“The events of early 2005 provided critical lessons from which ChoicePoint and, indeed the entire industry, has learned a great deal,” said Derek V. Smith, chairman and chief executive officer, in a statement (PDF). “As a direct result of those lessons learned, we have, for the past several months, been in the process of implementing nearly all of the changes reflected in today’s settlement with the Federal Trade Commission.”
The settlement requires ChoicePoint to be audited by an independent third-party security professional every other year until 2026. Third-party testing is critical to the security of online financial, banking and e-commerce systems, but is obviously less valuable if an institution defers it until after an enormous breach has occurred. The ChoicePoint case is the most prominent in a lengthy series of security breaches that offer a vivid cautionary tale for all institutions handling sensitive financial data.
Our interest here should be clearly stated: Netcraft offers a range of advanced security services, including web application security testing and an auditing service to provide ongoing detection of new security vulnerabilities and configuration errors caused by system and network maintenance.