ChoicePoint Responds
Your October 23 article, "Communicating Security Breaches: When in Doubt, Shut the Door," contains inaccurate statements regarding ChoicePoint's response to the data fraud incident we disclosed in
February 2005.
Your article stated that ChoicePoint "messages of credit coverage the PR team tried to communicate were overshadowed by conflicting examples of poor information on the corporate Web site and poor
customer responsiveness." The CMO Council called our response "a textbook crisis containment plan," and wrote in its new report: "The real story regarding ChoicePoint's breach incident wasn't the
162,000 customers whose personal data was breached, but rather the proactive response by ChoicePoint."
Your article also said that ChoicePoint "decided to send out word of its security breach in phases, initially only speaking to California residents." Police investigators initially stated the
incident was confined to California. We said in published reports the day after our disclosure that if the incident was not confined to California, we would notify all consumers nationwide who were
potentially affected. This is what we did.
--James E. Lee, ChoicePoint SVP and Chief Public and Consumer ?Affairs Officer
Editor's Note:
Statements in the article were based on a media benchmark for the CMO Council study, which says: "Steps put in place by ChoicePoint were not perceived as adequate or leading the industry," and
cites such examples as: "Many articles reference the fact that ChoicePoint notified consumers in California initially. Technically correct under existing legislation but public pressure led to fuller
notifications. This crowded out messages of Choicepoint being open and frank and being the customers' champion."