Experian, Ford, and Identity Theft

corebreech writes "The mighty New York Times (I think they might want you to register) is reporting that hackers posing as Ford employees have managed to pilfer some 13,000 credit reports (Quality is Job 1.) Supposedly the info isn't restricted to merely credit card numbers, but rather includes such delectable delights as address, SSN, bank account info and creditworthiness. Glad I take the subway." The original story was from the Boston Globe.

uhoh

[Graspee_Leemoor]

I suppose there will be many flames pointing out that the word "crackers" should have been used instead- damn Jargon File noobs.

graspee

Re:uhoh

[queenb**ch]

Boys and Girls, can we say Class Action?

I knew you could!!!

Which firm is going pony up and take this one?

Ford has nice deep pockets and I think that it shouldn't be too hard to show that they lack "due diligence" in protecting their cusotmers information

Cripes!

[FatAlb3rt]

My payment is due tomorrow and I was planning on enrolling for electronic payment. Hmm, how much is next day air?

Re:Cripes!

[Exedore]

Bah. Just mail it it in. Most creditors give you a few days grace period and/or require the envelope be postmarked on or before the due date

Even if they charge you a small late fee, it's likely to be less than next day air shipping charges

Re:Cripes!

[xmedar]

Let me have a look, ah, yes, you must be Mr. Ford Prefect, 1 Towel Drive, birthday, May 25th, or is it last Friday of May? There seems to be some confusion here

Login for NTY

Login to the New York Times website as:

billclinton
likescigars

No need to give them your email address!

Re:Login for NTY

[malarkey]

Moral Dilemna

Is is right to use someone else's identity by erroneously logging in to a website to read an article about how bad it is that people are stealing people's identities???

Re:Login for NTY

[Sanga]

Hey ... this does not work!! Why is this marked informative :-)

I'd be happy...

[jedrek]

In the land of the great lawsuit, which is America at the turn of the millenium, I'd be more than happy to have Ford leak my info. In a flash I'd have a family member sell of my identity to someone (or have a good friend assume my identity) and rock my credit record for all it's worth.

Then I'd just sue Ford for lossing my info. They've already admited to doing it, so there's pretty much no burden of proof. Corporate neglegence should be pretty easy to prove.

That sound you hear is lawyers sharpening their claws.

Re:I'd be happy...

[berzerke]

Burden of proof isn't the problem. Damages are. In my case, Experian (gee, the same company mentioned in the article), has royally screwed up my report with incorrect info. I did everything proper to try and get them to correct it. They flattly refused. I went to a lawyer specializing in these matters. He told that while I did have a strong case, suing would be a bad idea. Unless I could prove damages, I wouldn't even recover my attorney fees, let alone be compensated. You have to sue in federal court BTW. Expensive.

Re:I'd be happy...

I'd have a family member sell of my identity ... I'd just sue Ford for lossing my info

If you win, I suggest you use the money to hire a tutor so you can pass second grade english.

Best Quote

[YanceyAI]

From Mr. Girard, Experian spokesman: "It just shows that today, even big companies can be victimized," he said. "it's a never-ending struggle against the bad guys."

I don't even know where to begin with that one.

Re:Best Quote

[chrisos]

As someone who has been credit black listed in the UK (for the offence of letting a mobile phone company know that someone was using my address to sucker them, i.e. I was being the good guy).

And then having to fire fight the unholy amount of shit that Experian et al caused me, over a period of months I have to wonder, what their definition of a bad guy is.

As businesses go, these guys are really (, really, really) one sided, they sell information electronically about me for sod all to all and sundry (in the blink of an eye), but when they get it wrong, I can only contact them by snail mail, they take an age to fix the problem, and the problem is expected to "percolate" to their customers as they get their monthly/quarterly/half-goddam-yearly updates. They keep no record of who has the latest version of your information and see no obligation upon themselves to supply corrections to those that have bad data.

In effect they wipe their hands of all responsibility, for propagating a lie about you!

Sorry, rant over :)

Does my anger come through here?

Re:Best Quote

[YanceyAI]

Yes. I guess my point is that consumer rating companies are pointing the finger, but it's their system that allows consumers to be exploited. They are casting Ford as a victim here, and Ford had the insecure information. Not to mention Ford's host of other general business practices that make me queasy. Let's not forget the tires on those SUV's that killed hundreds. This guy has a really twisted idea of victimization.

Re:Best Quote

[Steve+Franklin]

You might want to start with the fact that it took these guys 10 months just to figure out they had a problem and another 2 months to get around to telling anybody about it. Then you might go on to point out that anybody who lets anyone automatically deduct money from their credit account needs to have their head examined. And you might conclude with a suggestion that companies that put their customers at risk shouldn't have to be sued by those customers to receive satisfaction. They should automatically be held responsible for their lapses.

This all comes down to something I've been painfully aware of for most of my life, though it doesn't seem to be terribly obvious to those who need to recognize it. Which is the very essence of the problem itself: The guys at the top don't know what's going on at the bottom. They have their little meetings where they talk to the guys just under them in the corporate hierachy who in turn have had their little meetings with the folks under them and so on and so forth until you get to the bottom where the first line supervisors are more concerned with protecting their own butts than communicating anything of importance to their own supervisors. The former head of the company where I work once called this an "inversion layer," implying that there was some particular point where communications break down. This is how it looks, but it's not how it is. The lack of communications results from the fact that each individual level of organization in a company is not totally transparent to the level above it. It is simply the accumulation of many layers of less than complete transparency that results in the appearance of this mythical inversion layer. The real problem is too many levels of management and more precisely the whole multi-layered managerial system itself, where the guys at the top really don't won't to "dirty their hands" looking at anything more than one level below them. Not only is it impossible for them to know what's happening using the current organizational model, they don't really want to do anything that would allow them to know.

If they did know, they would have to take responsibility. And nobody sitting behind an expensive desk making obscene amounts of money for having little meetings about his "vision" of the future wants to have to worry about being responsible.

Re:Best Quote

While we are on the subject of evil practices, what about the general trend of lobbying the US goverment to hold off on emmission / efficiency regulation so they can make bigger, smellier, more environment-theatening vehicles. Kyoto be damnned!

Might be nice if faulty tires destroyed all SUVs in one fell swoop, leaving the world a cleaner, more efficient place!

Re:Best Quote

[doctrbl]

What model do you suggest to replace the "multi-layered managerial system"? At large companies like Ford, I think that it's not a question of not wanting to dirty one's hands, but how does a CEO run a company with a few hundred thousand employees in a flat managerial hierarchy? Those management levels are in place not because he doesn't want to get in the "trenches", but because there aren't enough hours in the day.

A CEO (or whatever you call the top person) must trust the lower level managers; the alternatives are micromanagement of each tier, or fire all managers and have EVERYONE report directly to the top person.

Now, highly paid executives probably DON'T want to get their hands dirty, but that doesn't mean they are shirking responsibility. Again, flatter hierarchies can work, depending on the size of the corporation, but what do you do for the really huge ones?

Re:Best Quote

Might be nice if faulty tires destroyed all SUVs in one fell swoop, leaving the world a cleaner, more efficient place!

And one in which we can see more than 15 feet in front of our cars on the fucking highway. SUVs SUK my DIK.

Re:Best Quote

[Jon+Peterson]

Tell me about it. I've had crap from Experian too.

What really sucks is some of the algorithms they use to determine your credit references. This includes the credit references of people who live / lived in the same house as you - even flat mates who you hardly knew - even flat mates who _moved in after you moved out_.

I don't know whether it's commendable or not, but they actually named the people who'd lived at the addresses I'd lived at in my copy of my credit report. Weird.

So, yeah, credit reference agencies suck. They are the bad guys. I've never defaulted on a payment in my life, and I got turned down for credit cards because I'd lived at the same address as people with debts. It's just weird.

Re:Best Quote

[Guido+von+Guido]

Absolutely. Some corporate cultures are better at getting information up to the top than others. For instance, a certain company I am intimately acquainted with (interpret that as you will) has a flat management structure, yet still can't pass information effectively up to upper management or between business units. God help us all if this particular company gets any larger (which it seems to be doing despite itself).

Re:Best Quote

[Steve+Franklin]

I didn't say I had "The Answer" (which we all know is 42 ;o). I was just pointing out what has become painfully obvious to me after long years of watching how most large organizations operate. What scares me is not that the problem exists, but that the guys at the top _don't seem to know it's a problem_, and therefore don't attempt to do anything about it.

quick fix for Ford

[trollercoaster]

Use Linux!

so... they should learn from motorola

[tcmardoc]

ahhhh... kevin.

What?

[Arminius]

Ford do something wrong?

BTW, i have a nice set of Firestone tires that came new on my Explorer to sell.

He got it wrong

[tshoppa]

From the NYT:

It just shows that today, even big companies can be victimized

No, it shows that every once in a while that the big companies will publicize that their security has been compromised. Of course, we all know that for every such case that makes the New York Times, there are thousands where they don't. And for every one of those, there are ten where the news of the security breach never leaves the company. And for every one of those there are probably a hundred where nobody at the company knows that they have gaping security holes.

Re:He got it wrong

[bob_jordan]

Mr. Girard, the Experian spokesman, said ... "It just shows that today, even big companies can be victimized," he said. "it's a never-ending struggle against the bad guys."
___

A never-ending struggle? Think about it. It seems that Ford and Experian have an agreement so that Ford can get credit information from Experian. The only thing needed is this security ID. A "never-ending struggle" seems to suggest it took them some time for Experian to come up with this system. How did it used to work?

Ring Ring.

Experian: "Hello Experian Credit Inquiry Line, whose personal details would you like?"

Caller: "Err, I didn't say who I worked for yet."

Experian: "Sorry what company are you calling from?"

Caller: "Ford"

Experian: "Whose personal details would you like?"

Caller "Err, don't you want me to prove I work for Ford?"

Experian: "Who would pretend they worked for Ford?"

The mind boggles!!!

Bob.

Re:He got it wrong

[Flarg!]

Hey... Are you talking about Microsoft? No discussing the security holes, dammit! We'll be secure if nobody finds out about them!

Re:He got it wrong

[56ker]

"Experian: "Who would pretend they worked for Ford?"" - Is Ford's reputation that bad?

Re:He got it wrong

Is Ford's reputation that bad?

Yes, it is. Hence all of the ideas on what "FORD" actually stands for:

Found On Road Dead
Fix Or Repair Daily

And in the grand tradition of GNU:
Ford Owners Recommend Dodge

There are others, I'm sure..

Just In Case...

[LISNews]

www.ftc.gov/bcp/conline/pubs/credit/fcra.htm here's an FTC FAQ on credit reports.
Experian , Transunion and Equifax are the big 3 for reports.

Re:Just In Case...

Hi Blake, congratulations on not double-posting this information like you did here.

Now that's customer service N O T

[maharg]

From the original Boston Globe story (couldn't be bothered to register at NYT) :

Van Leeuwen of Ford said he thought the company had done everything it could to help the individuals affected by the security breach, and didn't plan to offer them any financial assistance.

Surely Ford have broken some law here ? In the U.K. there is something called the Data Protection Act, c'mon the U.S. has got to have some equivalent legislation.. They're not blaming it on hackers, they admit they don't know how the access code or whatever was taken !

They didn't just crack Ford owners

[awharnly]

Read the article again. They didn't just steal the personal financial information of Ford owners.

Only 400 of the 13,000 victims were customers of Ford Credit, he said.

They just pretended to be Ford so that they could access the credit reports of thousands of people. Subway-riders included.

Re:They didn't just crack Ford owners

[GMontag]

Glad someone go to that distinction before I popped off. FMC lends to almost anybody.

Glad I drive a hydrogen powered Jeep ;-) and loan was through Chrysler Credit.

Oh wait! They probably had the same breach but did not report it! Crap! Third thought, good thing my credit is already worthless and nobody would get very far stealing it!

Re:They didn't just crack Ford owners

Experian has credit data on damn near everyone who's ever bought anything on credit, regardless of who gave them that credit. Nobody is safe. But, like you, bad credit is my best defense.

Re:They didn't just crack Ford owners

[kzinti]

Glad someone go to that distinction before I popped off. FMC lends to almost anybody.

Even if they did make loans just for Ford cars and trucks, you wouldn't have to be a Ford customer, just a potential customer, for the inquiry to appear valid. Taking the subway doesn't shield you from this kind of fraud.

--Jim

Ford (The Associates) Security

[z_gringo]

The group that handles most of the credit processing for Ford Motor Company is The Associates. At least it was a few years ago. They were recently purchased by Citigroup. They also do home loans etc, and incidentally, are having some controversy regarding discrimination in loan practices (redlining). At any rate, security there was never what it should have been. There were quite a few systems around the various building where anyone could just walk up and access that kind of information. You could cross-reference by address also, or last name. What was worse, you didn't need a password, because it was embedded in the software. Some of my co-workers would occasionally run reports for their family and friends. All in all, I can't say I'm too surprised by this.

Come on, Where's my no-login link, Karma Whores?

[rschwa]

Come on, Where's my no-login link, Karma Whores?

Guarding / checking against Identity Theft

[Seth+Finkelstein]

This isn't in the NYT or Boston Globe articles, but it's good info from another story on the theft:

Experts urge consumers to check their credit file once a year. Call Experian at (888) 397-3742 for a credit report, and review it for an unauthorized inquiries.

Also, contact the remaining two credit bureaus, Equifax at (800) 685-1111 and Trans Union at (800) 916-8800.

Ford Credit said that it has reinforced the security of their credit inquiry access process to prevent future occurrences.

To contact Ford Credit with questions, call (888) 838-8176 between the hours of 7 a.m. and 8 p.m. CDT, Monday through Saturday.

Sig: What Happened To The Censorware Project (censorware.org)

Re:Guarding / checking against Identity Theft

[drinkypoo]

Experts urge consumers to check their credit file once a year. Call Experian at (888) 397-3742 for a credit report, and review it for an unauthorized inquiries.

Of course they urge you to check your credit file once a year. These "experts" are - shock amazement - people who benefit from your credit report being up to date.

When a consumer requests their credit report, they want your address so they can mail it to you. Of course, they could just provide it to you on the 'net once you verify your identity, and this would be no less secure, as the same information is used to verify either way. A web validation program would probably be MORE restrictive and picky about your credentials than a human who is subject to social engineering. But they want your contact information so that people can track you down to collect your debt.

Credit reports list your addresses and the dates you've been living there, as you report them. Any time you apply for credit, your information gets attached to the record. Credit reports are easy to get given a SSN. Credit reports always list the SSN used on the report because it's the only meaningful identifier; Go take a look in the merlin databases (You can get access by giving money to flatrateinfo.com) and see how many times even unusual names come up. It's fairly astounding.

So of COURSE they want you to check your credit report. Just make sure to get it mailed to a PO box.

Re:Guarding / checking against Identity Theft

[M-G]

So of COURSE they want you to check your credit report. Just make sure to get it mailed to a PO box.

Oh geez....if you have any account that reports to a credit bureau, they have your current address.
Let's see, do you rent an apartment or have a mortgage? Most apartment management companies report to credit bureaus, and of course mortgage co.s do.

Credit card?

Loan? Be it student, car, or whatever, the holder reports.

Cell phone?

Utilities?

There are all kinds of companies you deal with every day, who already have your correct address and give it to the credit bureaus.

Re:Guarding / checking against Identity Theft

[drinkypoo]

Actually, my experience trying to track people down via credit report and the merlin database (legitimately, for debt collection purposes) indicates that that information is frequently not reported.

Re:Come on, Where's my no-login link, Karma Whores

I got your link, right HERE!

national ID card

[kipple]

I'm sure that if there was a national ID card system they would have been caught immediately.

Re:national ID card

I'm sure that if there was a national ID card system they would have been caught immediately.

This was modded as funny, but I don't see why. I used to work for one of the big three credit bureaus, and a usable national ID system would solve two of the three major catagories of problems: scrambled files and identity theft.

What it wouldn't solve is the problem quoted in the story that started this: plain old information theft.

Whether a national ID system would be usable is another issue...

Re:national ID card

[Artifex]

I'm sure that if there was a national ID card system they would have been caught immediately.

Dude, I know this was meant to be funny, but instead it's really sad - because few people ever look at ID, even in face to face transactions.

My next-door-neighbor recently told me that someone had found a single check in her trash, and used it to buy stuff at the local Fred Meyer (grocery store that also sells home stuff and clothes). Nobody bothered to ask for ID... for over US$500 worth of stuff! She was able to convince her bank it wasn't her, but jeez. I went to Fry's the next day and finally got a paper shredder =) Suddenly tearing up my mail didn't seem good enough any more...

Identity theft insurance

[mister+sticky]

Van Leeuwen of Ford said he thought the company had done everything it could to help the individuals affected by the security breach, and didn't plan to offer them any financial assistance.

Clearing up the mess created by identity theft can take significant time and money. Victims often lose access to credit. Some end up in jail. Several insurance companies now sell coverage offering financial and legal protection in such cases.

It seems to make sense (well, to me at least) that the corporations charged with the information of your identity should be forced to have this identity insurance. Sure people could get it, so if they gave up their identities by accident (people going through their trash) they would be covered.
However, corporations like Ford saying "oops, sorry! but i'm not paying for our mistake" is unacceptable. They should be required by law to have identity theft insurance, and reimburse those who's identity has been stolen through the identity insurance.

Re:Identity theft insurance

[HiThere]

But was it Ford or this Experian place that was at fault? Where did the passwords leak? Or was some system cracked? If so, which?

Ford sent out the warning of unauthorized access, but that's not really proof that they were the hole. Merely that they are taking a bit of responsible action.

I will admit that it's likely that the leakage happened at Ford. But if it happened at the credit agency, this may only be the tip of the iceberg. The Ford account has now been patched, but if some other passwords were stolen at the same time ... I wonder how often Experian changes the passwords on their accounts?

we knew this already, but...

[warpSpeed]

Ford Really Sucks

Ford =

Ford = Found on Road Dead, or, Fix or Repair Daily...

i sure am glad i drive a Chevrolet...

Re:Ford =

[ogar572]

Actually its a F*cked Over Rebuilt Dodge

Re:Ford =

Or in the grand tradition of GNU:

Ford Owners Recommend Dodge

The bad news though,

[w.p.richardson]

If you can't document that you have been a victim of identity theft (or a similar type of crime), then you have to shell out about $10 per report. Thats $30 per year, simply to make sure someone isn't screwing you over. This seems ridiculous to me.

These credit bureaus have too much centralized data on citizens. They are a one stop shop for crooks, be they crackers or whatever.

Re:The bad news though,

[tweek]

Actually some states have laws requiring the credit report companies to give out a certain number of free reports a year. In Georgia (where I live) I get up to two free reports a year. Also, if you've been denied credit or employment based on information from your credit report, you are entitled to a free copy of the report from the reporting company the card provider/employer used.

As to your second point, I agree completely. At one point, Equifax was trying to gain control of medical records for people to link with the existing stuff. I'm not a fan of big government but Equifax,Transunion and Experian need to have STRICT government regulation because of the impact the information they carry can have on an individuals life. Forget that stupid cracker shit in "The Net". All it takes is a fucked up keystroke and you can't even rent an apartment.

The biggest piece of legislation I would love to see is this: Private companies are forbidden to use SSN's as customer identifiers. How fucking hard is it for a company to generate a random account number?

Re:The bad news though,

[hymie3]

The biggest piece of legislation I would love to see is this: Private companies are forbidden to use SSN's as customer identifiers. How fucking hard is it for a company to generate a random account number?

You do have a choice: don't provide the SSN. Businesses are free to ask for you SSN. Unless there is a compelling reason (financial transaction with a bank, safety of the President is at stake, or access to government confidential information), you don't have to provide it.

Granted, the business can say "sorry, we don't want to do business with you" but I've only had two places (an apartment complex, and Verizon, when I tried to cancel my service with them after they bought Powertel even though I had a document which said that would not be considered a valid form of identification. Bastards.) absolutely refuse to do business with me.

If you have alternate forms of identification, they're almost always more than willing to do business with you.

Re:The bad news though,

[tweek]

Oh I'm perfectly aware of that I don't have to provide an SSN. It comes down to, as you said, not doing business with them. Financial institutions and the government are the only people who can require it from what I understand.

There are some really interesting stories online about people getting by without an SSN.

The most famous of which is Neil McIver's story. I think Neil does it for more religious reasons. Mine are purely privacy related. The funny thing is that on the back of your SS card it says that you are responsible for any usage of your SSN. It's hard to be responsible when it's required by everyone under the sun. That's really why I want a definate law on the whole thing. If we are expected and held liable for what happens to our card and number, then we need to be able to do business and function without it.

As a side note, it was voicestream that bought PowerTel. I know because they fucked up the transfer of my powertel account over to VoiceStream. ;)

As to everyone who says you can't get anything without giving out your number, give it a shot sometime. If you are applying for utilities or whatnot, ask to tell the person you are speaking with if it's required. When they tell you it is, ask to speak to a manager. The typical customer (no)service people won't know any better since they work from a computer screen and script but a manager can settle the matter once and for all.

Re:The bad news though,

[swb]

Granted, the business can say "sorry, we don't want to do business with you"

The legislation has to forbid asking you for it and forbid denying goods or services based on refusal to give it to them even if they ask.

It should ONLY be required for tax or social security identification purposes, and only if required by law. Otherwise it should remain private to the SS# holder.

Re:The bad news though,

[mamba-mamba]

You can also give a fake SSN. Any one with all zeroes in one of the three fields is guaranteed to never be issued to a real person.

i.e.,

000-xx-xxxx
xxx-00-xxxx
xxx-xx-0000

These will never be issued. There is also a famous SSN that was used as a sample on a lot of posters and so on. I don't remember what it was. You could use that. Depending on what kind of form you are filling out this may or may not be an acceptable alternative. Certainly if you are signing the document and claiming that it is true to the best of your knowledge, then you should NOT put in a bogus SSN.

Also, if they are using it to generate a credit report, you should probably give your real SSN, or none at all, otherwise who knows what they will come up with.

MM
--

Re:The bad news though,

[inkswamp]

Also, if you've been denied credit or employment based on information from your credit report, you are entitled to a free copy of the report from the reporting company the card provider/employer used.

I like to check mine regularly, but these "freebies" are nothing of the sort. Technically, you get a freebie if you are turned down credit or whatnot, but good luck figuring out how to get this freebie. These companies are very sneaky about hiding this stuff and they do not make it easy. My wife had an erroneous negative report on her credit and we had our credit applications denied a couple times because of it. I never did figure out how to get a freebie for that and ended up shelling out the $8 just to see what it was. When someone else's fuck-up costs me money, there is something wrong.

I think if these kinds of credit bureaus are going to hold so much highly personal information and that information has so much influence on your life and credit, then they need to be more strictly regulated by the government. I would like to see getting these kinds of free reports due to denial of credit or employment made painfully obvious. I don't understand why the company checking your credit shouldn't have to send you a copy of what they received. That would be the simplest way to go.. .you get your letter of denial along with a printout of your credit report. Couldn't be easier.

It's amazing how fucked up these bureaus are when you consider how much power they hold. This security issue is just another problem, as far as I'm concerned. Erroneous reports, bad service, indifference to problems, etc. are all issues. The first politician who utters the phrase "credit reporting reform" gets my vote in a heartbeat.

--Rick

Re:The bad news though,

[cpeterso]

you can't document that you have been a victim of identity theft (or a similar type of crime), then you have to shell out about $10 per report.

Just lie and say that your wallet was stolen. You are then entitled to a free credit report. This worked for me.

Re:The bad news though,

The biggest piece of legislation I would love to see is this: Private companies are forbidden to use SSN's as customer identifiers. How fucking hard is it for a company to generate a random account number?

Uh - every company does generate a random account number. Look at your credit card sometime! That's the account number on the credit bureau's file.(Well, there's one exception - the mom & pop collection agencies frequently just use your name...)

What the SSN is used for is matching - taking the dozens of different credit lines and making a single customer record from them. Since SSN is unreliable, all three credit bureaus use other factors as well, but nothing works all the time. Trust me on that - I used to work for one of them.

Re:The bad news though,

[tweek]

The freebies are REAL easy to get. It took me all of 5 minutes on each company's website. The deal is that you have to actually call in to get the report. It was all automated but I got it done. I actually thought the big delay would be in getting me the reports (i.e. taking PLENTY of time) to proccess or putting free requests on the backburner) but I had all of mine in by a Friday last week and I ordered them on Monday.

As to the rest of the post, I agree. With great power comes great responsibility and all that. These guys have shown that they have a tendancy to fuck things up and I think the government needs to watch them VERY closely.

As to companies forwarding out credit reports, I think that's a privacy issue. I could get your SSN and request a credit application with my address/po box and then just wait for the report to come in and have all the info I need (if all I was able to get from whatever I cracked into was an SSN)

The Credit Reporting Reform idea sounds good though. Sounds like it's time to write Zell Miller and Johnny Isakkson. Max Cleland can roll off a hill for all I care.

Ford's Fault?

[blazerw11]

Blaming Ford is like being accused of murder when somebody steals your credit card, buys a gun with it and kills somebody else.

Re:Ford's Fault?

[div_2n]

Bad association.

If you want to use a gun analogy, it is more like storing your gun in a bank vault and the bank allowing somone posing as an employee to steal the gun, shooting someone and framing your for the crime.

Ford had information that was their duty to protect. They failed to protect it. Not really that complicated of an issue.

Re:Ford's Fault?

[teamhasnoi]

Blaming Ford is like being accused of murder when somebody steals your credit card and your credit card is in this room that is locked with a combination lock and your mom posts the combo on the fridge, and the cable guy comes over and sees it , buys a gun with it and all the bullets from the gun have your name, address, phone number, social security number, date of birth, current pay rate, address of workplace, present and past debts, spouse's name, number of kids, and length of your johnson engraved on every single one. and kills somebody else. And even when the cable guy is caught, the gun is never recovered, since unlimited copies of this gun are floating around waiting to be used by any other cable guy.

So I can see how you wouldn't want to blame Ford. It can't be their fault. This must have happened when they were making exploding cars, or covering up a tire saftey issue on the Ford Exploder. Sure.

Re:Ford's Fault?

[Ramuh]

I disagree. The critical difference being that, when you give Ford your personal information "all information you provide is used to improve the services offered by Ford Motor Company" (though, I might add, their privacy statement doesn't really say much of anything). It was Ford's responsability to protect their customer's private information, and they failed. They are every bit to blame for their lack of security.

Re:Ford's Fault?

[blazerw11]

Only 300 of the 13,000 victims were Ford customers. Experian is the group that allowed the code used to be stolen.

Re:Ford's Fault?

[blazerw11]

Next time, just copy the entire story from the source in here, it'd save you a lot of typing.

Re:Ford's Fault?

[Amazing+Quantum+Man]

The way I read it is this:

Blaming Ford is like being accused of murder when you put your gun in a safe deposit box, J. Random Criminal says "I'm Amazing Quantum Man", and the bank gives them the gun, and J. Random Criminal kills someone.

no SSN

[RealisticWeb.com]

This is exactly why I hate the way so many companies require you give them so much personal info. I can understand why a car dealer would need it, but what about Blockbuster who wants you to give your SSN to some pimple faced teenager behind the counter. I don't think so.

Re:no SSN

[Hector]

This is waaay off topic, but just so you know. You do not have to give blockbuster your social security number. They ask for it but you don't have to give it to them and they will still give you a card. I know because I asked. A lot of places are like this, they may ask for ss# but your not required to give it to them

Re:no SSN

[RealisticWeb.com]

Unfortunatly that may be the company policy, but it seems like either many of the pimple faced video lackys don't know about this, or they are too lazy to do it another way. I have a friend who spent a consideralble amount of time in Blockbuster arguing about the SSN thing, and they refused to give him one with out it. The same thing happenes at the University that I went to. They used SSN numbers as student ID's and default passwords. You would always hear that you didn't have to, and that they would take another 9 digit number, but when I asked the minimum wage help desk lady, she was adament about how there isn't any other way. Does this happen to anyone else? Is this out of ignorance or lazyness?

Re:no SSN

[ncc74656]

You do not have to give blockbuster your social security number. They ask for it but you don't have to give it to them and they will still give you a card.

The last time I put in for a card at Blockbuster, I left that part of the form empty. They didn't even ask me for it when they went to plug everything into their computer system.

(I haven't rented from them in months...Netflix has a much better selection and is cheaper and more convenient.)

Just goes to show

[gillbates]

That it is dangerous to give any personal information to a company, regardless of their privacy policy...

The unfortunate reality of the information age is that information is power - though you may not realize it, giving out personal information, no matter how well-intentioned the recipient is, can have adverse side effects. Systems get hacked; judges can order spyware to track users; businesses can be bought and sold. Worse, we live in a society in which someone's creditworthiness, that is, their ability to get loans, and even find work, is very much dependent on the accuracy of a credit reporting company's data; a simple keystroke error or a bug in a computer program could literally put an otherwise good employee out on the street.

Oh, and one last thing - never give anyone your social security number. Or your mother's maiden name.

Re:Just goes to show

[peddrenth]

"Oh, and one last thing - never give anyone your social security number. Or your mother's maiden name
"

Are they not necessary to open a bank account in america? or to get a credit card? or a hotel room or a train ticket? or to file a tax return on the internet?

I can't wait to see the governments' look of surprise when people start using cash again for serious things. "Airline ticket by cash? Right, bodily-search for you, boy. We'll not have anyone who doesn't trust the Credit Corporation"

Re:Just goes to show

[eric6]

do you mean don't give your SSN to anybody/company/form/request, etc, or to people on the street? Mother's maiden name doesn't get asked as often, but as a college student, my Student ID (=SSN for most) is my only tie to the entire system (Registrar, Bursar, Financial Aid, every facility, etc.).

Not giving out personal info is great, and should be done when possible (I should have asked for a unique Student ID, like i did for my driver's license), but very often it's highly, highly inconvenient, and a person would miss out on things by sticking to it. For the vast majority of people, the [fairly] small risk of identity theft is worth the convenience (which sounds like the way the gen public feel about most security issues).

Re:Just goes to show

[sphealey]

Oh, and one last thing - never give anyone your social security number. Or your mother's maiden name.

Social Security Numbers are public records. They are not, and never were intended to be, secret. If any organization builds a system which depends on keeping the SSN "secret" for security, it is incompetent (and possibly criminally neglegant), but if you depend on your SSN being secret for anything you are being foolish.

Mother's maiden names are similarly public records. In practice they have been harder to track down in the past, but wiht various records including those of the Mormon church coming on-line that information is not fully accessible as well. See first paragraph for implications.

sPh

Re:Just goes to show

[great+throwdini]

Oh, and one last thing - never give anyone your social security number.

Guess it's too late for me, then. A number of emplyers have had possession of my social security number at one point or another, as have any number of lenders (student loans). It's a little difficult to keep your SSN from everyone. There's no reason to consider HR-types or loan processors beyond the likelihood of turning to the dark side and misusing the data to which they have access. Not as a rule, just possibly, mind you. So, what, I'm screwed for participating in payroll taxes and funding my education? :P

Re:Just goes to show

[jumpingfred]

You don't need it for a hotel room or train ticket.

Re:Just goes to show

[mamba-mamba]

When banks, et. al. ask you for your mother's maiden name, use a special code word, not your mother's actual maiden name. This is not illegal (AFAIK-- IANAL) or crafty or anything. They ONLY use your mother's maiden name for verification purposes. You can even tell them at the time you give them the code word that it is not your mother's real maiden name. Make sure you choose a good word that you won't forget.

I NEVER give my mother's maiden name, because it is actually my first name, and I have recited that fact to large numbers of strangers and aquaintances.

MM
--

Re:Just goes to show

[ncc74656]

You don't need it for a hotel room or train ticket.

Besides, nobody takes trains anymore...the rail system is pretty much only used for cargo. (Amtrak discontinued service here years ago.)

The FBI wants to prosecute the wrong people!

[newerbob]

Mr. Girard, the Experian spokesman, said the company would work with the F.B.I. to catch and prosecute the intruders

While the "crackers" (who did nothing more than use a leaked password), should be held accountable, so should FORD and its executives

I hope each and every victim files a separate multi-million dollar lawsuit. I'd bet that juries would be very sympathetic to these cases.

Re:The FBI wants to prosecute the wrong people!

[jbroon]

While I agree with the idea that Ford should be held accountable (or at least an audit of their security), I think the phrase "did nothing more than use a leaked password" is a bit of an understatement.

Re:The FBI wants to prosecute the wrong people!

[endoboy]

The problem isn't just Ford. Experian is even worse--they got inquiries for complete credit reports for entire neighborhoods (consecutive addresses, accordig to NYT....) and it didn't raise a flag anywhere?

Whatever...

Ford doesn't even know how it happened, so forgive me if I have little faith in their "reinforced security."

Ford credit report

FYI,
Ford uses employees social security number as employee numbers. This means every time I go visit any type of doctor. get prescription drugs, register for classes, etc. I have to give out my social security number.

With that said, I do not believe Ford is very concern about giving out peoples
social security number.

Gotta think up a new acronym

[dscottj]

It used to be:

Found On Roadside, Dead

Now I guess it has to be:

Fumble Our Records, Daily
Freak Out, Records Damaged!
Find Our Reports, Dammit!
Faked Our Reliability Data

Ah well. Never reply when hungover.

Re:Gotta think up a new acronym

[tweek]

My favorite was:

Fix or repair daily

hehehe

(disclaimer: proud owner of a 2001 Ford Focus)

Re:Gotta think up a new acronym

Iewwwww you own a Focus?

Re:Gotta think up a new acronym

[ncc74656]

One of the less-common ones:

Fscked-Over Rebuilt Dodge

identity theft" ?

[cockroach2]

as non-us citizen i wonder how anyone can steal your identity. is this another symptom of not having a national id card? i mean, over here you need your id card whenever you open a bank account, when you get your drivers licence (or any other legal document) and, well, actually whenever you do ANYTHING 'critical'... inform me, please! is it enough to know someone's personal details to steal his identity in the u.s.?

Re:identity theft" ?

[cockroach2]

you're sort of right (that thought just passed my mind after posting). biometric information on the card would be good idea, especially eye scans which are rather tough to fake. the current "you should look sort of like the photograph on your card" method isn't really great, but it might prevent the 2 meter 150 kg guy from stealing your identity. this is probably why my banks usually want both, my id card AND personal information whenever i don't have my customer card handy.

however, every kind of id card has one BIG benefit - you'll notice when they get stolen and you can inform the police and your banks, so, i think, when something 'happens' you should be more or less out of responsibility.

-1 Redundant

[gazbo]

-1 Redundant

Next time make it more original in some way. I suggest adding an hilarious joke about Microsoft (I mean Micro$oft w00t! ROFLOLOLOL).

Text of Article (-5, Redundant)

[erpbridge]

Text of Article below, for those without accounts:

Hackers posing as employees of the Ford Motor Credit Company have in recent months harvested a trove of 13,000 credit reports -- a virtual one-stop shop for fraud and identity theft -- with data on consumers in affluent neighborhoods across the country.

The company said in a letter to the victims that computer intruders used an authorization code from Ford Credit to get the credit reports from Experian, one of three major reporting agencies.

Advertisement

"I've never seen anything of this size," a spokesman for Experian, Donald Girard, said. "Privacy is the hallmark of our business. We're extraordinarily concerned about the privacy issue here, and the trust factor."

The inquiries gave the intruders access to each victim's personal and financial information, including address, Social Security number, bank and credit card accounts and ratings of creditworthiness, which can be used to identify the best targets.

"This is not just a credit card number; this is the whole kazoo," said Richard Power, the editorial director for the Computer Security Institute, an industry trade group. A criminal could use the data to make credit card charges or even open bank and credit card accounts in the victim's name.

Thefts of credit records, Mr. Power said, are far more common than is reported. "The unique thing about this one," he said, "is that it has surfaced." The theft was first reported yesterday by The Boston Globe and The Detroit News.

Statistics on identity theft are hard to come by, with estimates ranging as high as 700,000 cases a year. Betsy Broder, the assistant director for planning and information of the Federal Trade Commission, said the commission received 86,000 complaints of identity theft last year.

Representatives of Ford Credit said they did not know how the hackers acquired the code, which was used by the company's office in Grand Rapids, Mich. The intruders focused on addresses in affluent neighborhoods, often in numeric sequence, said Rich Van Leeuwen, executive vice president at Ford Credit.

The company said it had sent letters via certified mail to all 13,000 people, urging them to contact Experian and the two other credit reporting giants, Equifax and TransUnion, and to report any evidence of abuse to the F.B.I.

The company has also worked with Experian to set up a phone line to let victims get their credit reports and help them resolve discrepancies.

Neither Ford Credit nor Experian has determined how many people have reported fraudulent charges or other problems. Mr. Girard said that Experian had received 2,700 calls since the letters started going out this month. Although the unauthorized inquiries began in April 2001, Ford first heard about the problem in February, Mr. Van Leeuwen said. Only 400 of the 13,000 victims were customers of Ford Credit, he said.

Dawn M. Clenney, a special agent at the F.B.I. office in Detroit, said that she could not comment, except to say, "We're on the case."

Mr. Girard, the Experian spokesman, said the company would work with the F.B.I. to catch and prosecute the intruders. "It just shows that today, even big companies can be victimized," he said. "it's a never-ending struggle against the bad guys."

Trash Talk

[CaptainZapp]

Gawd, how I really hat those smooth corporate jaspers, talking in press releases. Now this one is really a gem:

Mr. Girard, the Experian spokesman, said the company would work with the F.B.I. to catch and prosecute the intruders. "It just shows that today, even big companies can be victimized," he said. "it's a never-ending struggle against the bad guys."

Look mate, if anybody is victimized here it's those 13000 er! customers while you guys obviously didn't protect their data adequately.

No need to thank me

corporate identity theft

[darkonc]

When these people got Ford's 'access codes' they essentially got their ID within the credit bureau. The credit bureaus trusted that Ford was 'honest' with their credit requests -- not asking for any sort of proof that the people for whom the credit reports were being requested had given their assent to have that data released.

As a result. these script kiddies^w^w^w Ford was able to get identity theft kits on a truckload of (mostly) rich people just based on their home addresses.

If anything is going to put a big "oomph" behind online privacy initiatives in the states, I think that this may be it.

Law?? *WHAT* law?

[darkonc]

I don't think that Ford did anything illegal. If anybody did anything illegal it would be the credit reporting companies that allow any company or group with enough money to generate identity theft kits with just a victim^w customer's home address.

these are NOT hackers!

[Quixote]

is reporting that hackers posing as Ford employees

Repeat after me: this is not hacking.
Repeat after me: this is not hacking.
Repeat after me: this is not hacking.

This kind of activity is cracking, theft, robbery, a crime; but it is most definitely not hacking.

Re:these are NOT hackers!

[Waffle+Iron]

If everyone calls it hacking, it's hacking by definition. Just like the vast majority of commonly used words, this word has multiple definitions. Deal with it.

Re:these are NOT hackers!

Shut the hell up!
we already knew that you whiney bitch!

Re:these are NOT hackers!

[BreakWindows]

Repeat after me: this is not hacking.

This kind of activity is cracking

Repeat after me: The purpose and culture of hacking are about thinking for yourself, and not following authority blindly, so put down the jargon file and think.

Creating dichotomy helps no one. "Cracking" is a useless and harmfull term. This situation involved no hacking (or cracking, by definition), but in general we should not create the image that the use of computers is bad. If someone figures out some amazing new concept to break down TCP/IP trust and codes an example, and uses that exploit to get into a bank and move funds around, is he a hacker? Yes. Absolutely. He's also a thief, but that doesn't take away from his insightful and impressive computer skills. It just means he's also an asshole. By applying terms like "cracker", it makes people think the actual use of a computer is somehow wrong or bad, which is very dangerous, considering how few people understand computers or hacking.

Re:these are NOT hackers!

Right. It is fraud, since they posed as Ford employees.

There may have been social engineering involved (not enough detail available to say).

But as far as I can see it didn't involve "hacking," even as the word is commonly understood by the media and the public.

Soon the word "hacking" will come to be used to describe any crime which involves electronic data or computers in any way. Personally, I can live with it being used to mean security circumvention through technical know-how, as well as its more historic (jargon file) meanings, but this is going too far.

AC
--

Re:these are NOT hackers!

[mamba-mamba]

" If everyone calls it hacking, it's hacking by definition."

No, popular usage can sometimes be wrong.

For example, is "irregardless" a word. (Not really, my dictionary lists it as "non-standard," the same category as "ain't.")

What does the expression "beg the question" mean? While you will often hear or read that phrase being misused, it really means to engage in circular reasoning.

Anyway, in this case, there is no evidence that hacking, even as that term is commonly understood nowadays, was involved. I mean, these guys had the password. When you have a password, you don't have to hack. You just log in! Whether they used any hacking to obtain the password was apparently not known by the reporter who wrote the story.

MM
--

Re:these are NOT hackers!

[sacrilicious]

Right, and on another note it's GNU /Linux.

.

Re:these are NOT hackers!

...and I believe that hillbillys would like to be referred to as "sons of the soil". But it ain't gonna happen.
-Dr Hibbert

Re:these are NOT hackers!

crackers fucking suck. Go back to caucasia, you pale bastards.

-Dolemite Sanchez and the brown panthers

Re:these are NOT hackers!

[arkanes]

Language is defined by the people who use it, not the people who study it. This is something that a great many academics have trouble dealing with. Also you, apparently. Do you know what I mean when I say "beg the question"? Do MOST people know what I mean? Are most American English speakers going to agree with MY definition that yours? If so, then I'm right, not you. Deal.

That aside, you are correct that there doesn't seem to be any hacking, under any common definition of the word.

Re:these are NOT hackers!

[shayne321]

This situation involved no hacking (or cracking, by definition),

Okay, so I'm waaaaay too bored (hey, it's 4:30 on Friday), but if you wanted to give it a 1337 term other than the boring "fraud" I think it would fall under phreaking (emphasis mine):

"1. The art and science of cracking the phone network (so as, for example, to make free long-distance calls). 2. By extension, security-cracking in any other context (especially, but not exclusively, on communications networks)"

Shayne

Re:these are NOT hackers!

[Quixote]

If everyone calls it hacking, it's hacking by definition

Boy, this takes the cake for lameness. "If everyone calls it..". Who is everyone? If everyone around you calls you a fool, would that make you one?
What are these "multiple definitions" you speak of? Is stealing anything "hacking"? Should we let the ignorant in the media label anything as they see fit, and just follow them like sheep? Use your brains, for cryin' out loud.

Re:these are NOT hackers!

[Waffle+Iron]

If everyone around you calls you a fool, would that make you one?

If that happened, I'd have to consider that there was a distinct possiblity that I was in fact a fool.

What are these "multiple definitions" you speak of?

I should have said multiple meanings. IIRC, the most overloaded word in English is "set", which has 1 or 2 dozen meanings. I have no problem distinguishing the difference between "setting an option", a "TV set", a "union of sets", "game set and match", "setting a glass on the table", etc. using the context around the word.

"Hack" has at least the meanings:

Striking with a sharp implement like an ax
An incompetent practitioner of a skill
Programming computers in a "cool" fashion
Attacking the security of computer systems

It's just not that big of a deal. If English language scholars can't hold back the masses from changing the usage of "shall" and "will" over the last century, a few computer geeks won't convince the general population to drop the word "hack" in favor of a term easily confused with a crispy biscuit.

Re:these are NOT hackers!

[mamba-mamba]

I guess what it comes down to is whether you have a sense of pride about how you speak and write. If you do, you will attempt to follow the rules of usage.

Certainly if your aim is to make a good impression on those who may have an academic or pedantic streak (which includes far more people than you may realize) you should avoid misusing words and phrases.

For example, do you spell check your resume? I mean, why bother, I'm sure everyone will know what you mean.

I believe that it is bad form to use words such as "irregardless" and "ain't" in formal communication with people you don't really know. It makes a bad impression.

And I believe that those who misuse terms like "beg the question" make themselves look ignorant. It's not a big deal in on-line forums and what-have-you, but when TV newscasters or reporters do it, I think it looks bad, because these people are supposed to know better.

MM
--

Re:Now that's customer service N O T

[Xugumad]

Nope, the data protection act has no US equivalent. Are you feeling ressured?

Basically, for those of you in the US, the data protection act, amongst other things, means you have to be careful with people's data. If you're not, they can revoke your license to hold personal data on people, very effectively killing off most
businesses.

Quality

[auroran]

Looks like although quality is job 1, Security is job 3.74rc3 :)

Seriously though a big company has more to worry about from people you thought were employees than from any computer system breach.

Full Text for those that don't want to register

[stalbott972]

13,000 Credit Reports Stolen by Hackers By JOHN SCHWARTZ ackers posing as employees of the Ford Motor Credit Company have in recent months harvested a trove of 13,000 credit reports -- a virtual one-stop shop for fraud and identity theft -- with data on consumers in affluent neighborhoods across the country. The company said in a letter to the victims that computer intruders used an authorization code from Ford Credit to get the credit reports from Experian, one of three major reporting agencies. "I've never seen anything of this size," a spokesman for Experian, Donald Girard, said. "Privacy is the hallmark of our business. We're extraordinarily concerned about the privacy issue here, and the trust factor." The inquiries gave the intruders access to each victim's personal and financial information, including address, Social Security number, bank and credit card accounts and ratings of creditworthiness, which can be used to identify the best targets. "This is not just a credit card number; this is the whole kazoo," said Richard Power, the editorial director for the Computer Security Institute, an industry trade group. A criminal could use the data to make credit card charges or even open bank and credit card accounts in the victim's name. Thefts of credit records, Mr. Power said, are far more common than is reported. "The unique thing about this one," he said, "is that it has surfaced." The theft was first reported yesterday by The Boston Globe and The Detroit News. Statistics on identity theft are hard to come by, with estimates ranging as high as 700,000 cases a year. Betsy Broder, the assistant director for planning and information of the Federal Trade Commission, said the commission received 86,000 complaints of identity theft last year. Representatives of Ford Credit said they did not know how the hackers acquired the code, which was used by the company's office in Grand Rapids, Mich. The intruders focused on addresses in affluent neighborhoods, often in numeric sequence, said Rich Van Leeuwen, executive vice president at Ford Credit. The company said it had sent letters via certified mail to all 13,000 people, urging them to contact Experian and the two other credit reporting giants, Equifax and TransUnion, and to report any evidence of abuse to the F.B.I. The company has also worked with Experian to set up a phone line to let victims get their credit reports and help them resolve discrepancies. Neither Ford Credit nor Experian has determined how many people have reported fraudulent charges or other problems. Mr. Girard said that Experian had received 2,700 calls since the letters started going out this month. Although the unauthorized inquiries began in April 2001, Ford first heard about the problem in February, Mr. Van Leeuwen said. Only 400 of the 13,000 victims were customers of Ford Credit, he said. Dawn M. Clenney, a special agent at the F.B.I. office in Detroit, said that she could not comment, except to say, "We're on the case." Mr. Girard, the Experian spokesman, said the company would work with the F.B.I. to catch and prosecute the intruders. "It just shows that today, even big companies can be victimized," he said. "it's a never-ending struggle against the bad guys."

Thank god i dont have credit

They can steal all my student loans. That will be -40,000 dollars sir.

Re:Now that's customer service N O T

[tburkhol]

Surely Ford have broken some law here?

Well, it's not clearn that it's Ford's problem. Sounds like some group managed essentially to get hold of Ford's password to the Experian database.

It's CRACKERS, shit for brains

Hackers build. Crackers destroy.

Hackers

[3ryon]

The mighty New York Times (I think they might want you to register) is reporting that hackers posing as Ford employees...

Some people will argue loudly that the press should understand the difference between Hackers and Crackers. Be careful of these people, as they are the worst Crackers of them all. :>

Re:Hackers

Not so. There are plenty of people who, like myself, enjoy tinkering with the software installed on their computers. I don't see this kind of hacking as being at all malicious, any more than tinkering with your car is malicious. It can be a fun and informative hobby, even if it does result in a product which varies from the manufacturer's specifications.

On the other hand, cracking is about making your computer do things which affect others in a detrimental way, such as bypassing copy protection. Its like attaching spikes and spinning blades to the outside of your car in order to hunt pedestrians, a la Carmageddon.

In any case, this could be neither. Its seems to be an example of someone obtaining identifying information through an as yet undisclosed means (login info on a Post-It which blew out an open window, for example), and then using a computer in exactly the way it is supposed to be used, albeit using information to which that person should not have had access. No hacking, no cracking, just misrepresentation. This can be done without the aid of computers, if the opportunity presents itself.

The logic of this post also suggests that anyone with illegal fireworks is a terrorist, that sporting shooters are actually armed militia, and used car salesmen are the spawn of Satan (oh, wait that last one is accurate)

SSN intentions and uses

[Blue23]

Social Security Numbers are public records. They are not, and never were intended to be, secret.

What they may have been intended for, and what innumerable private companies use them for, may not be the same thing.

SSNs seem to be the stock in trade as unique IDs. I know my old bank's automated phone service would ID you with a) your account number (found on any check you've every given out), your SSN, and a private pin which defaulted to the last four of your SSN. With that you could do just about anything, including transfer funds.

Did I mention that is was my OLD bank. 8) It also took them about a year and a half to catch on that someone else was writing and signing my checks, but that's wandering off topic. (It was my wife, so I knew about it, otherwise I would of caught it.)

Because it's a ready made unique identifier, that people will most likely remember, businesses love to use it. I think that you don't have to give it our if it doesn't involves taxes (like interest bearing accounts, jobs, etc), but that doesn't stop companies from asking you - you need to police it, they will try and get away with as much as they can.

It seems pitifully simple to steal an identity today.

=Blue (23)

Re:SSN intentions and uses

[AJWM]

The thing is, SSNs aren't unique IDs. Oh, they're supposed to be, but screw-ups by the SSA and by people innocently using numbers that weren't theirs means that there are plenty of duplicates around.

And any database designer worth his paycheck should bloody well know that (there's a good summary of the problems here). And any software designer worthy of the name should include a "Generate Unique ID" button on any data entry screen that otherwise might want SSN just as a key.

Heck, even if there's a requirement for SSN in the database (eg tax-related info), don't use that as the bloody key. Banks don't use your SSN as your account number, after all. (At least, not the ones I deal with.)

Re:SSN intentions and uses

[JimBobJoe]

The thing is, SSNs aren't unique IDs.

Which is, by all means, an issue. However, if you ask me, it's far more an issue that

*SSN's are issued consecutively

And why not? There only purpose was to maintain records for the Social Security administration, so what did it matter?

Many of us who are /., and born before 1986, but not 18 in 1986, likely had their SSN issued in 1986, as a result of the Tax Reform Act of that year. As of 1987, a child needed to have an SSN in order to be claimed as a dependent on their tax form (still a source of deep anger for the anti-enumeration peeps out there.) So...if there were multiple children, all the children got their SSN at the same time--result-their SSN's are often sequential.

Furthermore, and this gets more into the oddities of how the SSA issues SSN's at any particular time...but I'm sure there are some pretty good patterns based on region and time with regards to the first 3 digits of the SSN. So if you know location, you've got quite a lot of information (first 3 digits at least, if you have a good enough match on time and location very precisely.)

Talk about a clusterfuck.

Any SSN is good

I suspect the mathematical ideas for check digits existed when SSN's were being created. However, since they were just account numbers, it hardly mattered. Add a digit to your SSN, you have another SSN, subtract a digit, you have another SSN. That's an invitation for fly-fishing through records. "Well if that one doesn't work...what about this one...?"

Why is this -5? Some asshole modgeek strikes again

Miracles will never cease.

pgp and plain ftp

Experian's method for companies to send in credit report applications is to mearly do a PGP encryption of the credit report and then ftp it to their servers. They then ftp a file back to your servers with the report.

Talk about high security.

I've been waiting to hear about them being hacked ever since I found out how they handle running credit reports for other companies

big deal

[Lumpy]

ANYONE can get a credit report on anyone else. you just have to pay for it... Credit reporting companies are not secure by any means and their database is regulary full of gross inaccuracies. On average your credit report is only 50% accurate.. this is figured from across the board and figured by the number of errors on people's credit reports.

It blows my mind that any company would take a credit report as anything but mild information that is suspect. It is really easy to wipe your credit report clean, and to seed it with "good credit reporting"... hell there are companies that will for $9.95 a month post a good payment history every month to your credit report (They report that they lent you $1000.00 and you are paying it on time and are a perfect client.... after 6 months pay them $19.95 to close the account and they report you paid it off and you are A+)

Credit reports are wildly inaccurate.. other than the SSN (of which I have 2 credit reports I found out.. they mis-typed my SSN once and attached it to my Drivers License number.. Again that entire credit history was deleted because the SSN was not mine.)

Re:big deal

Any suggestions for search terms I might use to find such companies?
=================

there are companies that will for $9.95 a month post a good payment history every month to your credit report (They report that they lent you $1000.00 and you are paying it on time and are a perfect client.... after 6 months pay them $19.95 to close the account and they report you paid it off and you are A+)

Re:big deal

duh most credit repair comanies do...
I used one that for $300.00 every 6 months not only reported good payments but also constantly chanllenged every bad mark on my credit report until they were erased.

credit repair search that way...

Re:big deal

[JimBobJoe]

Any suggestions for search terms I might use to find such companies?

afraid not...but just wait six hours...they'll be emailing you. consider yourself convenienced.

Re:big deal

[JimBobJoe]

It blows my mind that any company would take a credit report as anything but mild information that is suspect.

My understanding is that scoring algorithims taken that into consideration. Take person x, who has a great payment history on her car, mortgage, credit cards, gas bill, et cetera, but for some reason has a $500 credit card in default on her account. The computer will just throw that out as an anomaly and score normally. If it were a $10,000 card, the computers should think that something is clearly wrong, and flag the history for deeper research.

I say this because I believe that the good identity theft artists are not getting caught (though, few are getting caught anyway.) The way someone gets caught for identity theft is by destroying an entire credit record, then law enforcement gets on the paper trail. However, I believe the future is in "copying and pasting" credit report data...identity theft person gets out a credit card, defaults on it, makes sure it's associated with only one credit report, then does the same to another credit report. Or is copying and pasting good data into another credit history file "for some reason this credit card is showing up under SSN xyz, but my SSN is really xyz, can you make the change for me?"

On a side note, i used to live at a dormitory that also held about 14 floors of university offices. for some reason, my credit report said I worked for the university travel agency located in that building. amusingly, i never got my credit reports to say where i actually worked.

anyway, the worst part of the credit report system is this: the bear of it is the data, data coming in, data going out, processing hundreds of millions of records, giving data to hundreds of thousdands of different companies, and receiving the same data from the same companies. with all that in mind, it simply is impossible to be in control of the data...i don't think that anybody here would disagree with the concept that you could, with the proper information, do anything you want with someone else's credit history--make it better, ruin in, copy and paste from it, et cetera.

Experian is not in control of the data...they simply keep the computer powered up. the problem is, they *think* they are in control of the data, and the way they treat you whe you have a claim indicates this. nothin causes identity theft more than the fact that these bozos have legitimacy. (their downfall is more arrogance than anything if you ask me.)

Re:big deal

It is really easy to wipe your credit report clean, and to seed it with "good credit reporting"... hell there are companies that will for $9.95 a month post a good payment history every month to your credit report (They report that they lent you $1000.00 and you are paying it on time and are a perfect client.... after 6 months pay them $19.95 to close the account and they report you paid it off and you are A+)

Sure it is... I can only speak for one of the big three credit bureaus, but this one is really good for a laugh in the hallowed halls...

This ploy can be done. What happens next is that someone at one of the credit bureaus finds out about it, and the company is dropped as a credit reporter (with a loud thud, usually) and all of the clean credit items are purged from the file

It's a fraud...

Re:big deal

[Lumpy]

Nope the company that is being talked about reports under at least 30 different DBA's to avoid detection. It is not FRAUD as fraud is stealing from a company or stealing. reporting information to a private company is not fruad. in fact you are given a $1000.00 loan, you just never recieve the money, get small interest (9.95 a month intrest) and they hold onto your loan monies for you.

sorry, but banks can do tons of things that you and I think are illegal... but because they are banks... they can legally do it :-)

Gotta love it when someone uses the evil system for good.

It happened to me

[angryrobot]

I was the victim of ID theft. You do not want this to happen to you. Ever. It involves filing police reports, calling every company that showed up on your credit reports and providing all kinds of info to their fraud departments. It took me over a year and a half of phone calls, faxes and emails to straighten everything out. I'm still getting calls from creditors about unpaid credit cards and such that clearly aren't mine.

I think it's obvious that if the only thing between theives and your identity is your mom's maiden name, your address, and your SS number, that it's been made pretty freakin' easy for them.(Granted it's not quite that simple, but it's damn close)

One thing that struck me throughout the entire process of cleaning up my credit reports was that I was doing the cleaning up. Here are 3 companies that basically control whether you can ever buy a house, and when they screw up and allow someone to assume your identity using their services, it's the victim that's left picking up the pieces.

IMPORTANT - Opt out

[Permission+Denied]

(888) 567-8688

Call this telephone number. This number is maintained by the three credit reporting agencies and it allows you to "opt-out" of certain marketing games; basically, this means the three credit reporting agencies will no longer be allowed to give your credit report to marketers, but only to people with whom you actually have business.

Ford is a legitimate business; if you don't "opt-out," they can get a credit report on you. I opted out and I've never done business with Ford, so this story doesn't affect me.

Another nice thing about using this number to "opt-out": I no longer receive any junk mail. No more pre-approved credit cards, no more free offers, no more anything. I now look forward to checking my mail every day, as it only contains only bills and personal correspondence. I also say "put me on your do-not-call list" to telemarketers and I don't watch TV, so live in an almost completely ad-free world. It's a very nice world and I invite you in.

Re:IMPORTANT - Opt out

[teamhasnoi]

...an almost completely ad-free world. It's a very nice world and I invite you in.

I think I'm going to have to Opt-out. Thanks though.

Re:IMPORTANT - Opt out

How do I know this is not a social engeneering trick ?

:)

Re:IMPORTANT - Opt out

[Permission+Denied]

How do I know this is not a social engeneering trick ? :)

Good point. Click here to see that a whole bunch of websites list this number, so I'm not making it up.

Re:IMPORTANT - Opt out

[bogie]

From what I understand that number is only for opting out of preapproved credit offers, that's it.

It will NOT stop junkmail or telemarketers. So if your not receiving junk mail, its not because you called this number.

http://www.privacyrights.org/ar/optout_truth.htm

Re:IMPORTANT - Opt out

[Eric+Seppanen]

That's really cool. I just called it, and they ask for your telephone number, name, and SSN. That's it, and they offer the option of opting out for 2 years or permanently. I now look forward to no more "pre-approved" credit card junkmail.

Even if this doesn't protect against all telemarketers or credit theives, I'm still glad I did it. Thanks for posting the number!

Re:IMPORTANT - Opt out

And now you know how the hackers get your SSN to pull credit reports with.

What a clever scam. :)

Re:IMPORTANT - Opt out

Yeah, but at least I won't get any more direct-to-trash mail

Re:IMPORTANT - Opt out

[America+Uber+Alles]

. I opted out and I've never done business with Ford, so this story doesn't affect me.

Except they didn't steal info from Ford. They stole info from Experian, a credit agency whcih likely has info on you, whether or not you're a Ford customer. Your info could have very well been taken.

Re:IMPORTANT - Opt out

Ford is a legitimate business; if you don't "opt-out," they can get a credit report on you. I opted out and I've never done business with Ford, so this story doesn't affect me.

I can say almost without a doubt that even if you've opted out, this type of thing could affect you. I work on software that retrieves a credit report and makes business decisions based on information contained in that report. If I have Ford's Experian subscriber info and your identifying info (SSN, name, etc.), I can pull your credit report.

Can Open Source Help?

Two questions:

Are these private credit reporting firms subject to any regulatory strictures?

Can the open source community do anything to improve the security of *our* credit records?

Re:Come on, Where's my no-login link, Karma Whores

You didn't really help him out, because you aren't karma whoring if you're an AC.

Turnabout is fair play?

[mwood]

"A criminal could use the data to ... open bank ... accounts in the victim's name."

Really? So, if I could find the account with my name on it, I could close it out and take the cash? Sounds like an item for News of the Weird's Least Competent Criminals category. :-)

Re:Turnabout is fair play?

[g0del]

No. It goes like this:
1. Criminal opens checking account with minimum balance and high-numbered checks (to avoid places that won't accept low-numbered checks).
2. Criminal uses new checkbook to go on a spending spree.
3. Checks all bounce.
4. Bank comes after you. Your credit is screwed.

Credit card

Credit card: a piece of plastic for which you can substitute for money you don't have.

Don't give out your SSN? What planet are you on?

You do have a choice: don't provide the SSN

What planet are you on?

Today on Slashdot...

[Grape+Shasta]

"Hackers stealing personal information from the databases of large companies! Read all about it at the web site of a large company (which first requires your personal information.)"

Anyone else think this is dumb? Please stop linking to NYTimes already! There's plenty of other places out there also carrying these stories.

Re:Today on Slashdot...

You said it. The Boston Globe was sufficient. And there are thousands of news sources online. That very grey grey lady needs to get on the cluetrain, pronto. Through their persistent linking to this lameness that passes for an online source of news (and *bitchslapping* anybody who complains), Slashdot editors are putting themselves on the expressway to schmucksville.

Revised Ford Slogan

Quality is job 1.0!

What gets me

[MeNeXT]

is why does Ford and its employees have access to SSN? Why would a credit bureau need such info? Are they paying you a salary? What stops an employee of Ford or any other company from selling this information?

This is negligence in Fords part and they should be held accounatble. They should pay ALL legal fees to clear up this mess. What has ever happened to resposibility?

But then again I hate Ford due to past experiance with a LEMON...the AREOSTAR. What a peice of sh1t. The first year the van spent 6 months at the dealership due to transmission and engine problems. Did they take responsibility? No!

Yes the second part is a little offtopic but the attitude of the company is on topic. They refuse to take responsibility. Why do we accept this? Because legally it would cost too much to fight back and I think that is what is wrong with our society today.

/END OF RANT

Re:What gets me

why does Ford and its employees have access to SSN?

They need unique identifiers for their employees so they can run payroll databases, etc. SSN is a pre-made UID so they use that. It's stupid and lazy but that's corporate america for you.

Bob the wonder-AC

Re:Don't give out your SSN? What planet are you on

[hymie3]

I'm on a planet where even trolls are given the benefit of doubt. Give the benefit of doubt to the place with which you do business by at least *trying* to get around the requirement of the SSN. You'd be surprised at how willing people are to use some other identifier (most places take driver's license number).
My standard script:
"I'd rather not provide my SSN, I have deeep, personal beliefs against doing so. I'd be happy to provide alternate identification, such as my driver's license or my passport."
Sometimes this works, sometimes this does not.
If it does not work, ask to speak to the supervisor. Repeat spiel.
If you are calm and considerate and polite, they're not going to refuse you. Don't fill out the part that asks for your SSN, or make a big mark through it, or put it "REFUSED". This works. Really.

Re:Now that's customer service N O T

[MeNeXT]

Yes Mr. President the nuclear missels have been launched. No we are not responsible some group managed essentially to get hold of the passwords, keys, and access.

Give me a brake!!!! It IS FORDS responsibility!!! This has gone on for over a year before they found out. Do the passwords not change on a regular basis? If not then this will ahppen again and both these companies should be held responsible.

Class action anyone?

Re:Now that's customer service N O T

[JZ_Tonka]

If such a law were enacted, you can bet your ass that it would be received negatively by the Slashbots. The people that stole all of this credit card information were only trying to express themselves.

Re:BestQuote : Sounds like the illuminatus trilogy

Hmm, This sounds like what wilson & shea where on about in the illuminatus trilogy. How did they put it? Something like 'a man with a gun in his hand is told only that which will prevent him from pulling the trigger'. They formulated it a (bit) more lucidly in their 'law of fives' which limits the number of subserviants an individual can effectively manage to five, before the explosive growth in possible alliances becomes to great to comprehend and an information breakdown occurs. Oooh err! Some empirical evidence for some weird & whacked out sci-fi madness!! Ps - Don't flame, you should only take this as seriously as you take yourself. Check the book out here

Re:Now that's customer service N O T

> No we are not responsible some group managed essentially to
>get hold of the passwords, keys, and access.
>
>Give me a brake!!!! It IS FORDS responsibility

Not Experians for failing to implement a better authentication plan?

If I use your CC/SS # to buy a car/boat/house, do you have to make payments?

If I steal your car and run someone down, are you liable for manslaughter?

Wow. Talk about flying off the handle.

[mindstrm]

Wow. So some crackers got information that any normal business/corporation can already get about consumers. Credit reports.

Why does the editor lump credit reports with credit card numbers? Not the same thing.

This is not some crackers who broke into ford and stole customer data!
It is some guys who posed as ford employees in order to get credit reports from the nation's largest credit bureau. (Hint: Many, many businesses can get this information).

OH NO! Some kids got the same info your bank, car company, and just about any other place can get about you! Heaven forbid!

Hello! That's the kind of info credit bureaus keep and hand out to the highest bidder. It's not like these kids ripped you off.

It's also not like your SSN is a private, secret number. Anyone who treats it as such is being dumb.

Am I missing something???

[lanalyst]

The thief or thieves somehow acquired Ford's code to gain access to the credit files maintained by Experian, one of the nation's three major credit reporting agencies. They carefully selected individuals in affluent areas across the country and downloaded their credit files, gaining access to their names, addresses, Social Security numbers, account numbers, and payment histories.

The way I understand it (and I used to do credit checks as a starving salesman), you will need an SSN to obtain credit info. A name/addr/mother's maiden won't cut it. So they already had SSNs for the 'carefully selected affluent individuals' and the big story is - they got the reports on Ford's dime rather than $9.95 on the web. Quite frugal!

1,000 requests/mo was probably well under the radar for Ford Motor Credit to detect as unauthorized - it would have taken a complaint from someone who noticed the report query.

And as for riding the subway, they didn't run checks on FMC's customers, just used Ford's Experian account to get access to the reports - if you live in a nice part of town, you're still vunerable: burn your trash.... or whatever...

Re:Am I missing something???

The way I understand it (and I used to do credit checks as a starving salesman), you will need an SSN to obtain credit info. A name/addr/mother's maiden won't cut it. So they already had SSNs for the 'carefully selected affluent individuals' and the big story is - they got the reports on Ford's dime rather than $9.95 on the web. Quite frugal!

Not true. You need enough information to identify the person - name and address is sufficient for most cases. SSN is never required for a credit inquiry, regardless of what anyone tells you.

Mother's maiden name is, however, completely irrelevant. None of the credit bureau's store it because it is never reported - the reporting record format does not have space for that data field.

Re:Now that's customer service N O T

[MeNeXT]

If I'm stupid enough to give you mys car and/or my CC/SS then I would say yes! I should be responsible. This has lasted over a year. It took them a YEAR. a YEAR. They got 13000 accounts in over a year with one password. My system is better secured than that and it contains no CC # no SSN and nothing of value.

So now I will ask you a question. If a bank gets robbed whose money have they stollen yours or the banks. It sounds to me that your claim its yours and not the banks so they may Debit your account for your portion of money stolen.

Re:Now that's customer service N O T

[Taurine]

As another poster said, the US doesn't have an equivalent of the UK data protection act. Europe does though. This is one of the things that sticks in the wheels of international business. US companies seem to have few obligations regarding the data they collect about people. If they try to do business in Europe, they are breaking European laws if they siphon the data back to the US where they can abuse it as much as they like. Its a hot topic at international trade talks. For the moment us Europeans can feel that at least one of our laws is worthwhile. But don't expect it to last. The US is constantly trying to chip away at our resolve to keep this law, instead of doing the respectful thing for its own citizens and enact something similar and compatible.

Re:Identity theft insurance -- RTFArticle

Ford's credit files weren't hacked. The criminals took a set of names from affluent areas in several states (NOT from Ford) and pulled credit data from Experian using Ford's access code.
The article doesn't make any claims about the security of "the information of your identity" within Ford Credit.

Experian and the automotive business...

[Manuka]

Experian has an entire division that deals with the automotive industry. Of late, they've been pushing hard their ASP model of Dealer Management Systems (DMS).

Back Story: I am the IT administrator for a midwestern dealership that sells German luxury cars. I am the first person at this dealership to be a dedicated IT person, and I've only been here for a few months. Approximately 20% of dealers nationwide have dedicated IT staff, and even then, it's usually the multi-location/multi-franchise operations, with one IT admin spread across an entire metro area. This isn't overly significant, until you realize that the average level of technological competence at the dealer level is just barely above room temperature. A handful of companies, such as ADP, EDS, Reynolds & Reynolds, and UCS, have figured out how to exploit this particular niche market.

Dealer Management Systems are BIG bucks. What you do is you put together a package of desktop systems (originally, green-screen dumb terminals, but more recently, PCs), a server (Usually Unix-based - Reynolds & Reynolds uses Irix on their older systems and Linux on their newer ones), software that does soup to nuts, and a network to tie the whole thing together. They sell this to a dealership, and then lock them into a support and maintenance contract. Changes, updates, etcetera all cost large sums of money (we spent 6 figures with our vendor last year). They'll also sell you preprinted forms and everything that work with their software - checks, service orders, coupons, you name it.

Experian is pushing the ASP model, because it means that a dealer doesn't have to worry about a server in a closet, swapping backup tapes, and so forth. As part of the hook, Experian is promoting its vast mine of data as a major benefit. As one of the Big Three credit bureaus, they have detailed financial, credit, and personal data on jsut about everyone in the country. They also have a database of (according to them) 335 million vehicles. This is great for doing history checks and such, but it can get very scary very quickly.

Picture this. You want to find out who lives within 15 miles of your dealership and makes enough money to afford your luxury automobiles (when it's luxury, it's more than just a car, it's an automobile). "No problem", says Experian, "we've got all that right here!". They can also tell you if they're credit-worthy, what they drive, and which of your competitors they bought their current vehicle from, and what it's worth as a trade-in. It goes downhill from there. None of the other companies operating credit bureaus have a division catering directly to the automotive business like this.

Let's face it, your personal data isn't personal anymore, it's an asset, and it belongs to companies like Experian.

Oh, Experian is even worse than that.

[Ashurbanipal]

Oh, it's worse than that. My employer has a direct link to Experian (IP over Frame Relay into their ridiculously poorly managed mainframe).

*** Before anyone asks ***
No I won't sell you access, or even information, and no you can't backtrack my IP source and find my employer because I'm SSH tunneled through my basement server at home.
**** back to regularly scheduled rant ***

Anyway, they are not only judging you based on people who lived at addresses you've already moved away from, they are also judging you based on the loser who married your ex-wife. And the loser who married your former brother-in-law.

No, I'm not kidding, those are two specific, real examples that we got when some co-workers and I ran our own names through the Experian interface.

protect yourself..

[phaserx]

I had my wallet with my life in it stolen about 7 months ago.. my health insurance company is brilliant enough to assign us ID's that are our social security numbers.. I was so paranoid about identity theft, but after talking to a lot of people, I found it's very easy to make it much more difficult for someone to steal your identity. The best thing to do is call all the major credit beareaus, such as Experian, Equifax and there are a few others, and tell them to "red flag" your account. When you "red flag" your account, then any place opening a new account that effects your credit will have to speak personally with you and verify that your account is flagged for whatever reason you specified when you flagged the account. Since I did this, I have received 3 phone calls from major credit card companies asking me to verify my recent credit card application. I don't think this will totally protect you, but it will definatley make it much harder for someone to steal your life.

this happened a long time ago

[XO]

This is WAY old news. This happened like 2 years ago, and now the FBI is getting around to making arrests on this stuff. (I live just down the road from Ford's Headquarters.. I've seen this on TV many times over the last couple years, about the whole deal.. don't know of any internet based references to it though)

enter fake info for nytimes.com, etc.

[Isaac-Lew]

Is it me, or are people too lazy to put in a bunch of fake info to register? I mean, coming up with a fake name & a fake address is not *that* hard. Plus, it helps point out the folly of asking for so much personal info anyway.

Re:Don't give out your SSN? What planet are you on

[juniorbird]

If they make you give out a SSN, there's a series of numbers that are approved for use in advertisements, etc. Check out:
http://www.cpsr.org/cpsr/privacy/ssn/SSN-addendum. html#FakeNumbers
for more info on numbers you may be able to give out in lieu of your real one. Of course be careful, because in some cases giving out a false SSN can expose you to criminal penalties.

How they did it....

[ChenLing]

% ftp reports.experian.com
Connected to ilovedancing.org.
220 ProFTPD 1.2.0rc3 Server (ProFTPD Default Installation) [reports.experian.com]
User (reports.experian.com:(none)): ford
331 Password required for ford.
Password: 12345
230 User ford logged in.
ftp> prompt
Interactive mode Off.
ftp> mget *

Don't pass that around!

greenwalled

I had a recient problem with a national pharmacy chains' website. I wanted to opt of the walls policy of sharing infomation with third parties. I noticed that my profile contained my name/address/phone number/date of birth/and social secutity number(in the health insurance ID number, thanks blue cross of cali). This info was transmitted unsecurely http://. I wrote a them a letter and they responded with a letter stating how all confidential info is treated with the utmost respect and how it was all transmitted using the latest encription technology, aka. https://.

I wrote them back TELLING them that is page that contained the personal information was served as http:// not https://, and how a packet sniffer could easily read the contents since they were sent as plain text. There response? Sorry we could not find a question in your last message.

Ford is not the only culprit, they were just the ones stupid enough to admit to it.

my sob story.

[cpeterso]

I was also a victim of identity theft. Someone with the same first and last names as me, living in another state, began forwarding my home mail to his address. Then he began contacting my online brokerage directly and changing my account address to HIS address! I immediately changed my address information back, but he changed it again.. EIGHT TIMES! My online brokerage did not care. The postal inspector in my state did not care. The postal inspector in his state did not care. The local police in my state did not care. The local police in his state did not care. The FBI did not care. He was committing inter-state mail fraud, threatening my brokerage accounts, and repeatedly giving us his REAL HOME ADDRESS but still no law enforcement agency cared. The postal inspector in my state even had his handwriting and fingerprints on the change-of-address postcard he mailed, but the postal inspector did not care.

One year later, he tried to apply for credit card using my SSN. Because I had put a warning on my credit report accounts (at my hassle and cost), the credit card company called to warn me. Finally, the police were interested. They nabbed him the next day. After not showing up in court once, he eventually was sentenced to three months in jail. I later found hundreds of dollars of HIS debts on my credit report. I called the police again, but they did not care. They said that since he already spent three months in jail, he has done his time. Nevermind that he went to jail for the credit card fraud, a separate instance of a different crime!

After these two stressful years, this "gub'mint-fearing liberal hippy" has lost any shadow of confidence that our impotent law enforcement can protect the innocent from the criminal. Or that they even care to try.

Re:my sob story.

[brianber]

My dad had once had a problem with someone using his SSN. The overly bloated bureaucracy at the SSA tried to give him the runaround about it, until my dad called our Congressman. Rep. Henry was able to get the SSA of their asses pretty effectively. Too bad he has since died of cancer.
Moral of the story: call your Congressman, they can often times provide a swift kick-in-the-ass to Federal agencies. Same goes for state and local levels, call your Representatives, they can help.

Re:Come on, Where's my no-login link, Karma Whores

[Guru2Newbie]

Very cool. Gets one in, plus fills the NYT database with crap!

Junkbuster Declare

[KMSelf]

I filled this out last summer. Not only does it cut down the junk mail and telemarketing calls (I've had three calls since August, and can check my mailbox for bills once a week), but the reporting agency letters request that many casual inquiry requests not be honored.

If you request your credit report, you can deny access to specific companies (I banned Providian many years ago).

Mother's Maiden name is only a password

[Guru2Newbie]

It's just a password.

Banks and credit card companies won't admit this, but they have no handy way to verify what you say is your mother's maiden name really is.

When someone brainless clerk/company/bank/etc. asks for it, give something totally bogus like Honorknees or something...as long as you remember it. And if you can vary this password between different companies, the possibility of it being used against you greatly lessens.

US Bank never asked for it when I set up an account, nor did some other credit card companies, but for the few that did, I made up custom passwords, and no one's the wiser.

Self-moderating (-5)

[Guru2Newbie]

erpbridge suckered you! Did you notice the (-5, Redundant) was in a bold font, and wasn't connected to the "Score:"? Yep, you betcha. It's part of the Subject!

Good one, erpbridge!

permanently opt-out

[Guru2Newbie]

When you say you want to opt-out permanently, they mail you a form, which you sign & return, then they think about it for a few weeks, then make it permanent (i.e. they stop whoring your credit data to the highest snail mail & telephone spammer bidder).

Since signing those I haven't gotten any junk mail credit card offers or phone solicitations.

Re:Don't give out your SSN? What planet are you on

[concept14]

Give the benefit of doubt to the place with which you do business by at least *trying* to get around the requirement of the SSN. You'd be surprised at how willing people are to use some other identifier (most places take driver's license number).
My standard script:
"I'd rather not provide my SSN, I have deeep, personal beliefs against doing so. I'd be happy to provide alternate identification, such as my driver's license or my passport."

I usually get better results by pretending that I can't remember my SSN.

Look it up

It sez right here:
...

• To alter (a computer program): hacked her text editor to read HTML.
• To gain access to (a computer file or network) illegally or without authorization: hacked the firm's personnel database.

...

Re:Why is this -5? Some asshole modgeek strikes ag

[erpbridge]

Yes, I am my own "asshole modgeek".