On February 21, 2005, ChoicePoint Inc., a data warehouser having 17,000 business customers, had its massive database of client personal information cracked. Consequently, the company said that about 145,000 consumers across the United States may have been adversely impacted by the breach of the companyÂ’s credentialing process. The company said that the criminals who obtained access used stolen identities to create what seemed to be legitimate businesses wanting ChoicePoint accounts. The cybercriminals then opened 50 accounts and received abundant personal data on consumers, including their names, addresses, credit histories, and Social Security numbers.
As a result of this case as well as of similar 2005 breaches at the LexisNexis Group (affecting 310,000 clients) and at the Bank of America (affecting about 1.2 million federal employees with this charge card), Discount ShoeWarehouse (affecting about 1.2 million clients), and more than 300,000 identities stolen from universities since January 2005, U.S. politicians, including two U.S. Senators, called for hearings and ramped-up regulations to protect consumers against identity theft. Moreover, the U.S. states are collectively proposing more than 150 bills to regulate online security standards, increased identity theft and fraud protection, increased data broker limitations, increased limits on data sharing or use or sales, and better security breach notification.
On March 4, 2005, White Hat hackers surfed the Web at Seattle University with the intent of harvesting Social Security Numbers and credit card numbers. In less than 60 minutes, they found millions of names, birth dates, and Social Security and credit card numbers using just one Internet search engine, Google. They warned that the use of the right kind of sophisticated search terms could even find data deleted from company or government Websites but temporarily cached in GoogleÂ’s extraordinarily large data warehouse. The problem did not lie with Google, they affirmed, but with companies allowing Google to enter into the public segment of their networks (called the DMZ) and index all the data contained there. Although Google does not need to be repaired, said the White Hats, companies and government agencies need to understand that they are exposing themselves and their clients by posting sensitive data in public places.