Poster

2005 definitely goes down as an interesting year. But who were the heroes of the IT universe and who were the goats?

-Child for Security Failures">

162,000: Number of people ChoicePoint has warned about "potential fraudulent data access" since the company revealed a data breach on Feb. 15.

Lax security is the weakness that keeps dinging corporate reputations.

While ChoicePoint has been among the biggest poster companies for allowing consumers' personal identifiable data—including Social Security numbers, driver's license numbers and credit reports—to be breached, it is hardly alone.

In fact, 2005 may go down as the year of poor corporate security.

Security snafus caused headaches for some big corporate names—including Bank of America, LexisNexis, United Parcel Service and Polo Ralph Lauren.

Many of these events came to light because of a California law that requires companies with customers in that state to notify those customers if their personal information is compromised.

And there were enough security issues to go around. Bank of America disclosed in February that it lost backup tapes containing 1.2 million federal-employee records; LexisNexis said in April that it was breached 59 times and lost 310,000 customer Social Security numbers, driver's license numbers and addresses; and the University of Colorado-Boulder spent its summer plugging security holes that left 127,000 student records exposed.

What will 2006 bring? Most likely, more security breach disclosures.

For instance, ChoicePoint in a Nov. 8 regulatory filing with the SEC said it continues to strengthen its credentialing procedures for customers that have access to personally identifiable information, but "believes that there are other instances that will likely result in notification to consumers."