|Network Security Consulting SecurityFocus Article
ChoicePoint Allows Data Breach, Again
Consumer-data broker ChoicePoint turned off a database monitoring system, allowing an unknown person to conduct unauthorized searches of one of its systems, the Federal Trade Commission said on Monday.
The breach, which happened between April and August 2008, exposed the personal information of 13,750 people, including Social Security numbers. On Monday, the FTC announced that a court had ruled against the company, finding that it had violated a 2006 court order that resulted from its previous breach. The recent ruling mandates that the company improve its data security and levies a $275,000 fine against the firm.
"If the security software tool had been working, ChoicePoint likely would have detected the intrusions much earlier and minimized the extent of the breach," the FTC claimed ina statement released on Monday.
In 2005, ChoicePoint revealed that criminals had created fake businesses to gain access to the company's information on consumers. The breach resulted in the unauthorized access to 145,000 people's profiles. Data broker Lexis Nexus also acknowledged in 2005 that it had fallen for a similar scheme, allowing unauthorized groups access to some 310,000 consumer records.
As part of the latest court order, which modifies the 2006 consent decree, ChoicePoint will report its current security status and procedures to the FTC every two months for the next two years.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos