Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Keeper of the Keys More than 145,000 consumers nationwide were placed at risk by

ID: 370875 • Letter: K

Question

Keeper of the Keys

   More than 145,000 consumers nationwide were placed at risk by a data theft at database giant ChoicePoint. Criminals tricked the company by posing as legitimate businesses to gainaccess to the various ChoicePoint databases, which contain a treasure trove of consumer data, including names, addresses, Social Security numbers, credit reports, and other information.At least 50 suspicious accounts had been opened in the name of nonexistent debt collectors,insurance agencies, and other companies, according to the company.

Without a doubt, databases are one of the most important IT tools that organizations use today. Databases contain large repositories of detailed data. When a transaction occurs, a sale, for example, a database stores every detail of the transaction including customer name,customer address, credit card number, products purchased, discounts received, and so on.Organizations must carefully manage their databases. This management function includes properly organizing the information in these repositories in the most efficient way, ensuring that no erroneous information ever enters the databases, and—most important—protecting the information from thieves and hackers.

Information is a valuable commodity, and, sadly, this makes it a target for theft. Organizations Store large amounts of customer information including Social Security numbers, credit card numbers, and bank account numbers—just think of the information stored at eBay, Amazon,or the IRS. When someone steals personal information (not necessarily by taking it from the person, but rather stealing it from a company), that person becomes a victim of identity theft. Consider this short list of organizations that have lost information and the huge numbers of customers affected.

Bank of America: 1.2 million customers.

CardSystems: 40 million customers.

Citigroup: 3.9 million customers.

DSW Shoe Warehouse: 1.4 million customers.

TJX Companies: 45.6 million customers.

Wachovia: 676,000 customers.

Adding up the numbers, more than 90 million people had their personal information either stolen or lost through organizations.

Business Accountability in Data Security

Companies may soon face stiff penalties for wayward data security practices. Massachusetts is considering legislation that would require companies to pay for any costs associated with a data breach of their IT systems. This move to protect customer data in Massachusetts comes at a fitting time, as two prominent retailers in the area, TJX Companies and Stop & Shop, wrestle with the aftermath of significant breaches that have exposed some of their customers to fraud.

Much of the expense associated with stopping fraudulent activity, such as cancelingor reissuing credit or debit cards, stopping payment, and refunding customers, has been absorbed by the banks issuing credit or debit cards to the victims. The merchant banks that allow businesses such as TJX and Stop & Shop stores to accept credit and debit card transactions are penalized with fines from Visa, MasterCard, and other credit card organizations if the merchants they work with are found to violate the payment card industry’s data security standards.

But the businesses that have had customer data stolen have largely suffered only from the costs to offer customers free credit-monitoring services and to repair a tarnished public image. In the case of popular retailers, this tarnish is easily polished away when juicy sales incentives are offered to get customers back.

Massachusetts House Bill 213, sponsored by Rep. Michael Costello, proposes to amend the Commonwealth’s general laws to include a section that would require any corporation or other commercial entity whose sensitive customer information is stolen to notify customers about the data breach and also make companies liable to card-issuing banks for the costs those banks incur because of the breach and any subsequent fraudulent activity. This would include making businesses cover the costs to cancel or reissue cards, stop payments or block transactions with respect to any such account, open or reopen an account, and issue any refund or credit made to any customer of the bank as a result of unauthorized transactions.

The Massachusetts legislation is a key step in compelling companies to invest in better data security. Passage of this bill would put Massachusetts ahead of other states in terms of protecting customer data and spreading out the penalties so that both financial institutions and retailers have incentives to improve security. Security vendors are likely to be watching Massachusetts very closely, because the bill also would create an urgent need for companies doing business in that state to invest in ways to improve their ability to protect customer data. If the companies will not do this on their own, then holding them accountable for their customers’ financial losses may be just what is needed to stop the next data breach from occurring.

Questions

1. How many organizations have your personal information, including your Social Security number, bank account numbers, and credit card numbers?

2. What information is stored at your college? Is there a chance your information could be hacked and stolen from your college?

3. What can you do to protect yourself from identity theft?

4. Do you agree or disagree with changing laws to hold the company where the data theft occurred accountable? Why or why not?

5. What impact would holding the company liable where the data theft occurred have on large organizations?

6. What impact would holding the company liable where the data theft occurred have on small businesses?

Explanation / Answer

1.All the organizations where I did transactions have my personal information including social security number, bank account numbers and credit card numbers. The examples of organizations include eBay, Amazon and IRS. When a transaction occurs the organization’s database store every detail of the transaction which includes all these details.

2. My college has all my personal details including name, date of birth, address, my education details etc and the fee transaction I have done with my college would have captured my Social Security numbers, credit card numbers, and bank account numbers. There is high chance that the information could be hacked and stolen from the website if the college has not taken enough steps to ensure data security. Information is a valuable commodity and the theft of information may happen anytime if it is not stored efficiently ensuring no erroneous information ever enter the databases and the information is protected from thieves and hackers.

3. I cannot do anything to protect myself from identity theft since we need to do transactions in our daily life and every transaction would capture my details and store in the organization’s database. Only the organizations with whom I do transactions can take necessary steps to secure my data and protect me from identity theft.

4. I agree with the changing laws to hold the company where data theft occurred accountable because I cannot do anything to protect myself from identity theft and it is the company who collects the customer data, should ensure information security. The organization should do necessary arrangements to protect the customer details efficiently. If any data theft occurs it is a breach from the organization and they should be held accountable.

5. When the companies are liable for the data theft occurred they would be held accountable for any financial cost involved in data breach of their IT systems that include the cost to card issuing banks. The costs include the costs to cancel or reissue cards, stop payments or block transactions with respect to any such account, open or reopen an account, and issue any refund or credit made to any customer of the bank as a result of unauthorized transactions. The large organizations would have large amount of customer information and the financial losses due to data theft would be much higher and the organizations would be compelled to invest in better data security.

6. In small organizations the customer data would not be large and the cost to card issuing banks would be significantly low compared to large organizations. But there are penalties for data breach and financial losses are significant compared to company revenue. The customer trust and company reputation also get affected which affects the future sales. Hence small organizations are also have impact from data theft and should implement improved data security plans.

Related Questions

Keep in mind that one\'s leadership philosophy is a unique statement that encaps
Question #412248
Keep in mind that proper APA and good grammar are expected in all discussions. P
Question #418346
Keep in mind that the program takes the role of the one guessing the number, whi
Question #640908
Keep in mind that the program takes the role of the one guessing the number, whi
Question #641061
Keep in mind that the program takes the role of the one guessing the number, whi
Question #641062
Keep in mind the following: Your grade for this assignment will be based not onl
Question #1170834
Keep in mind the following: Your grade for this assignment will be based not onl
Question #2394195
Keep in mind this was a question presented in a Software Engineering course. Con
Question #2247202

Navigate

Previous
Keep-or-Drop for Service Firm, Complementary Effects, Traditional Analysis The p
Next
Keeping Mars In Orbit: Although the planet Mars orbits the Sun in a Kepler ellip

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.