User Account

All Pages

What was the root cause of the data breach?

Assignment Help Operation Management
Reference no: EM131933150

Question:

What was the root cause of the data breach? How could this data breach have been prevented?

In your opinion, were the fines imposed on ChoicePoint sufficient (high enough) to deter such an incident from happening again? Explain your answer.

In your opinion, how effective are the changes implemented by ChoicePoint at deterring or defending against data breaches? Explain your answer.

$55 Million Data Breach at ChoicePoint: ChoicePoint is a leading data broker and credentialing service. It maintains 19 billion public records on more than 220 million U.S. citizens.

The company buys personal data, including names, Social Security numbers, birthdates, employment data, and credit histories, and then sells the data to businesses and government agencies. Marketing, human resources, accounting, and finance departments rely on ChoicePoint's data for customer leads, background checks, and verification. Roughly 70 percent of ChoicePoint's revenue is generated by selling consumer records for insurance claim verifications and workplace background screenings. ChoicePoint was exposing the data to risk by ignoring its policy to verify that potential customers were legitimate before selling data. Disaster was foreseeable.

In early 2000, without doing an adequate background check, ChoicePoint provided hackers with customer accounts, which they used to illegally access databases and steal confidential data. By May 2008, that security lapse had cost the company over $55 million in fines, compensation to potential victims of identity theft, lawsuit settlements, and legal fees. Then in June 2008, the company also paid $10 million to settle a class action lawsuit.

Disclosing the Problem Publicly: On February 15, 2005, ChoicePoint reported that personal and financial data of 145,000 individuals had been "compromised." All of the individuals were at risk of identity theft after Olatunji Oluwatosin, a Nigerian national living in California, had pretended to represent several legitimate businesses. Ironically, Oluwatosin's credentials had not been verified, which enabled him to set up over 50 bogus business accounts.

Those accounts gave him access to databases containing personal financial data. Oluwatosin was arrested in February 2005, pleaded guilty to conspiracy and grand theft, and was sentenced to 10 years in prison and fined $6.5 million. The state and federal penalties facing ChoicePoint were much larger. Privacy and antifraud laws required that ChoicePoint disclose what had happened.

California's privacy breach legislation requires that residents be informed when personal information has been compromised. Outraged attorneys general in 44 states demanded that the company notify every affected U.S. citizen. At the federal level, ChoicePoint was charged with multiple counts of negligence for failing to follow reasonable information security practices. In 2005, the company was hit with the largest fine in Federal Trade Commission (FTC) history-$15 million. The FTC charged ChoicePoint with violating:

-The Fair Credit Reporting Act (FCRA) for furnishing credit reports to subscribers who did not have a permissible purpose to obtain them and for not maintaining reasonable procedures to verify its subscribers' identities.

-The FTC Act for false and misleading statements about privacy policies on its Web site. On March 4, 2005, in what was a first for a publicly held company, ChoicePoint filed an 8-K report with the SEC warning shareholders that revenue would be adversely affected by the data breach. In January 2006, with the public announcement of the extent of the fines, ChoicePoint's stock price plunged.

The Solution: When a company violates SEC, federal, or state laws, the solution to its problem is going to be dictated to it. The solution to ChoicePoint's risk exposure was mandated by the FTC. The company had to implement new procedures to ensure that it provides consumer reports only to legitimate businesses for lawful purposes.

In addition, the FTC ordered ChoicePoint to establish and maintain a comprehensive information security program and to obtain audits by an independent third-party security professional biyearly until 2026. To reassure stakeholders, ChoicePoint hired Carol DiBattiste, the former deputy administrator of the Transportation Security Administration, as chief privacy officer (CPO).

The Results ChoicePoint reformed its business practices and data security measures, which were too lax relative to its risk exposure. The company had to stop putting risky business practices that focused on short-term revenues ahead of long-term profitability. This business decision is a necessary and ethical trade-off. ChoicePoint's data breach brought businesses' security policies to national attention. It signaled the need for improved corporate governance.

Although there is no generally accepted definition, corporate governance refers to the rules and processes ensuring that the enterprise adheres to accepted ethical standards, best practices, and laws.

Companies that collect sensitive consumer information have a responsibility to keep it secure. Together with high-profile frauds and malware, data breaches have triggered an increase in laws and government involvement to hold companies and their management accountable for lapses in governance. Yet, since ChoicePoint's record-setting data breach, many other infosec incidents and data thefts of greater magnitude have occurred.

Sources: Compiled from ftc.gov, Gross (2005), Kaplan (2008), Mimoso (2006), and Scalet (2005).

Reference no: EM131933150

Questions Cloud

In what situation does this leg up become a non-issue : What factors would you use to weigh internal versus external candidates? Should one have a "leg up" on another?
Analyzing the external environment : Explain how you would use the PEST tool to assist marketers in analyzing the external environment in which they are operating.
We use the time value of money in finance : We use the time value of money in finance to help us value assets used business or investments made.
Why do so many businesspeople object to receiving an e-mail : How might understanding the informal communication pathways in your organization help you become a more effective worker?
What was the root cause of the data breach? : What was the root cause of the data breach? How could this data breach have been prevented?
Analyzing the after-tax cost of debt for a firm : You are analyzing the after-tax cost of debt for a firm. You know that the firm's 12-year maturity, 9.25 percent semiannual coupon bonds are selling at a price.
Customer relationship management for a small business : What are the different processes of customer relationship management for a small business?
Why do you think accountants are often referred : Why do you think accountants are often referred to as the scorekeeper of a business? How do you use accounting in your line of work or in your personal life?
Describe the issue and global environmental impact : Select one of the four issues and briefly describe the issue and its global environmental impact.

Reviews

Write a Review

Operation Management Questions & Answers

  Book review - the goal

Operations Management is about a book review. Title of the book is "Goal". This book has been written by Dr. Eliyahu Goldartt. The book has been appreciated by many as one of those books which offers an insight into the operations and strategic capac..

  Operational plan in hospitality enterprise

Operational plan pertaining to a hospitality enterprise is given in detail in the solution. The operational plan is an important plan or preparation which gives guidelines regarding the role and responsibilities of each and every operation at all lev..

  Managing operations and information

Recognise the importance of a strategic approach to the development and deployment of organisational information systems. Demonstrate an understanding of the importance of databases and their integration to the organisation's overall information mana..

  A make-or-buy analysis

An analysis of the holding costs, including the appropriate annual holding cost rate.

  Evolution and contributor of operations management

Briefly explain Evolution and contributor of Operations management.

  Functions and responsibilities of an operations manager

A number of drivers of change have transformed the roles, functions and responsibilities of an operations manager over recent years. These drivers have not only been based on technological innovations but also on the need for organisations to develop..

  Compute the optimal order quantity

Compute the Optimal Order quantity of DVD players. Determine the appropriate reorder point.

  Relationship to operations practice in the organisation

Evaluate problems in operations and identify approaches to overcoming them. Critically evaluate operating plans and identify areas for improvement. Justify, implement and evaluate changes to operations in line with modern approaches.

  A make or buy analysis

Develop a report for Figi Fabricating that will address the question of whether the company should continue to purchase the part from the supplier or begin to produce the part itself.

  Prepare a staffing plan

Prepare a staffing plan showing the change of your unit from medical/surgical staffing to oncology staffing.

  Leadership styles in different organizations

Ccompare the effectiveness of different leadership styles in different organizations

  Risk management tools and models

Be able to understand the concept of risk, roles and responsibilities for risk management and risk management tools and models.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd