Login
|
Create Account
+1-415-670-9189
info@expertsmind.com
Submit Homework/Assignment
Get quote & make Payment
Get Solution
The ChoicePoint Attack Case Study, Management Information Sys
It is a case study
The ChoicePoint Attack
ChoicePoint, a Georgia-based corporation, provides risk-management and fraud-prevention data. Traditionally, ChoicePoint provided motor vehicle reports, claims histories, and similar data to the automobile insurance industry; in recent years, it broadened its customer base to include general business and government agencies. Today, it also offers data for volunteer and job-applicant screening and data to assist in the location of missing children. ChoicePoint has over 4,000 employees, and its 2004 revenue was $918 million.
In the fall of 2004, ChoicePoint was the victim of a fraudulent spoofing attack in which unauthorized individuals posed as legitimate customers and obtained personal data on more than 145,000 individuals. According to the company''s Web site:
These criminals were able to pass our customer authentication due diligence processes by using stolen identities to create and produce the documents needed to appear legitimate. As small business customers of ChoicePoint, these fraudsters accessed products that contained basic telephone directory-type data (name and address information) as well as a combination of Social Security numbers and/or driver''s license numbers and, at times, abbreviated credit reports. They were also able to obtain other public record information including, but not limited to bankruptcies, liens, and judgments; professional licenses; and real property data.
ChoicePoint became aware of the problem in November 2004, when it noticed unusual processing activity on some accounts in Los Angeles. Accordingly, the company contacted the Los Angeles Police Department, which requested that ChoicePoint not reveal the activity until the department could conduct an investigation. In January, the LAPD notified ChoicePoint that it could contact the customers whose data had been compromised.
This crime is an example of a failure of authentication and not a network break-in. ChoicePoint''s firewalls and other safeguards were not overcome. Instead, the criminals spoofed legitimate businesses. The infiltrators obtained valid California business licenses, and until their unusual processing activity was detected, appeared to be legitimate users.
In response to this problem, ChoicePoint established a hotline for customers whose data were compromised to call for assistance. They also purchased a credit report for each of these people and paid for a one-year credit-report-monitoring service. In February 2005, attorneys initiated a class-action lawsuit for all 145,000 customers with an initial loss claim of $75,000 each. At the same time, the U.S. Senate announced that it would conduct an investigation.
Ironically, ChoicePoint exposed itself to a public relations nightmare, considerable expense, a class-action lawsuit, a Senate investigation, and a 20 percent drop in its share price because it contacted the police and cooperated in the attempt to apprehend the criminals. When ChoicePoint noticed the unusual account activity, had it simply shut down data access for the illegitimate businesses, no one would have known. Of course, the 145,000 customers whose identities had been compromised would have unknowingly been subject to identity theft, but it is unlikely that such thefts could have been tracked back to ChoicePoint.
Source: choicepoint.com/news/statement_0205_1.html#sub1 (accessed February 2005). Used with permission of Choice.Point.com.
Questions to be used as homework assignment prior to the case discussion or as the basis for a case discussion in class:
Choice Point Case
1. Itemize the nature of the information security breach at ChoicePoint and how this adversely affected the organization. Be sure to include both tangible and intangible losses in preparing your response. [table]
2. What actions were taken by both ChoicePoint and the “authorities” to address the crisis, and what is your assessment of each action taken? [table]
3. What reactive steps by ChoicePoint might have mitigated their losses subsequent to their discovery of the information security breach? Explain/justify your choices. [table]
4. What proactive steps by ChoicePoint might deter a reoccurrence of such an information security breach? Explain/justify your choices. [table]
Posted Date: 6/19/2013 2:06:18 PM | Location : United States
Ask an Expert
Related Discussions:-
The ChoicePoint Attack Case Study, Assignment Help, Ask Question on The ChoicePoint Attack Case Study, Get Answer, Expert's Help, The ChoicePoint Attack Case Study Discussions
Write discussion on The ChoicePoint Attack Case Study
Your posts are moderated
Write your message here..
Related Questions
Suppy chain management, outline any 5 shifts in marketing manmagement
outline any 5 shifts in marketing manmagement
Economic breakeven quantity of demand, XYZ Electronics has an alternative m...
XYZ Electronics has an alternative method of producing the modified bearings. It has an opportunity to build a small manufacturing facility in a foreign country and build the part
Digital information system, discuss customer relationship management of a w...
discuss customer relationship management of a website
Data flow diagram, Draw a DFD based on all of the preceding information
Draw a DFD based on all of the preceding information
What do you mean by various views of databas, What do you mean by various v...
What do you mean by various views of database ? Also give advantages and disadvantages of all views. Illustrate various terms of database also - data record, data file, data field,
Information infrastructure and services, Dean Kamen holds more than 150 US ...
Dean Kamen holds more than 150 US and foreign patents related to medical devices, climate control systems, and helicopter design. In 2001 he developed a business to manufacture and
Invoice analysis, Invoice Analysis: Company involves have been provid...
Invoice Analysis: Company involves have been provided a very useful source of information. A copy of an invoice is preserved and information form it may be punched tabulated;
Subject directories, Subject Directories Subject directories, also kn...
Subject Directories Subject directories, also known as subject guides allow people to browse information by subject. They are hierarchically organised indexes of different su
What is the significance of telecommunications deregulation, Problem: (...
Problem: (a) Distinguish between a virus, a worm, and a Trojan horse. (b) A computer can be a target of a crime or an instrument of a crime. State three examples of each.
Electronics, bjt and fet
bjt and fet
Assignment Help
Accounting Assignment Help
Economics Assignment Help
Finance Assignment Help
Statistics Assignment Help
Physics Assignment Help
Chemistry Assignment Help
Math Assignment Help
Biology Assignment Help
English Assignment Help
Management Assignment Help
Engineering Assignment Help
Programming Assignment Help
Computer Science Assignment Help
IT Courses and Help
ExpertsMind Services
Online Tutoring
Projects Assistance
Exam Preparation
Coursework Help
Programming Courses
Engineering Courses
Why Us ?
~Experienced Tutors
~24x7 hrs Support
~Plagiarism Free
~Quality of Work
~Time on Delivery
~Privacy of Work