Slashdot Mirror
Experian, Ford, and Identity Theft
corebreech writes "The mighty New York Times (I think they might want you to register) is reporting that hackers posing as Ford employees have managed to pilfer some 13,000 credit reports (Quality is Job 1.) Supposedly the info isn't restricted to merely credit card numbers, but rather includes such delectable delights as address, SSN, bank account info and creditworthiness. Glad I take the subway." The original story was from the Boston Globe.
www.ftc.gov/bcp/conline/pubs/credit/fcra.htm here's an FTC FAQ on credit reports.
Experian , Transunion and Equifax are the big 3 for reports.
From the original Boston Globe story (couldn't be bothered to register at NYT) :
Van Leeuwen of Ford said he thought the company had done everything it could to help the individuals affected by the security breach, and didn't plan to offer them any financial assistance.
Surely Ford have broken some law here ? In the U.K. there is something called the Data Protection Act, c'mon the U.S. has got to have some equivalent legislation.. They're not blaming it on hackers, they admit they don't know how the access code or whatever was taken !
$ strings FTP.EXE | grep Copyright
@(#) Copyright (c) 1983 The Regents of the University of California.
The group that handles most of the credit processing for Ford Motor Company is The Associates. At least it was a few years ago. They were recently purchased by Citigroup. They also do home loans etc, and incidentally, are having some controversy regarding discrimination in loan practices (redlining). At any rate, security there was never what it should have been. There were quite a few systems around the various building where anyone could just walk up and access that kind of information. You could cross-reference by address also, or last name. What was worse, you didn't need a password, because it was embedded in the software. Some of my co-workers would occasionally run reports for their family and friends. All in all, I can't say I'm too surprised by this.
-- -- Warning. Do not stare directly at the sun.
Sig: What Happened To The Censorware Project (censorware.org)
Actually some states have laws requiring the credit report companies to give out a certain number of free reports a year. In Georgia (where I live) I get up to two free reports a year. Also, if you've been denied credit or employment based on information from your credit report, you are entitled to a free copy of the report from the reporting company the card provider/employer used.
As to your second point, I agree completely. At one point, Equifax was trying to gain control of medical records for people to link with the existing stuff. I'm not a fan of big government but Equifax,Transunion and Experian need to have STRICT government regulation because of the impact the information they carry can have on an individuals life. Forget that stupid cracker shit in "The Net". All it takes is a fucked up keystroke and you can't even rent an apartment.
The biggest piece of legislation I would love to see is this: Private companies are forbidden to use SSN's as customer identifiers. How fucking hard is it for a company to generate a random account number?
"Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
As a result. these script kiddies^w^w^w Ford was able to get identity theft kits on a truckload of (mostly) rich people just based on their home addresses.
If anything is going to put a big "oomph" behind online privacy initiatives in the states, I think that this may be it.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
I was the victim of ID theft. You do not want this to happen to you. Ever. It involves filing police reports, calling every company that showed up on your credit reports and providing all kinds of info to their fraud departments. It took me over a year and a half of phone calls, faxes and emails to straighten everything out. I'm still getting calls from creditors about unpaid credit cards and such that clearly aren't mine.
I think it's obvious that if the only thing between theives and your identity is your mom's maiden name, your address, and your SS number, that it's been made pretty freakin' easy for them.(Granted it's not quite that simple, but it's damn close)
One thing that struck me throughout the entire process of cleaning up my credit reports was that I was doing the cleaning up. Here are 3 companies that basically control whether you can ever buy a house, and when they screw up and allow someone to assume your identity using their services, it's the victim that's left picking up the pieces.
Call this telephone number. This number is maintained by the three credit reporting agencies and it allows you to "opt-out" of certain marketing games; basically, this means the three credit reporting agencies will no longer be allowed to give your credit report to marketers, but only to people with whom you actually have business.
Ford is a legitimate business; if you don't "opt-out," they can get a credit report on you. I opted out and I've never done business with Ford, so this story doesn't affect me.
Another nice thing about using this number to "opt-out": I no longer receive any junk mail. No more pre-approved credit cards, no more free offers, no more anything. I now look forward to checking my mail every day, as it only contains only bills and personal correspondence. I also say "put me on your do-not-call list" to telemarketers and I don't watch TV, so live in an almost completely ad-free world. It's a very nice world and I invite you in.