User Account

All Pages

Choice point case

Assignment Help Case Study
Reference no: EM13741661

The ChoicePoint Attack

ChoicePoint, a Georgia-based corporation, provides risk-management and fraud-prevention data. Traditionally, ChoicePoint provided motor vehicle reports, claims histories, and similar data to the automobile insurance industry; in recent years, it broadened its customer base to include general business and government agencies. Today, it also offers data for volunteer and job-applicant screening and data to assist in the location of missing children. ChoicePoint has over 4,000 employees, and its 2004 revenue was $918 million.

In the fall of 2004, ChoicePoint was the victim of a fraudulent spoofing attack in which unauthorized individuals posed as legitimate customers and obtained personal data on more than 145,000 individuals. According to the company's Web site:

These criminals were able to pass our customer authentication due diligence processes by using stolen identities to create and produce the documents needed to appear legitimate. As small business customers of ChoicePoint, these fraudsters accessed products that contained basic telephone directory-type data (name and address information) as well as a combination of Social Security numbers and/or driver's license numbers and, at times, abbreviated credit reports. They were also able to obtain other public record information including, but not limited to bankruptcies, liens, and judgments; professional licenses; and real property data.

ChoicePoint became aware of the problem in November 2004, when it noticed unusual processing activity on some accounts in Los Angeles. Accordingly, the company contacted the Los Angeles Police Department, which requested that ChoicePoint not reveal the activity until the department could conduct an investigation. In January, the LAPD notified ChoicePoint that it could contact the customers whose data had been compromised.

This crime is an example of a failure of authentication and not a network break-in. ChoicePoint's firewalls and other safeguards were not overcome. Instead, the criminals spoofed legitimate businesses. The infiltrators obtained valid California business licenses, and until their unusual processing activity was detected, appeared to be legitimate users.

In response to this problem, ChoicePoint established a hotline for customers whose data were compromised to call for assistance. They also purchased a credit report for each of these people and paid for a one-year credit-report-monitoring service. In February 2005, attorneys initiated a class-action lawsuit for all 145,000 customers with an initial loss claim of $75,000 each. At the same time, the U.S. Senate announced that it would conduct an investigation.

Ironically, ChoicePoint exposed itself to a public relations nightmare, considerable expense, a class-action lawsuit, a Senate investigation, and a 20 percent drop in its share price because it contacted the police and cooperated in the attempt to apprehend the criminals. When ChoicePoint noticed the unusual account activity, had it simply shut down data access for the illegitimate businesses, no one would have known. Of course, the 145,000 customers whose identities had been compromised would have unknowingly been subject to identity theft, but it is unlikely that such thefts could have been tracked back to ChoicePoint.

Source: choicepoint.com/news/statement_0205_1.html#sub1 (accessed February 2005). Used with permission of Choice.Point.com.

Questions to be used as homework assignment prior to the case discussion or as the basis for a case discussion in class:

Choice Point Case

1. Itemize the nature of the information security breach at ChoicePoint and how this adversely affected the organization.  Be sure to include both tangible and intangible losses in preparing your response.  [table]

2. What actions were taken by both ChoicePoint and the “authorities” to address the crisis, and what is your assessment of each action taken?  [table]

3. What reactive steps by ChoicePoint might have mitigated their losses subsequent to their discovery of the information security breach?  Explain/justify your choices.  [table]

4. What proactive steps by ChoicePoint might deter a reoccurrence of such an information security breach?  Explain/justify your choices.  [table]

Reference no: EM13741661

Questions Cloud

Organizations shared values-beliefs-traditions-philosophies : ______An organization's shared values, beliefs, traditions, philosophies, rules, and role models for behavior represent its
Companies that have flat organizations tend also to have : ______Companies that have flat organizations tend also to have
Based on direct lines of authority from the top executive : ______An organizational form that is based on direct lines of authority from the top executive to the lowest level of employees is called
New business in exchange for ownership interest : Persons or organizations that agree to provide some funds for a new business in exchange for ownership interest or stock are called
Choice point case : Choice Point Case;  Itemize the nature of the information security breach at ChoicePoint and how this adversely affected the organization.  Be sure to include both tangible and intangible losses in preparing your response.
Choicepoint case study : To what extent did each of the following three areas (technology, people, process) play in the ChoicePoint data breach? Explain.
Research proposal specifics : Research Proposal Specifics==You are about to commence a new research project in a field of your choice. You are expected to write a report that constitutes a research proposal.
The camera store in question wants to increase sales : The camera store in question wants to increase sales and is exploring three options: 1. Invest and expand the current store. 2. Open a second store in another part of the city. 3. Open an online outlet.
What are the medians for the 2 data sets : What are the medians for the 2 data sets? Is there a difference or similarity between the mean and the median? Explain the similarity or difference?

Reviews

Write a Review

Case Study Questions & Answers

  Find australian shared services case studies

Research and find four Australian shared services case studies you need to write the conclusion of each use case.

  What are the ethical issues in this case

What are the ethical issues in this case - Do hybrid seeds represent as serious a concern as that represented by GM foods? What policy would you recommend for hybrid seeds and vegetables?

  Identifies the qualities of charismatic and transformation

How would you describe the dyadic relationship between Anne Mulcahy and Ursula Burns and One of the characteristics of effective teams is the presence of a capable and competent team leader.It describes different activities of the team leader in cr..

  Explain how fortescues governance structure

Briefly explain how Fortescue's governance structure is organised. How does the board ensure that company owners are well informed about their operations? Provide one brief example.

  Organisation development plan

Drastic Action or Evolutionary Adaptation: An Organisation Development Perspective - Organisation Development Plan

  Criteria for ethical decision-making

Write a 700- to 1,050-word persuasive argument that defends your course of action. includes criteria for ethical decision-making from at least two of the four ethical perspectives.

  1web site functionality the evaluation of the web site will

1web site functionality the evaluation of the web site will be made based on the extent to which the following criteria

  Determine whether the prosecutor has proved his case

What do vou look for to determine whether the prosecutor has proved his case? And what to determine whether the defense has proved her nice?

  Task1bullcreate a check list that contains key point for

task1bullcreate a check list that contains key point for evaluating an ecommerce website. try to spot those points in

  Krispy kreme financially healthy at year-end 2004

Is Krispy Kreme financially healthy at year-end 2004 and in light of your answer to question 1, what accounts for the firm's recent share price decline?

  Explain why the communication skills and techniques used

Explain why conflict resolution communication skills are not always present in everyday workplace situationsand how a skilled communications professional wouldadd value to that workplace.

  Describe the organizational authentication technology

Identify and describe the organizational authentication technology and network security issues and make a list of access points internal and external (remote).

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd