Answered step by step
Verified Expert Solution
Question
1 Approved Answer
IMPACTS OF CHOICEPOINT S NEGLIGENCE IN INFORMATION SECURITY ChoicePoint is a leading data broker with access to 1 9 billion public records and information on
IMPACTS OF CHOICEPOINTS NEGLIGENCE IN INFORMATION SECURITY ChoicePoint is a leading data broker with access to billion public records and information on more than million individuals. The company collects personal information, including names, Social Security numbers, birth dates, employment information, and credit histories, which it then sells to over businesses and government agencies. They rely on ChoicePoints data for customer leads, background checks, or other verification purposes. The Problem On February ChoicePoint reported that the personal and financial information of individuals had been compromised putting them at risk of identity theft. The compromise was not due to hackers or malicious spyware. ChoicePoint had sold the information to Olatunji Oluwatosin, a yearold Nigerian national living in California, who had pretended to represent several legitimate businessesa technique that is called pretexting. Oluwatosins credentials had not been verified, which enabled him to set up bogus business accounts that gave him access to databases containing personal financial data. For their negligence and violation of their privacy policy, ChoicePoint faced state and federal penalties. At the state level, ChoicePoint was compelled to disclose what had happened. Californias privacy breach notification law, Senate Bill SB which went into effect in July required ChoicePoint to inform residents that their personal information had been compromised. Within days, outraged attorneys general in other states demanded that the company notify every affected US citizen. At the federal level, ChoicePoint was charged with multiple counts of negligence for failing to follow reasonable information security practices. Beginning in the company had been receiving subpoenas from law enforcement authorities alerting them to fraudulent activity. Despite these warnings, management did not tighten customer approval procedures to safeguard access to confidential data. The Federal Trade Commission FTC charged ChoicePoint with violating the: Fair Credit Reporting Act FCRA by furnishing credit reports to subscribers who did not have a permissible purpose to obtain them, and by not maintaining reasonable procedures to verify their subscribers identities and intended use of the information. FTC Act by making false and misleading statements about its privacy policies on its Web site. Section of the FTC Act prohibits unfair or deceptive practices, which gives the FTC authority to take action against companies whose lax security practices could expose the personal financial information of customers to theft or loss. For a full explanation of the Act, see ftcgovprivacy privacyinitiativespromiseshtml On March ChoicePoint filed a report with the SEC warning shareholders of an expected $ million decline in income by December and a $ million increase in expenses from the incident. In addition, there would also be FTC fines. In January the FTC announced that ChoicePoint had agreed to pay a $ million fine, the agencys largestever civil penalty, plus $ million to compensate customers for losses stemming from the data breach. Legal expenses of $ were incurred in the first quarter of alone related to the fraudulent data access. With the announcement of the impending $ million settlement, ChoicePoints stock price plunged, as shown in Exhibit W The Solution As part of the settlement, the FTC mandated the solutions to ChoicePoints risk exposure. The company implemented new procedures to ensure that it provides consumer reports only to legitimate businesses for lawful purposes, established and maintains a comprehensive information security program, and obtains audits by an independent thirdparty security professional every other year until To reassure stakeholders and legitimate customers, ChoicePoint hired a chief privacy officer CPO The Results ChoicePoints data breach brought businesses security policies to national attention. Together with highprofile frauds and malware, data breaches have triggered increased corporate governance and accountability. Sources: Compiled from ftcgov, Gross Mimoso and Scalet Please to answer the following questions below and also to put in a powerpoint preseentation Also, please add visuals like charts or graphs to illustrate the financial losses or stock price decline. Questions Explain why Oluwatosins pretexting attempt at Choicepoint was effective. List three business impacts of the data breach. List three changes that were made to increase information security.
IMPACTS OF CHOICEPOINTS NEGLIGENCE
IN INFORMATION SECURITY
ChoicePoint is a leading data broker with access to billion
public records and information on more than million
individuals. The company collects personal information,
including names, Social Security numbers, birth dates,
employment information, and credit histories, which it then
sells to over businesses and government agencies.
They rely on ChoicePoints data for customer leads,
background checks, or other verification purposes.
The Problem
On February ChoicePoint reported that the personal
and financial information of individuals had been
compromised putting them at risk of identity theft. The
compromise was not due to hackers or malicious spyware.
ChoicePoint had sold the information to Olatunji Oluwatosin,
a yearold Nigerian national living in California, who had
pretended to represent several legitimate businessesa
technique that is called pretexting. Oluwatosins credentials
had not been verified, which enabled him to set up bogus
business accounts that gave him access to databases containing personal financial data. For their negligence and violation
of their privacy policy, ChoicePoint faced state and federal
penalties.
At the state level, ChoicePoint was compelled to
disclose what had happened. Californias privacy breach
notification law, Senate Bill SB which went
into effect in July required ChoicePoint to inform
residents that their personal information had been compromised. Within days, outraged attorneys general in other
states demanded that the company notify every affected
US citizen.
At the federal level, ChoicePoint was charged with
multiple counts of negligence for failing to follow
reasonable information security practices. Beginning in
the company had been receiving subpoenas from
law enforcement authorities alerting them to fraudulent
activity. Despite these warnings, management did not
tighten customer approval procedures to safeguard
access to confidential data. The Federal Trade Commission
FTC charged ChoicePoint with violating the:
Fair Credit Reporting Act FCRA by furnishing credit
reports to subscribers who did not have a permissible
purpose to obtain them, and by not maintaining
reasonable procedures to verify their subscribers
identities and intended use of the information.
FTC Act by making false and misleading statements about
its privacy policies on its Web site.
Section of the FTC Act prohibits unfair or deceptive
practices, which gives the FTC authority to take action
against companies whose lax security practices could expose
the personal financial information of customers to theft or
loss. For a full explanation of the Act, see ftcgovprivacy
privacyinitiativespromiseshtml
On March ChoicePoint filed a report with the
SEC warning shareholders of an expected $ million decline
in income by December and a $ million increase
in expenses from the incident. In addition, there would
also be FTC fines. In January the FTC announced that
ChoicePoint had agreed to pay a $ million fine, the agencys
largestever civil penalty, plus $ million to compensate
customers for losses stemming from the data breach. Legal
expenses of $ were incurred in the first quarter of
alone related to the fraudulent data access. With the
announcement of the impending $ million settlement,
ChoicePoints stock price plunged, as shown in Exhibit W
The Solution
As part of the settlement, the FTC mandated the solutions to
ChoicePoints risk exposure. The company implemented new
procedures to ensure that it provides consumer reports only
to legitimate businesses for lawful purposes, established and
maintains a comprehensive information security program,
and obtains audits by an independent thirdparty security
professional every other year until To reassure stakeholders and legitimate customers, ChoicePoint hired a chief
privacy officer CPO
The Results
ChoicePoints data breach brought businesses security policies to national attention. Together with highprofile frauds
and malware, data breaches have triggered increased corporate governance and accountability.
Sources: Compiled from ftcgov, Gross Mimoso and
Scalet
Please to answer the following questions below and also to put in a powerpoint preseentation
Also, please add visuals like charts or graphs to illustrate the financial losses or stock price decline.
Questions
Explain why Oluwatosins pretexting attempt at
Choicepoint was effective.
List three business impacts of the data breach.
List three changes that were made to increase information security.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started