Shostack + Friends Blog Archive


Costs of Breaches

The Ponemon Institute continues to analyze the cost of breaches. Their latest work is distributed by PGP, Inc. The work that they’re doing is quite challenging and useful, but is unlikely to be a complete accounting of the costs. For example, what’s the real cost of the brand damage done to Choicepoint?

Along with several other data brokers, ChoicePoint has been accused in Florida of violating the federal Drivers Privacy Protection Act by selling motor vehicle records to marketers and other inappropriate buyers. (The act was designed to keep burglars and stalkers from obtaining motorists’ home addresses based on license plates they spotted on the road.) A request for class-action certification is pending in federal court.

The California DMV says it first heard from ChoicePoint in October 2004, when the company requested access to all drivers’ license records. The state rejected the request out of hand, says Armando Botello, a DMV spokesman.

From LA Times, “Big Data Broker Eyes DMV Records.”