Slashdot Mirror

← Back to Stories (view on slashdot.org)

Experian, Ford, and Identity Theft

Posted by michael on from the run-over-by-the-canyonero dept.

corebreech writes "The mighty New York Times (I think they might want you to register) is reporting that hackers posing as Ford employees have managed to pilfer some 13,000 credit reports (Quality is Job 1.) Supposedly the info isn't restricted to merely credit card numbers, but rather includes such delectable delights as address, SSN, bank account info and creditworthiness. Glad I take the subway." The original story was from the Boston Globe.

17 of 193 comments (clear)

  1. I'd be happy... by jedrek · · Score: 4, Insightful

    In the land of the great lawsuit, which is America at the turn of the millenium, I'd be more than happy to have Ford leak my info. In a flash I'd have a family member sell of my identity to someone (or have a good friend assume my identity) and rock my credit record for all it's worth.

    Then I'd just sue Ford for lossing my info. They've already admited to doing it, so there's pretty much no burden of proof. Corporate neglegence should be pretty easy to prove.

    That sound you hear is lawyers sharpening their claws.

    1. Re:I'd be happy... by berzerke · · Score: 4, Interesting

      Burden of proof isn't the problem. Damages are. In my case, Experian (gee, the same company mentioned in the article), has royally screwed up my report with incorrect info. I did everything proper to try and get them to correct it. They flattly refused. I went to a lawyer specializing in these matters. He told that while I did have a strong case, suing would be a bad idea. Unless I could prove damages, I wouldn't even recover my attorney fees, let alone be compensated. You have to sue in federal court BTW. Expensive.

  2. He got it wrong by tshoppa · · Score: 5, Insightful
    From the NYT:
    It just shows that today, even big companies can be victimized
    No, it shows that every once in a while that the big companies will publicize that their security has been compromised. Of course, we all know that for every such case that makes the New York Times, there are thousands where they don't. And for every one of those, there are ten where the news of the security breach never leaves the company. And for every one of those there are probably a hundred where nobody at the company knows that they have gaping security holes.
  3. Just In Case... by LISNews · · Score: 5, Informative

    www.ftc.gov/bcp/conline/pubs/credit/fcra.htm here's an FTC FAQ on credit reports.
    Experian , Transunion and Equifax are the big 3 for reports.

  4. Now that's customer service N O T by maharg · · Score: 4, Informative

    From the original Boston Globe story (couldn't be bothered to register at NYT) :

    Van Leeuwen of Ford said he thought the company had done everything it could to help the individuals affected by the security breach, and didn't plan to offer them any financial assistance.

    Surely Ford have broken some law here ? In the U.K. there is something called the Data Protection Act, c'mon the U.S. has got to have some equivalent legislation.. They're not blaming it on hackers, they admit they don't know how the access code or whatever was taken !

    --

    $ strings FTP.EXE | grep Copyright
    @(#) Copyright (c) 1983 The Regents of the University of California.
  5. They didn't just crack Ford owners by awharnly · · Score: 5, Insightful

    Read the article again. They didn't just steal the personal financial information of Ford owners.

    Only 400 of the 13,000 victims were customers of Ford Credit, he said.

    They just pretended to be Ford so that they could access the credit reports of thousands of people. Subway-riders included.

  6. Ford (The Associates) Security by z_gringo · · Score: 4, Informative

    The group that handles most of the credit processing for Ford Motor Company is The Associates. At least it was a few years ago. They were recently purchased by Citigroup. They also do home loans etc, and incidentally, are having some controversy regarding discrimination in loan practices (redlining). At any rate, security there was never what it should have been. There were quite a few systems around the various building where anyone could just walk up and access that kind of information. You could cross-reference by address also, or last name. What was worse, you didn't need a password, because it was embedded in the software. Some of my co-workers would occasionally run reports for their family and friends. All in all, I can't say I'm too surprised by this.

    --
    -- -- Warning. Do not stare directly at the sun.
  7. Guarding / checking against Identity Theft by Seth+Finkelstein · · Score: 5, Informative
    This isn't in the NYT or Boston Globe articles, but it's good info from another story on the theft:

    Experts urge consumers to check their credit file once a year. Call Experian at (888) 397-3742 for a credit report, and review it for an unauthorized inquiries.

    Also, contact the remaining two credit bureaus, Equifax at (800) 685-1111 and Trans Union at (800) 916-8800.

    Ford Credit said that it has reinforced the security of their credit inquiry access process to prevent future occurrences.

    To contact Ford Credit with questions, call (888) 838-8176 between the hours of 7 a.m. and 8 p.m. CDT, Monday through Saturday.

    Sig: What Happened To The Censorware Project (censorware.org)

  8. national ID card by kipple · · Score: 5, Funny

    I'm sure that if there was a national ID card system they would have been caught immediately.

    --
    -- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
  9. The bad news though, by w.p.richardson · · Score: 5, Insightful
    If you can't document that you have been a victim of identity theft (or a similar type of crime), then you have to shell out about $10 per report. Thats $30 per year, simply to make sure someone isn't screwing you over. This seems ridiculous to me.

    These credit bureaus have too much centralized data on citizens. They are a one stop shop for crooks, be they crackers or whatever.

    --

    Curb CO2 emissions: Kill yourself today!

    1. Re:The bad news though, by tweek · · Score: 4, Informative

      Actually some states have laws requiring the credit report companies to give out a certain number of free reports a year. In Georgia (where I live) I get up to two free reports a year. Also, if you've been denied credit or employment based on information from your credit report, you are entitled to a free copy of the report from the reporting company the card provider/employer used.

      As to your second point, I agree completely. At one point, Equifax was trying to gain control of medical records for people to link with the existing stuff. I'm not a fan of big government but Equifax,Transunion and Experian need to have STRICT government regulation because of the impact the information they carry can have on an individuals life. Forget that stupid cracker shit in "The Net". All it takes is a fucked up keystroke and you can't even rent an apartment.

      The biggest piece of legislation I would love to see is this: Private companies are forbidden to use SSN's as customer identifiers. How fucking hard is it for a company to generate a random account number?

      --
      "Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
  10. Gotta think up a new acronym by dscottj · · Score: 4, Funny

    It used to be:

    Found On Roadside, Dead

    Now I guess it has to be:

    Fumble Our Records, Daily
    Freak Out, Records Damaged!
    Find Our Reports, Dammit!
    Faked Our Reliability Data

    Ah well. Never reply when hungover.

    --
    AMCGLTD.COM. Where cats, science fictio
  11. Re:Just goes to show by sphealey · · Score: 4, Insightful
    Oh, and one last thing - never give anyone your social security number. Or your mother's maiden name.
    Social Security Numbers are public records. They are not, and never were intended to be, secret. If any organization builds a system which depends on keeping the SSN "secret" for security, it is incompetent (and possibly criminally neglegant), but if you depend on your SSN being secret for anything you are being foolish.

    Mother's maiden names are similarly public records. In practice they have been harder to track down in the past, but wiht various records including those of the Mormon church coming on-line that information is not fully accessible as well. See first paragraph for implications.

    sPh

  12. corporate identity theft by darkonc · · Score: 4, Informative
    When these people got Ford's 'access codes' they essentially got their ID within the credit bureau. The credit bureaus trusted that Ford was 'honest' with their credit requests -- not asking for any sort of proof that the people for whom the credit reports were being requested had given their assent to have that data released.

    As a result. these script kiddies^w^w^w Ford was able to get identity theft kits on a truckload of (mostly) rich people just based on their home addresses.

    If anything is going to put a big "oomph" behind online privacy initiatives in the states, I think that this may be it.

    --
    Sometimes boldness is in fashion. Sometimes only the brave will be bold.
  13. It happened to me by angryrobot · · Score: 4, Informative

    I was the victim of ID theft. You do not want this to happen to you. Ever. It involves filing police reports, calling every company that showed up on your credit reports and providing all kinds of info to their fraud departments. It took me over a year and a half of phone calls, faxes and emails to straighten everything out. I'm still getting calls from creditors about unpaid credit cards and such that clearly aren't mine.

    I think it's obvious that if the only thing between theives and your identity is your mom's maiden name, your address, and your SS number, that it's been made pretty freakin' easy for them.(Granted it's not quite that simple, but it's damn close)

    One thing that struck me throughout the entire process of cleaning up my credit reports was that I was doing the cleaning up. Here are 3 companies that basically control whether you can ever buy a house, and when they screw up and allow someone to assume your identity using their services, it's the victim that's left picking up the pieces.

  14. IMPORTANT - Opt out by Permission+Denied · · Score: 5, Informative
    (888) 567-8688

    Call this telephone number. This number is maintained by the three credit reporting agencies and it allows you to "opt-out" of certain marketing games; basically, this means the three credit reporting agencies will no longer be allowed to give your credit report to marketers, but only to people with whom you actually have business.

    Ford is a legitimate business; if you don't "opt-out," they can get a credit report on you. I opted out and I've never done business with Ford, so this story doesn't affect me.

    Another nice thing about using this number to "opt-out": I no longer receive any junk mail. No more pre-approved credit cards, no more free offers, no more anything. I now look forward to checking my mail every day, as it only contains only bills and personal correspondence. I also say "put me on your do-not-call list" to telemarketers and I don't watch TV, so live in an almost completely ad-free world. It's a very nice world and I invite you in.

  15. Re:Don't give out your SSN? What planet are you on by hymie3 · · Score: 4, Interesting

    I'm on a planet where even trolls are given the benefit of doubt. Give the benefit of doubt to the place with which you do business by at least *trying* to get around the requirement of the SSN. You'd be surprised at how willing people are to use some other identifier (most places take driver's license number).
    My standard script:
    "I'd rather not provide my SSN, I have deeep, personal beliefs against doing so. I'd be happy to provide alternate identification, such as my driver's license or my passport."
    Sometimes this works, sometimes this does not.
    If it does not work, ask to speak to the supervisor. Repeat spiel.
    If you are calm and considerate and polite, they're not going to refuse you. Don't fill out the part that asks for your SSN, or make a big mark through it, or put it "REFUSED". This works. Really.