From a recent CSO Online article, The Five Most Shocking Things About the ChoicePoint Debacle:
Maybe it was the fact that this wasn't a hack. Personal information of nearly 145,000 people wasn't stolen from ChoicePoint. In fact, the company sold
the information to inadequately vetted bogus businesses—this when the
company itself helps other businesses verify creds. Maybe it was that
the people whose information was compromised
weren't customers of ChoicePoint, just accidental citizens of the vast
databases of the Alpharetta, Ga.-based information broker. Maybe it was
the way that ChoicePoint behaved after the breach: from an initial,
bumbling response that smacked of marketing, to a changing story about
what had happened and how the company was responding, to the revelation
that top executives had sold millions of dollars worth of stock between
the time the fraud was discovered and when it was announced to the
Or maybe it was this last twisted bit of irony: ChoicePoint chairman
and CEO Derek V. Smith had recently written two books about how
individuals can protect themselves in the information age.
You can't make this stuff up.
This article firmly clarifies the inherent fallacies in
information brokers. They gather their information serendipitously,
purport to be experts in privacy, but are huge target for attackers. The
information they contain is probably more valuable then most banks contain in their
vaults, but they secure it like old sales figures. This article has too
many quotes worth reprinting, just find some time to read through it.