Choicepoint Won't Benefit from Bank of America Leak
I wasn’t going to blog on BofA‘s little kerfuffle. But then Ian went and blogged about it, and I think he gets it partially right and partially very wrong. His actual conclusion is spot on:
In order to share the information, and raise the knowledge of what’s important and what’s not, we may have to get over the finger pointing. That may mean we have to go through several ChoicePoints, if only so that it can become routine and not scandalous. Bank of America is thus timely and expected; although I don’t think anyone else is likely to see it that way.
Ian is right about this: We need more routine disclosure of security incidents. We need to know what caused them, what mechanisms were used to get in, and how they were detected, so we can learn from them. This will be a slightly painful transition, but most companies with security issues are not facing a Choicepoint-scale scandal.
There’s an important reason that Choicepoint and BofA are different in the consumer’s mind. Everyone affected by this is carrying a BofA card in their wallet. They understand that BofA knows about them. In contrast, most of the stories on Choicepoint had to start out by explaining that this company exists, to spy on Americans, and oops, they can’t keep track of their own customers. Choicepoint has also managed to totally mangle their public relations because of their orientation and world-view. I’ll say more about that shortly.
Therefore, Bank of America,
Maxxpay PayMaxx, and anyone else who’s releasing their 1386 notices this week aren’t really going to draw heat from Choicepoint. They’re still going to be the focus of the story.
[I have lots more on Choicepoint, visit the main page, or the February archive.] [Update: I said Maxxpay, because I hadn’t had enough coffee when I wrote this.]