What’s ironic about what happened at ChoicePoint is that they actually sell identify verfication services. For example, if you order a birth certificate online in the United States, you’re probably going through the VitalChek Network (a subsidiary of ChoicePoint) who decides who you are and if you’re legitimately asking for a document you’re entitled to.
So for ChoicePoint to be fooled by criminals pretending to be legitimate businesses is rather like the locksmith having his front door picked. It might have been less embarrassing if they had been hacked rather than defrauded.
Of course this was a hack, too funny the ChoicPoint CISO trys to suggest otherwise, “it’s fraud” he says. Well guess what, via good ‘ol social engineering they hacked your business processes, how timeless is that and what does that say about their controls?
For an excellent commentary on the ChoicePoint affair, check out this article from CSO magazine.