Close Close
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards

Retirement Planning > Social Security

Elephant? What Elephant?

Your article was successfully shared with the contacts you provided.

Elephant? What Elephant?

If youve ever been in group therapy, or if youve just been part of a group at work or in a professional organization, you may have run into the nagging dilemma of “the elephant in the room.”

This “elephant” is a significant issue, problem or question that is quite obvious to everyone present, yet no one seems to want to talk about it. And usually the elephant problem is so big and so important that the group is powerless to make any progress until the ponderous pachyderm is dealt with. Still, group members refuse to even acknowledge its existence, and conversation is limited to more mundane matters, like who got thrown under the bus on “American Idol” last night.

Why wont people publicly address what they would all privately agree is a significant issue? Usually, the answer is fearfear of criticism, fear of being attacked, fear of looking like a fool, fear of personal ridicule, fear of offending someone, fear of losing a jobthe list is endless.

For example, if youre a member of a group charged with revamping your firms computer systems, the “elephant” might be the fact that, although your group has been given the task of recommending a new system, you and the other group members know full well that your CEO actually doesnt want to replace the present system. Politically within the company, its probably a lot safer to say “How could those idiots vote Aloha off the show?” than it is to say “Why are we wasting our time on this?”

Unfortunately, the problem of “elephants” isnt confined to small groups. Take the case of Alpharetta, Ga.-based ChoicePoint. Just recently, it was reported by MSNBC that criminals posing as legitimate businesses had accessed critical personal data being stored by ChoicePoint, which “maintains databases of background information on virtually every U.S. citizen.”

ChoicePoint also provides risk management and fraud prevention information, primarily to the insurance industry, according to Hoovers Online. Its Insurance Services division provides information that includes motor vehicle reports, claims histories, customized policy rating and insurance software, and property inspections and audits.

The incident involves the pilfering of names, addresses, Social Security numbers, credit reports, and more, said MSNBC. In February, ChoicePoint notified between 30,000 and 50,000 consumers in California that their personal data might have been accessed.

MSNBC added that the incident was first discovered last October, when the crooks posed as a ChoicePoint client to gain access to ChoicePoints databases. About 50 fake companies had been set up and then registered with ChoicePoint to access consumer data.

In what may be one of the most significant cybercrimes ever, the bad guys apparently pulled off a basic identity scam that didnt depend on distributing malicious software or opening a back door to someones systems with genius-level programming.

What exactly happened here? How does someone set up 50 dummy corporations and get access to a goldmine of personal consumer information that spans the entire nation without raising some red flags somewhere? Before this incident, did ChoicePoint have in place any safeguards against such a social engineering scheme? Do they have any safeguards now?

These are reasonable questions to ask of a company that hangs its reputation on maintaining the security of the valuable data it handles. Unfortunately, it seems these are also “elephant” questions. When I called ChoicePoint to inquire about them, I began by asking what screening procedures the company had in place for potential customers who, once accepted, would have access to those valuable databases.

A ChoicePoint spokesman refused to answer that questionor any other question I might haveon the advice of the companys attorneys. They wouldnt even discuss it. But doesnt every consumer whose personal information is in the databaseand that likely includes all of ushave the right to know what ChoicePoint has done to protect that data, and what they will do to prevent further unauthorized incursions?

For now, its safer to say “no comment,” but the silence wont make the questions go away. Is there an elephant in the room? Hell, its a Tyrannosaurus rex.

Reproduced from National Underwriter Edition, March 17, 2005. Copyright 2005 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.


© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.