http://www.schneier.com/blog/archives/2005/03/choicepoint_say.html
ChoicePoint Says "Please Regulate Me"
According to ChoicePoint's most recent 8-K filing:
Based on information currently available, we estimate that approximately
145,000 consumers from 50 states and other territories may have had their
personal information improperly accessed as a result of the recent Los
Angeles incident and certain other instances of unauthorized access to our
information products. Approximately 35,000 of these consumers are California
residents, and approximately 110,000 are residents of other states. These
numbers were determined by conducting searches of our databases that matched
searches conducted by customers who we believe may have had unauthorized
access to our information products on or after July 1, 2003, the effective
date of the California notification law. Because our databases are
constantly updated, our search results will never be identical to the search
results of these customers.
Catch that? ChoicePoint actually has no idea if only 145,000 customers were
affected by its recent security debacle. But it's not doing any work to
determine if more than 145,000 customers were affected -- or if any
customers before July 1, 2003 were affected -- because there's no law
compelling it to do so.
I have no idea why ChoicePoint has decided to tape a huge "Please Regulate
My Industry" sign to its back, but it's increasingly obvious that it has.
There's a class-action shareholders' lawsuit, but I don't think that will be
enough.
You are a subscribed member of the infowarrior list. Visit
www.infowarrior.org for list information or to unsubscribe. This message
may be redistributed freely in its entirety. Any and all copyrights
appearing in list messages are maintained by their respective owners.
