North Carolina State University
In 2005, there was a significant increase in the number of security and privacy breaches disclosed to the public. Leading the charge was ChoicePoint, a data broker that suffered fraudulent access to its vast databases of personal information. ChoicePoint and other data brokers exist in a largely unregulated environment, in which there appears to be little concern for the security and privacy of the personal information they store on virtually every U.S. citizen. In this paper, the authors examine the details of ChoicePoint's data breach. Their analysis explores what went wrong from the perspective of consumers and executives as well as policy and IT systems.