[privacy] ChoicePoint Gets A New Parent

We have been highly critical of information services company ChoicePoint (NYSE: CPS) for years, ever since they admitted selling private consumer data in early 2005. Identity theft was starting to ramp up as an American consumer's worst nightmare, data was sometimes being lost or stolen, but this was the first time in recent memory that a company collecting the data admitted that it sold more than 140,000 consumer records to individuals posing as businesses.

The timeline grew as gruesome as one might expect. Only one week later, ChoicePoint admitted that they knew about their data breach as early as October 2004, but were working with law enforcement. We were critical and remain critical of the decision to suppress news from consumers about a deliberate breach of consumer information.

Congress justifiably got involved, but little came out of the federal government's queries, something we see repeated too often. This time, however, the Federal Trade Commission stepped in and chased down ChoicePoint's processes. A year later, the company announced it would pay a $15 million fine, including $5 million for consumers, to settle the FTC's complaint that ChoicePoint did not have adequate safeguards in place.

The only time we believed the company was being harshly treated was when a coalition made up of nearly every state bellied up to the trough and beat another $500,000 out of ChoicePoint. We said then and believe now that this was just a money and headline grab gambit and did little to help consumers.

Now an even bigger information company, Reed Elsevier (NYSE: RUK) which owns information company Lexis-Nexis among others, has stepped in with $4 billion or so to buy ChoicePoint. The premium being paid for the information housed in Georgia-based ChoicePoint is staggering. Less than one month ago, the market value of the company (as determined by its stock price) was about $2.3 billion. While stocks have been battered and there are value buys out there, this is akin to Microsoft trying to take on Yahoo!

We can (and do) argue both sides of consolidation at Consumer Help Web. Concentrating data in a few companies allows for more stringent regulation, tighter controls and a wider spotlight. At the same time, the mess our nation's three major bureaus have created finally caused the government to legislate that consumers receive free access to each company's report every year to examine the report for errors. That is a lot of power to put in the hands of a for-profit entity.

We see the same issue with Google now. We adore Google for its groundbreaking contributions to Internet searching. At the same time, multiple consumers in multiple consumers have expressed to us their concerns that the search company is gathering a picture of consumers that is too detailed. Indeed, search queries and other information are associated with Google accounts and create a history of what was searched for by a person. That's not a marketer's fantasy, but a consumer's nightmare. Every unimaginable intensely private search query is dutifully logged by massive computer centers and tied to an individual.

That is why we are not fans of Google's proposed Health offering, why we think Microsoft's Health offering has failed to gain traction and why we are very concerned about the merger of two giants like Reed Elsevier and ChoicePoint, even if the latter has been learned a painful lesson.

Labels: ChoicePoint, data breach, Google, Microsoft, privacy, Reed Elsevier

posted by George Bounacos at 6:23 AM | 0 comments
(opens in new window) | links to this post

  Military Personnel Data Again In The Open

A year after the General Services Administration contracted with a Massachusetts credit monitoring firm to protect military families against data breaches, another government contractor is reporting that it lost personal information about service personnel.

SAIC, an $8 billion defense contractor headquartered in San Diego, announced last week that as many as a half million health records related to military personnel and their families may be in the open. The company later revised that number upwards by 60% and said up to 870,000 people could be affected.

SAIC was processing health information for the Department of Homeland Security, the Army, Navy and Air Force when it reported its second breach in three years. The records were allegedly placed on the Internet but not secured and were also reportedly transmitted on the Internet without encryption.

The company's management is doing its best to distance its processes from the breach, reporting that "a number" of employees have been placed on "administrative leave". Compounding the issue is that the Air Force allegedly notified SAIC of the issue rather than the company's own quality assurance measures detecting a problem.

SAIC has hired Kroll, Inc, a "data recovery" and "risk management" firm with offices throughout the country, to help military personnel and their families mitigate any identity theft issues.

Labels: data breach, Kroll, military, SAIC

posted by Consumer Help Web Editorial Team at 8:14 AM | 0 comments
(opens in new window) | links to this post

  ChoicePoint Settles Data Breach Again, This Time With The States

Consumer Help Web readers will remember the media frenzy surrounding the first of a well publicized series of data breaches in 2005. Information services giant ChoicePoint was one of the first to go public that year with a massive breach that was originally thought to potentially impact 140,000 consumers.

Within days, the United States Senate was threatening hearings, and MSNBC was following a story regarding the timing of insider trading of the company's stock. The company made good with the FTC a year later, paying $10 million in penalties and another $5 million in consume redress. The penalties were the largest in the FTC's history, and the government agency issued an order requiring ChoicePoint to implement more stringent security measures.

Now the states have bellied up to the bar. A group of 43 states and the District of Columbia have settled with the company for a combined $500,000. That is a stiff fine, of course, and the company has already paid the federal government more than $15 million, but one wonders what was served by the states jumping into the fray for a few thousand dollars each?

ChoicePoint will have to continue upgrading its security safeguards, which is a good thing, but the "piling on" of the states one year after the company took a credibility, business continuity and financial hit seems excessive. Perhaps the money might have been better spent at ChoicePoint to protect consumer data.

Labels: Choice Point, data breach, FTC

posted by Consumer Help Web Editorial Team at 9:32 AM | 0 comments
(opens in new window) | links to this post

  University of Missouri Hacked For Second Time

The University of Missouri and law enforcement are investigating a recent attack on a database by an unknown computer hacker or hackers that allowed retrieval of names and Social Security numbers of 22,396 individuals associated with the University. Those affected were employees of any campus within the UM System during calendar year 2004 who were also current or former students at the Columbia campus.

The University's Information Technology staff first noted unusual activity on a computer application last Thursday, May 3. On Friday morning, May 4, UM technicians identified a large series of errors caused by faulty queries to the application and an associated database. These errors were first assumed to be caused by a problem with a system used to track computer help desk repair calls using the same database. The attack was confirmed by UM technicians that same day. They disabled the account that was being used by two overseas IP addresses to access the database from China and Australia.

The University is alerting individuals whose information was disclosed that they should request a free initial fraud alert to be placed on their credit files by calling any one of the three national credit reporting agencies – Equifax, Experian or TransUnion.

The University has also set up a telephone hotline and a Web page to provide more information. The hotline may be called between 8 a.m. and 5 p.m., Monday through Friday. The toll-free number is 866-241-5619, and the local number in Columbia is 573-884-7222.

Labels: data breach, Missouri, privacy

posted by Consumer Help Web Editorial Team at 9:31 AM | 0 comments
(opens in new window) | links to this post