Ask Question, Ask an Expert

+1-415-315-9853

info@mywordsolution.com

Ask Management Information System Expert

The ChoicePoint Attack

ChoicePoint, the Georgia-based corporation, offers risk-management and fraud-prevention data. Traditionally, ChoicePoint provided motor vehicle reports, claims histories, and similar data to the automobile insurance industry; in recent years, it broadened its customer base to include general business and government agencies. Today, it also provides data for volunteer and job-applicant screening and data to assist in location of missing children. ChoicePoint has over 4,000 employees, and its 2004 revenue was $918 million.

In the fall of 2004, ChoicePoint was victim of the fraudulent spoofing attack in which unauthorized individuals posed as legitimate customers and obtained personal data on more than 145,000 individuals. According to a company's Web site:

These criminals were able to pass our customer authentication due diligence processes by using stolen identities to make and produce the documents needed to appear legitimate. As small business customers of ChoicePoint, these fraudsters accessed products which contained basic telephone directory-type data (name and address information) as well as a combination of Social Security numbers and/or driver's license numbers and, at times, abbreviated credit reports. They were also able to obtain other public record information including, but not limited to bankruptcies, liens, and judgments; professional licenses; and real property data.

ChoicePoint became aware of the problem in November 2004, when it noticed unusual processing activity on some accounts in Los Angeles. Accordingly, company contacted the Los Angeles Police Department, which requested that ChoicePoint not reveal the activity until the department can conduct an investigation. In January, the LAPD notified ChoicePoint that it can contact the customers whose data had been compromised.

This crime is an ex of the failure of authentication and not a network break-in. ChoicePoint's firewalls and other safeguards were not overcome. Instead, the criminals spoofed legitimate businesses. Infiltrators obtained valid California business licenses, and until their unusual processing activity was detected, appeared to be legitimate users.

In response to this problem, ChoicePoint established the hotline for customers whose data were compromised to call for assistance. They also purchased the credit report for each of these people and paid for a one-year credit-report-monitoring service. In February 2005, attorneys initiated the class-action lawsuit for all 145,000 customers with the initial loss claim of $75,000 each. At the same time, the U.S. Senate announced that it will conduct an investigation.

Ironically, ChoicePoint exposed itself to the public relations nightmare, considerable expense, a class-action lawsuit, a Senate investigation, and a 20 percent drop in its share price because it contacted the police and cooperated in the attempt to apprehend the criminals. When ChoicePoint noticed the unusual account activity, had it simply shut down data access for the illegitimate businesses, no one would have known. Of course, the 145,000 customers whose identities had been compromised would have unknowingly been subject to identity theft, but it is unlikely that such thefts could have been tracked back to ChoicePoint.
Source: choicepoint.com/news/statement_0205_1.html#sub1 (accessed February 2005). Used with permission of Choice.Point.com.

Answer the following problems:

problem1) Itemize the nature of the information security breach at ChoicePoint and how this adversely affected the organization.  Be sure to include both tangible and intangible losses in preparing your response.

problem2) What actions were taken by both ChoicePoint and the “authorities” to address the crisis, and what is your assessment of each action taken? 

problem3)What reactive steps by ChoicePoint might have mitigated their losses subsequent to their discovery of the information security breach?  describe/justify your choices. 

problem4) What proactive steps by ChoicePoint might deter a reoccurrence of such an information security breach?  describe/justify your choices.

Management Information System, Management Studies

  • Category:- Management Information System
  • Reference No.:- M9574

Have any Question? 


Related Questions in Management Information System

Structured external assignmentevery organization is faced

STRUCTURED EXTERNAL ASSIGNMENT Every organization is faced with some kind of risk or threat that could cause an interruption to the organization's operations. These risks and threats can be internal or external. To prepa ...

Prepare a 350 to 1050 word paper that answers fully

Prepare a 350 to 1,050 word paper that answers fully discusses the topic questions Why does keeping good records help in managing your network? What type of information is shown on a wiring diagram? How does this differ ...

Write a seven pages research paper about disaster recovery

Write a seven pages Research paper about DISASTER RECOVERY PLAN of any MNC (multinational company) Research paper (7 pages) DISASTER RECOVERY PLAN of any MNC (multinational company) NEED 100% APA FORMAT AND CITATION FOR ...

Part a1 in your own words how would you define what

PART A: 1. In your own words, how would you define what organizational decision making is? 300 WORDS 2. What are the models of organizational decision making? Which one do you prefer and why? 300 WORDS 3. Explain what is ...

Assignment mobile app part 1 work breakdown structurethis

Assignment : Mobile App Part 1 (Work Breakdown Structure) This assignment contains two (2) deliverables: a summary document to be delivered in a word processor document format and a Work Breakdown Structure (WBS) to be d ...

The focus of the reseach paper is host intrusion detection

The focus of the reseach paper is Host Intrusion Detection Systems (HIDS) or AntiVirus Systems. Computer Virus creates major headaches for most organizations, as this list of 10 worst PC virus outbreaks shows. These viru ...

Assignmentaddress the following below in at least 20 slides

Assignment Address the following below in at least 20 slides or more you must include as a minimum an introduction, body, summary/conclusion, and notes pages. It is important that you follow APA formatting guidelines and ...

Resources city council budget proposal documents and your

Resources: City Council Budget Proposal documents and your team's completed outline from Week 4. West City Council Budget Proposal Review your city's information document. Your document includes information about your ag ...

1 how does the traditional role of a cio differ from the it

1. How does the traditional role of a CIO differ from the IT strategic role of a CIO? What is the focus of the strategic CIO? Why is the role of strategic CIO emerging? 2. How can an organization leverage IT to enable a ...

There are three steps in automatic speech recognition asr

There are three steps in automatic speech recognition (ASR): feature analysis, pattern classification, and language processing. Which of those three steps is the most challenging for a computer to perform? Why? Which of ...

  • 4,153,160 Questions Asked
  • 13,132 Experts
  • 2,558,936 Questions Answered

Ask Experts for help!!

Looking for Assignment Help?

Start excelling in your Courses, Get help with Assignment

Write us your full requirement for evaluation and you will receive response within 20 minutes turnaround time.

Ask Now Help with Problems, Get a Best Answer

Section onea in an atwood machine suppose two objects of

SECTION ONE (a) In an Atwood Machine, suppose two objects of unequal mass are hung vertically over a frictionless

Part 1you work in hr for a company that operates a factory

Part 1: You work in HR for a company that operates a factory manufacturing fiberglass. There are several hundred empl

Details on advanced accounting paperthis paper is intended

DETAILS ON ADVANCED ACCOUNTING PAPER This paper is intended for students to apply the theoretical knowledge around ac

Create a provider database and related reports and queries

Create a provider database and related reports and queries to capture contact information for potential PC component pro

Describe what you learned about the impact of economic

Describe what you learned about the impact of economic, social, and demographic trends affecting the US labor environmen