User Account

All Pages

What was the root cause of the data breach?

Assignment Help Operation Management
Reference no: EM131933150

Question:

What was the root cause of the data breach? How could this data breach have been prevented?

In your opinion, were the fines imposed on ChoicePoint sufficient (high enough) to deter such an incident from happening again? Explain your answer.

In your opinion, how effective are the changes implemented by ChoicePoint at deterring or defending against data breaches? Explain your answer.

$55 Million Data Breach at ChoicePoint: ChoicePoint is a leading data broker and credentialing service. It maintains 19 billion public records on more than 220 million U.S. citizens.

The company buys personal data, including names, Social Security numbers, birthdates, employment data, and credit histories, and then sells the data to businesses and government agencies. Marketing, human resources, accounting, and finance departments rely on ChoicePoint's data for customer leads, background checks, and verification. Roughly 70 percent of ChoicePoint's revenue is generated by selling consumer records for insurance claim verifications and workplace background screenings. ChoicePoint was exposing the data to risk by ignoring its policy to verify that potential customers were legitimate before selling data. Disaster was foreseeable.

In early 2000, without doing an adequate background check, ChoicePoint provided hackers with customer accounts, which they used to illegally access databases and steal confidential data. By May 2008, that security lapse had cost the company over $55 million in fines, compensation to potential victims of identity theft, lawsuit settlements, and legal fees. Then in June 2008, the company also paid $10 million to settle a class action lawsuit.

Disclosing the Problem Publicly: On February 15, 2005, ChoicePoint reported that personal and financial data of 145,000 individuals had been "compromised." All of the individuals were at risk of identity theft after Olatunji Oluwatosin, a Nigerian national living in California, had pretended to represent several legitimate businesses. Ironically, Oluwatosin's credentials had not been verified, which enabled him to set up over 50 bogus business accounts.

Those accounts gave him access to databases containing personal financial data. Oluwatosin was arrested in February 2005, pleaded guilty to conspiracy and grand theft, and was sentenced to 10 years in prison and fined $6.5 million. The state and federal penalties facing ChoicePoint were much larger. Privacy and antifraud laws required that ChoicePoint disclose what had happened.

California's privacy breach legislation requires that residents be informed when personal information has been compromised. Outraged attorneys general in 44 states demanded that the company notify every affected U.S. citizen. At the federal level, ChoicePoint was charged with multiple counts of negligence for failing to follow reasonable information security practices. In 2005, the company was hit with the largest fine in Federal Trade Commission (FTC) history-$15 million. The FTC charged ChoicePoint with violating:

-The Fair Credit Reporting Act (FCRA) for furnishing credit reports to subscribers who did not have a permissible purpose to obtain them and for not maintaining reasonable procedures to verify its subscribers' identities.

-The FTC Act for false and misleading statements about privacy policies on its Web site. On March 4, 2005, in what was a first for a publicly held company, ChoicePoint filed an 8-K report with the SEC warning shareholders that revenue would be adversely affected by the data breach. In January 2006, with the public announcement of the extent of the fines, ChoicePoint's stock price plunged.

The Solution: When a company violates SEC, federal, or state laws, the solution to its problem is going to be dictated to it. The solution to ChoicePoint's risk exposure was mandated by the FTC. The company had to implement new procedures to ensure that it provides consumer reports only to legitimate businesses for lawful purposes.

In addition, the FTC ordered ChoicePoint to establish and maintain a comprehensive information security program and to obtain audits by an independent third-party security professional biyearly until 2026. To reassure stakeholders, ChoicePoint hired Carol DiBattiste, the former deputy administrator of the Transportation Security Administration, as chief privacy officer (CPO).

The Results ChoicePoint reformed its business practices and data security measures, which were too lax relative to its risk exposure. The company had to stop putting risky business practices that focused on short-term revenues ahead of long-term profitability. This business decision is a necessary and ethical trade-off. ChoicePoint's data breach brought businesses' security policies to national attention. It signaled the need for improved corporate governance.

Although there is no generally accepted definition, corporate governance refers to the rules and processes ensuring that the enterprise adheres to accepted ethical standards, best practices, and laws.

Companies that collect sensitive consumer information have a responsibility to keep it secure. Together with high-profile frauds and malware, data breaches have triggered an increase in laws and government involvement to hold companies and their management accountable for lapses in governance. Yet, since ChoicePoint's record-setting data breach, many other infosec incidents and data thefts of greater magnitude have occurred.

Sources: Compiled from ftc.gov, Gross (2005), Kaplan (2008), Mimoso (2006), and Scalet (2005).

Reference no: EM131933150

Questions Cloud

In what situation does this leg up become a non-issue : What factors would you use to weigh internal versus external candidates? Should one have a "leg up" on another?
Analyzing the external environment : Explain how you would use the PEST tool to assist marketers in analyzing the external environment in which they are operating.
We use the time value of money in finance : We use the time value of money in finance to help us value assets used business or investments made.
Why do so many businesspeople object to receiving an e-mail : How might understanding the informal communication pathways in your organization help you become a more effective worker?
What was the root cause of the data breach? : What was the root cause of the data breach? How could this data breach have been prevented?
Analyzing the after-tax cost of debt for a firm : You are analyzing the after-tax cost of debt for a firm. You know that the firm's 12-year maturity, 9.25 percent semiannual coupon bonds are selling at a price.
Customer relationship management for a small business : What are the different processes of customer relationship management for a small business?
Why do you think accountants are often referred : Why do you think accountants are often referred to as the scorekeeper of a business? How do you use accounting in your line of work or in your personal life?
Describe the issue and global environmental impact : Select one of the four issues and briefly describe the issue and its global environmental impact.

Reviews

Write a Review

Operation Management Questions & Answers

  Shavon company consists of total fixed costs of 6000000 and

shavon company has total fixed costs of 6000000 and total variable cost of 3000000 at a volume level of 300000 units.

  What is your faith-based recommendation

Once in a while, organizations are publicly criticized for their unethical operations. One of the recent incidents is Volkswagen scandal. What was the issue (in ethical point of view)? What were the implications? What is your faith-based recommendati..

  Research the ways to improve the quality of service

Operational excellence supports competitive advantages core components in various areas in the organization.

  Use balanced scorecard to make its business more efficient

How can Costco use the balanced scorecard to make its business more efficient?

  Integration of all our manufacturing functions

Discuss each of the following statements. What do you think is wrong with each of them?

  What are cost characteristics of each delivery option

Spartan Plastics provides components to assembly plants in the automobile industry. Currently, they ship directly from their plant in St. Louis, Missouri, to plants in Lansing, Michigan; Toledo, Ohio; and eight assembly plants surrounding Detroit, Mi..

  Business policy and strategy

identify a topic for your case study analysis and research paper business Policy and strategy,

  Processing facility where employees pick the customer orders

You are managing an order processing facility where employees pick the customer orders from the warehouse, package,

  Explain difference in business model canvas and lean canvas

Describe the business model canvas (BMC), and explain the difference between BMC and the Lean Canvas.

  Provide a suggestion on risk management for the situation

Provide a summary of the articles, and share how the strategies suggested can be applied to this situation.

  Money to spare on frivolous employee benefits

Your company has no money to spare on frivolous employee benefits.

  Spent in initiating and planning activities for projects

What does research suggest as a best practice for how much time should be spent in initiating and planning activities for projects?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd