Slashdot Mirror

← Back to Stories (view on slashdot.org)

100,000 More Social Security Numbers Exposed

Posted by Zonk on from the that-why-we-use-these-password-things dept.

ThinkComp writes "PayMaxx, Inc. is a web-based payroll processing company, and they recently notified me that my on-line form W-2 was available. And so it was, along with the W-2 (including SSN and salary data) of every other one-time PayMaxx customer dating back at least five years, possibly 100,000 in all. Through news.com, PayMaxx reports, 'PayMaxx has made and continues to make every effort to secure its system against any breach,' which is why part of their site has been down now for several days."

12 of 325 comments (clear)

  1. Free credit reports... by borawjm · · Score: 2, Informative

    I guess it's a good thing that I can get free credit reports from each of the nationwide consumer credit reporting companies starting March 1st.

    1. Re:Free credit reports... by borawjm · · Score: 3, Informative

      I believe they are doing it in phases.

      From ftc.gov...
      Free reports will be phased in during a nine-month period, rolling from the West Coast to the East beginning December 1, 2004. Beginning September 1, 2005, free reports will be accessible to all Americans, regardless of where they live.

      Consumers in the Western states -- Alaska, Arizona, California, Colorado, Hawaii, Idaho, Montana, Nevada, New Mexico, Oregon, Utah, Washington, and Wyoming -- can order their free reports beginning December 1, 2004.

      Consumers in the Midwestern states -- Illinois, Indiana, Iowa, Kansas, Michigan, Minnesota, Missouri, Nebraska, North Dakota, Ohio, South Dakota, and Wisconsin -- can order their free reports beginning March 1, 2005.

      Consumers in the Southern states -- Alabama, Arkansas, Florida, Georgia, Kentucky, Louisiana, Mississippi, Oklahoma, South Carolina, Tennessee, and Texas -- can order their free reports beginning June 1, 2005.

      Consumers in the Eastern states -- Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, New Jersey, New York, North Carolina, Pennsylvania, Rhode Island, Vermont, Virginia, and West Virginia -- the District of Columbia, Puerto Rico, and all U.S. territories can order their free reports beginning September 1, 2005

  2. Alternate link by caryw · · Score: 3, Informative

    There is a more in-depth article about this at the Boston Globe.
    First ChoicePoint now this? How long until a major government database like one from the IRS gets hacked and information on almost every US citizen is available? Scary thought.
    - Cary
    --Fairfax Underground: Where Fairfax County comes out to play

  3. Re:Uh oh... by learn+fast · · Score: 1, Informative

    This is a reference from yesterday's Daily Show.

    But, I noticed, that couldn't be Jon Stewart's real social security card, because the name that would appear would be his real name, which is Jonathan Stuart Leibowitz.

  4. Re:Define "breach" by Ironsides · · Score: 5, Informative

    Well, since their security consisted of "So long as no one increments their unique number we assigned them by 1 in the browser location bar", I'd say that they were pretty much dumb idiots. Sloppy doesn't begin to cover this.

    --
    Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
  5. He changed his name by Anonymous Coward · · Score: 1, Informative
    From: http://www.answers.com/topic/jon-stewart

    Stewart married long-time girlfriend Tracey McShane in 2000, at which time they both legally changed their last names to "Stewart." The couple had their first child, Nathan Thomas, on July 3, 2004.

  6. Re:Time to write to my Congressman by L1nux_L0ser83 · · Score: 2, Informative

    federal law mandates that you can reqeust a auditor of your health and financial information from a company at any time...HIPPA which is a health privacy law and Graham-Leach-Biley act ( which we use all the here at work) mandate that a person can request in writing to a company any time that his /her financial info was released to another company/person and the reasons behind it...these things are in place..its just getting companies to follow it

    --
    Good Karma, Bad Karma, doesnt matter to me... I'm still going to say whats on my mind!
  7. here's some info for you related to this by Itanshi · · Score: 2, Informative

    and choicepoint http://informationweek.com/story/showArticle.jhtml ?articleID=60403673/ news article on about how congress wants the california law to be aended and spread over all the states, should fix this nicely hmm any complaints?

  8. Back the bus up... by XorNand · · Score: 2, Informative

    If you check the Boston.com article that's been posted by another user, you'll see that "Think Computer" was demanding payment to tell them about this bug. This sounds a little bit like extortion, don't you think? What gets even more interesting, is that I recognized this guy from an earlier story on Slashdot. He wrote a rambling, alarmist "whitepaper" about how unsecure WiFi was in the Boston subway. Furthermore, searching Massachusetts business filings doesn't show that any "Think Computer" corporate entity exists.

    I believe that this is just some young kid who desperatly wants for himself to be seen as some sort of security expert. His techniques are highly unprofessional and insulting to those of us in the industry who do, in fact, have a clue as to how IT consulting works.

    --
    Entrepreneur : (noun), French for "unemployed"
  9. Re:Credit report monitoring by RmanB17499 · · Score: 2, Informative

    I believe you are confusing torts and criminal law.

    Find me a criminal law that says negligent release of sensitive information is a crime??

    However, if you are referring to negligence in a tort action at common law then there is a possibility. However, again there is no law making them protect the information. In a tort action we must find an actual breach of duty that is required by law. The only duty that may apply is if this company had a privacy policy or contract that said they would protect the information.

    Without such a contract or policy known to the public there is no basis of a breach of duty that I can think of.

    If you give me your social security number I can give it out with impunity as long as I do not give it to a known identity thief or constructively assist in the perpretration of a fraud since that would be an obvious accessory or aiding crime.

  10. Re:Use of SSN fundamentally flawed. by lax-goalie · · Score: 2, Informative

    Better check to see that derivatives of your SSN are prohibited, as well, otherwise, your ID will become XXX-XX-XXXX-01 or somesuch. Think that's too stupid to happen? That's exactly what happened in Virginia when passed a similar law.

    The result? Another trip to the legislature required...

  11. Re:Uh oh... by SCVirus · · Score: 2, Informative

    Indeed it would be a bad thing to find out that Jon Stewarts SSN is 547749875