does not help with consumers trusting the company. Another thing they can do is to require more information on the individual that a company is requesting information on.This way if someone is trying to steal PII on someone they will have to have some of the more heavy information from the start. This will also make the request lo ok more real and other request that are not stand out that much more. If they better vet the applications for accounts then just candid background checks, it would lead to a lesser chance of people having access when they shouldnt. In conclusion, the ChoicePoint data breach exposed a serious threat to PII, even when not being hacked or databases being accesses without permission. If anything keen could be said about this breach is that it led to the implementing of numerous state laws requiring notification of PII breaches (Payton, 2006).ReferencesOtto, P. N., Anton, A. I., & Baumer, D. L. (2007, September/October). The ChoicePoint plight How Data Brokers Should Handle the Privacy of Personal Information. IEEE Security and Privacy , 15-23.Payton, A. M. (2006). Data aegis breach desire a prescription for adequate remedy. Proceedings of the 3rd annual conference on Information earnest curriculum development (pp. 162-167). New York ACM.Pfleeger, C. P., & Pfleeger, S. L. (2007). S ecurity in Computing. Indianapolis Prentice Hall.Polstra, R. M. (2005). A case make on how to manage the theft of information. Proceedings of the 2nd annual conference on Information security curriculum development (pp. 135-138). New York ACM.