Ask Question, Ask an Expert


Ask Management Information System Expert

The ChoicePoint Attack

ChoicePoint, the Georgia-based corporation, offers risk-management and fraud-prevention data. Traditionally, ChoicePoint provided motor vehicle reports, claims histories, and similar data to the automobile insurance industry; in recent years, it broadened its customer base to include general business and government agencies. Today, it also provides data for volunteer and job-applicant screening and data to assist in location of missing children. ChoicePoint has over 4,000 employees, and its 2004 revenue was $918 million.

In the fall of 2004, ChoicePoint was victim of the fraudulent spoofing attack in which unauthorized individuals posed as legitimate customers and obtained personal data on more than 145,000 individuals. According to a company's Web site:

These criminals were able to pass our customer authentication due diligence processes by using stolen identities to make and produce the documents needed to appear legitimate. As small business customers of ChoicePoint, these fraudsters accessed products which contained basic telephone directory-type data (name and address information) as well as a combination of Social Security numbers and/or driver's license numbers and, at times, abbreviated credit reports. They were also able to obtain other public record information including, but not limited to bankruptcies, liens, and judgments; professional licenses; and real property data.

ChoicePoint became aware of the problem in November 2004, when it noticed unusual processing activity on some accounts in Los Angeles. Accordingly, company contacted the Los Angeles Police Department, which requested that ChoicePoint not reveal the activity until the department can conduct an investigation. In January, the LAPD notified ChoicePoint that it can contact the customers whose data had been compromised.

This crime is an ex of the failure of authentication and not a network break-in. ChoicePoint's firewalls and other safeguards were not overcome. Instead, the criminals spoofed legitimate businesses. Infiltrators obtained valid California business licenses, and until their unusual processing activity was detected, appeared to be legitimate users.

In response to this problem, ChoicePoint established the hotline for customers whose data were compromised to call for assistance. They also purchased the credit report for each of these people and paid for a one-year credit-report-monitoring service. In February 2005, attorneys initiated the class-action lawsuit for all 145,000 customers with the initial loss claim of $75,000 each. At the same time, the U.S. Senate announced that it will conduct an investigation.

Ironically, ChoicePoint exposed itself to the public relations nightmare, considerable expense, a class-action lawsuit, a Senate investigation, and a 20 percent drop in its share price because it contacted the police and cooperated in the attempt to apprehend the criminals. When ChoicePoint noticed the unusual account activity, had it simply shut down data access for the illegitimate businesses, no one would have known. Of course, the 145,000 customers whose identities had been compromised would have unknowingly been subject to identity theft, but it is unlikely that such thefts could have been tracked back to ChoicePoint.
Source: (accessed February 2005). Used with permission of

Answer the following problems:

problem1) Itemize the nature of the information security breach at ChoicePoint and how this adversely affected the organization.  Be sure to include both tangible and intangible losses in preparing your response.

problem2) What actions were taken by both ChoicePoint and the “authorities” to address the crisis, and what is your assessment of each action taken? 

problem3)What reactive steps by ChoicePoint might have mitigated their losses subsequent to their discovery of the information security breach?  describe/justify your choices. 

problem4) What proactive steps by ChoicePoint might deter a reoccurrence of such an information security breach?  describe/justify your choices.

Management Information System, Management Studies

  • Category:- Management Information System
  • Reference No.:- M9574

Have any Question? 

Related Questions in Management Information System

I need 6 page please i want original work thanks you have

I need 6 page. Please I want original work thanks You have been asked by your health care organization to provide a detailed report on the benefits of implementing a new health information technology system to comply wit ...

Business impact analysiscreate a business impact analysis

Business Impact Analysis Create a business impact analysis on SanGrafix a video game design company. The BIA should include a descriptive list of the organization's key business areas. The BIA helps to identify and prior ...

Objectives the objective of this research paper is to

Objectives The Objective of this research paper is to discuss the impact of IT and Technology on achieving Business Objectives. Following questions needs to be answered: 1) What is your view on the role IT in a business ...

The focus of the research paper is data leakage how does

The focus of the research paper is Data Leakage. How does data leakage occur in an organization? What are the common causes of this problem? How would use address this troublesome trend? APA Format No Plagarisim at all. ...

Quality of servicedetermine the necessary service level

Quality of Service Determine the necessary Service Level Agreements (SLA) needed from your carrier services, along with the quality of service expectations required. Consider how the SLA will affect business and how you ...

Pwerpoint presentationdigital media has changed the ways

Pwerpoint Presentation Digital media has changed the ways ideas, information, and arguments in society are communicated both locally and globally. Individuals and organizations frequently use digital media as a means to ...

Read the following article us investigating potential

Read the following article: U.S. investigating potential covert Russian plan to disrupt November elections ( ...

Based on what you have learned about mobile and wearable

Based on what you have learned about mobile and wearable computing devices, prepare a 5-slide presentation to a department head or the CEO of a company to convince the audience that these devices and the data from these ...

You recently joined a small start-up company that has

You recently joined a small start-up company that has developed a suite of cybersecurity products that integrate network sensors (hardware) with big data analytics (software) to provide advanced threat detection at an af ...

Scm case analysis information technologywrite a paper about

SCM Case Analysis: Information Technology Write a paper about their supply chain strategy and their use of forecasting and planning to develop their strategy. You prepared a PowerPoint presentation to explain your compan ...

  • 4,153,160 Questions Asked
  • 13,132 Experts
  • 2,558,936 Questions Answered

Ask Experts for help!!

Looking for Assignment Help?

Start excelling in your Courses, Get help with Assignment

Write us your full requirement for evaluation and you will receive response within 20 minutes turnaround time.

Ask Now Help with Problems, Get a Best Answer

A cola-dispensing machine is set to dispense 9 ounces of

A cola-dispensing machine is set to dispense 9 ounces of cola per cup, with a standard deviation of 1.0 ounce. The manuf

What is marketingbullwhat is marketing think back to your

What is Marketing? • "What is marketing"? Think back to your impressions before you started this class versus how you

Question -your client david smith runs a small it

QUESTION - Your client, David Smith runs a small IT consulting business specialising in computer software and techno

Inspection of a random sample of 22 aircraft showed that 15

Inspection of a random sample of 22 aircraft showed that 15 needed repairs to fix a wiring problem that might compromise

Effective hrmquestionhow can an effective hrm system help

Effective HRM Question How can an effective HRM system help facilitate the achievement of an organization's strate