Consumers Data Stolen from LexisNexis

LE UI Guy writes "Reuters is currently running a story regarding LexisNexis being tapped into by identity thieves who accessed up to 32,000 customer profiles. Information hit included names, addresses, Social Security and driver's license numbers. This comes on the heels of rival ChoicePoint being breached for 145,000 profiles last month in a similar case. Better check yourself." Update: 03/10 02:40 GMT by J : ChoicePoint's name corrected (and, it may be more than 145,000, they don't know).

Well...

Anyone got a torrent of it?

Man

I am sure glad I don't drive a lexus.

Re:Man

[sulli]

Or use Nexxus hair care products.

ChoicePoint =! CheckPoint

[DA-MAN]

Jesus! I've seen this mistake on the national news and now on slashdot. I thought the geeks would realize there is a difference.

Let me make it clear, CheckPoint makes security software, rfid badges and firewalls. They are not the ones who sell all of your information to credit card companies. CheckPoint has no info that you didn't give them. ChoicePoint is the one that fucked up!!!

Re:ChoicePoint =! CheckPoint

[reality-bytes]

I'd bet this is the sort of advertising they'd rather not have.

Surely this would (rightly) file under "false allegation"?

Clearly the links haven't been followed by the editors.

Re:ChoicePoint =! CheckPoint

[Flendon]

Checkpoint was protecting Choicepoint's systems, I guess the management did a bad choice going with a weak firewall protection like checkpoint after all, now they pay the price. Rumors are going on in our company that we're going to move away from Checkpoint for the same reasons.

ChoicePoint was not hacked. It was purely social engineering. The criminals were granted access because ChoicePoint didn't bother checking if the real estate license (or the name on it) they were shown was real. At least in this case it wouldn't have mattered if they had no firewall.

Re:ChoicePoint =! CheckPoint

[jchernia]

Well of course they are not equal, you made the assignment that way.

You made the common rookie programmer error of assigning what you wanted to test.

What I think you meant to say was

ChoicePoint != CheckPoint

Though if you are communicating to us in Java you want

!ChoicePoint.equals(CheckPoint)

Hope that helps.

Re:ChoicePoint =! CheckPoint

[akalat]

For the record, they don't make rfid tags, that's a different company found at www.checkpointsystems.com. They are often confused with Check Point Software though.

Re:ChoicePoint =! CheckPoint

You are absolutely right. Checkpoint is the company that sells defective firewalls based on Linux, and won't give you a patch unless you buy a support contract. They also won't give you a refund for a defective product.

Oh yeah. You have to be running Windows to do any administration of the firewall.

I'm quite glad they are getting mistaken.

Dear Checkpoint,

You sent us a non-functional firewall last year, and wouldn't help us make it work. When our support contract kicked in you told us it was a problem on your end, and we needed to download a patch. Everything worked after that.

Please note that I've told my company all about this, and I'll make sure that our company of over 100,000 never buys a product from you again. Fuck you and your useless crap.

Sorry for the rant, but Checkpoint deserves it for shipping out defective software.

PS - Mod this up if you don't like Linux being used to make money for a company that won't even back up their own modifications.

Re:ChoicePoint =! CheckPoint

[That's+Unpossible!]

Surely this would (rightly) file under "false allegation"?

No, this would fall under "typo."

And don't call me Shirley.

Re:ChoicePoint =! CheckPoint

[Frankie70]

What I think you meant to say was

ChoicePoint != CheckPoint

Though if you are communicating to us in Java you want

!ChoicePoint.equals(CheckPoint)



In perl, I just write /~]{***^^^^)/*[]#/$./g

No chance of going wrong there.

Easy solution to this problem

[ip_freely_2000]

Make the CEO, CTO and Customer Support manager provide their own personal information in their own databases.

Re:Easy solution to this problem

[jxyama]

why? i understand your sentiment, but it will do nothing in practical terms.

microsoft employees use windows. need i say more?

Re:Easy solution to this problem

[mejesster]

That wouldn't help, I'm sure the CEO wouldn't even know what was going on.

Where's all the personal data?

[Nuclear+Elephant]

This comes on the heals of rival Check Point being breached for 145,000 profiles last month in a similar case. Better check yourself.

Can someone post the list?

Re:Where's all the personal data?

Here it is:

Last First Phone Numbers Email Addresses
A, Christina
323-314-1960
Abraham, Josh
http://mail.sidekick.dngr.com/compose?to=jos habrah am%40mac.com
A., Marco
http://mail.sidekick.dngr.com/compose?to=ma rcodema rco%40tmail.com
A., Marco
http://mail.sidekick.dngr.com/compose?to=ma rcodema rco%40tmail.com
Alastra, Tommy
http://mail.sidekick.dngr.com/compose?to=TA lastra% 40aol.com
Abraham, Josh
http://mail.sidekick.dngr.com/compose?to=jos habrah am%40attwireless.blackberry.net
Abrhams, Johnnie
1-917-648-2434
Adrien
RECKLESSPRODUCTIO NSNET
Adrien
1-917-833-7685
Aftab
1-310-483-53 26
Aguilera, Christina
1-310-917-9191
Aid, Rite
323-876-4466
Aire, Chris
http://mail.sidekick.dngr.com/compose?to=ca ire%40n extel.blackberry.net
Aire, Chris
http://mail.sidekick.dngr.com/compose?to=ca ire%40n extel.blackberry.net
Akiva, Richie
1-646-236-4747
Akiva, Richie
http://mail.sidekick.dngr.com/compose?to=r makiva%4 0tmo.blackberry.net
Akiva, Richie
646-336-4747

Whoops, wrong list...

Checkpoint?

Checkpoint ( www.checkpoint.com ) makes firewall software. THEY HAD NO CUSTOMER INFROMATION STOLEN. please update the story and make sure the facts are correct - its pretty freaking rude to say a company lost data, especially an innocent company.

Choicepoint lost the data. not Checkpoint.

Obligatory Lawyer Joke

[KennyP]

Here come the lawyers!!!

Visualize Whirled P.'s

Information Wants to Be Free :P

[Doc+Ruby]

Check yourself? What does that mean? Check that you haven't been stolen? What if you haven't - what can you do to stop it from happening after you check?

These corporations are destroying the value of our essential property: our identities. They demand we give our personal info, without enforcing our copyrights to prevent its being disseminated, then let it get stolen by people who will use it to damage us. When someone rips me off with some personal info they stole from some negligent data warehouse, the warehouse should be liable for my damages, including the work to recover my losses, and the defamation that will inevitably ripple through the endlessly interlinked online infosystems forever. And when compromised, they should pay my identity theft insurance premiums. This free value we deliver to them has a cost when it's abused, and such insecurity abuse is now obviously standard practice.

Re:Information Wants to Be Free :P

[laughingcoyote]

No...remember, copyright is only for the benefit of corporations too. You don't have the right to prevent the distribution of data that pertains to you, that right only extends to the latest pop song, that they've already chosen to release publicly, and then expect to tell said public what they may or may not do with it.

But that brings up an interesting point...isn't someone currently getting sued by Apple for collecting data on them without their authorization and distributing it? Are only corporations allowed to protect sensitive data, and punish those who distribute it without authorization? If "trade secrets" exist, surely "personal secrets" do too?

Re:Information Wants to Be Free :P

[Doc+Ruby]

We might be entering a time when the only chance of protecting one's rights is to incorporate, and assign all assets (IP and real) to it. Incorporation might become the modern blessing once expected of christening.

Re:Information Wants to Be Free :P

These corporations are destroying the value of our essential property: our identities. They demand we give our personal info, without enforcing our copyrights to prevent its being disseminated, then let it get stolen by people who will use it to damage us. When someone rips me off with some personal info they stole from some negligent data warehouse,

Your personal data, which are considered "facts", have no copyright and are not eligible for such. Collections of facts, however, are copyrightable. In one of the classic cases, Harper & Row, Publishers, Inc. v. Nation Enterprises, 471 U.S. 539, 556 (1985), the courts ruled that "No author may copyright facts or ideas. The copyright is limited to those aspects of the work -- termed 'expression' -- that display the stamp of the author's originality". However, compilations of facts, such as databases, were expressly mentioned in the Copyright Act of 1909, and again in the Copyright Act of 1976, and as such were copyrightable, even though they are nothing more than collections of facts, due to the "sweat of the brow" theory that the work sustained in creating the compilation justified its copyright.

However, this changed when the US Supreme Court clarified the matter, in FEIST PUBLICATIONS, INC. v. RURAL TELEPHONE SERVICE CO., 499 U.S. 340 (1991), that copyright requires originality, that facts are never original, that the copyright in a compilation does not extend to the facts it contains, and that a compilation is copyrightable only to the extent that it features an original selection, coordination, or arrangement.

However, IANAL, so take this with a pound of salt.

Re:Information Wants to Be Free :P

[gregmac]

These corporations are destroying the value of our essential property: our identities. They demand we give our personal info, without enforcing our copyrights to prevent its being disseminated

There's an idea (not sure if this is what you were implying): copyright your personal data. When you have to give info to someone, make them agree to a licence to use your info. "You are hereby granted a limited, non-exclusive right to this information. You may use this information internally within your company for the use of identifing and billing my account. you may not distribute this information to other parties or use it for any other purpose than stated above without my express written consent."

Then if they abuse it, you can sue them for copyright infringement.

Would this work?

Re:Information Wants to Be Free :P

[Doc+Ruby]

That might all have been workable law before. But it's clear that now we have problems that people without the right (in the strict sense of "inalienable ability") to copy my personal info are doing so, and violating other of my rights with their abuse. So we need the copyright law to be amended to cover personal info collected by the transmitter, like "this address and this social security number are collected under their relation to this person". When I copy my info to a recipient for a single transaction, the copyright is not transitive beyond that transaction, unless expressly agreed. Which means no storage, no propagation, no copying even within the recipient organization - or copyright has been violated.

Re:Information Wants to Be Free :P

[2nd+Post!]

I don't think only corporations have the right.

If you're information was leaked, I don't see why you couldn't sue Lexis/Choice/BofA.

The problem is whether you are suing for:
1) Damages
2) Liability
3) Criminal behavior

Damages? That depends on how much got stolen from you
Liability? I have no clue
Criminal behavior? I suppose that falls under 'negligence' but I don't know how they award damages for this.

Re:Information Wants to Be Free :P

[gstoddart]

We might be entering a time when the only chance of protecting one's rights is to incorporate, and assign all assets (IP and real) to it. Incorporation might become the modern blessing once expected of christening.

And the first legal dispute you get into, and your 'corporate assets' get liquidated by the courts.

Oh, sorry, only one corporation per human. You lost yours. Bummer. Off to the mines.

Re:Information Wants to Be Free :P

[Doc+Ruby]

How is one's corporate assets any less safe than one's personal assets in court? In fact, it's quite the other way around. And where is this "one corporation per human" rule? When taking risks, of course the assets will be shuffled to some more-protected corporation, giving the risk-taking corporation's limited liability more teeth. Just like any other corporation.

Re:Information Wants to Be Free :P

[gstoddart]

How is one's corporate assets any less safe than one's personal assets in court?

Corporations may be bought and sold.

Tommy Hilfiger no longer owns his name, it's a corporation.

When, as the grandparent suggested, you get a corporation as your birthright, it sounds awfully eerie to me. *shrug* Maybe the foil hat is too snug.

Re:Information Wants to Be Free :P

[Doc+Ruby]

SSNs need to be renewable. So once there's a risk that one SSN has become insecure, we can get new ones. That would cut down the number of unauthorized copies, through periodic cycling. Even more secure passwords, like PINs and logins, get cycled. They might need to add a couple of digits to SSNs, but it's already longer than the average "7 digits" people are said to remember easily. Meanwhile, playing one's personal info close to one's vest is a better strategy than blabbing it all over the place.

Re:Information Wants to Be Free :P

[Doc+Ruby]

One's personal assets may be bought and sold, too. They're just harder to devalue for tax purposes (among other tricks) than are corporate assets. And personal assets are more easily frozen than are corporate assets. I'd prefer a future in which humans have rights, and corporations have inferior rights. But that's very clearly the opposite of the actual trend. Coping might mean dignifying a disgusting values priority, but it's certainly feasible.

Re:Information Wants to Be Free :P

[1ucius]

Copyright simply does not protect facts, only expression, so no luck there. Trade secrets are probably out b/c you freely gave up the info. Probably have a plain old negligence suit, though, if you can show you were damaged.

Re:Information Wants to Be Free :P

[Afrosheen]

No shit. I had this happen the other day, buying something at an electronics store.

Cashier, while checking out: "Your email address?"

Me: "No."

Cashier: "No?"

Me: "Ok, put 'no at no dot com"

Cashier, smirking: "Done."

How long before ANYONE'S info hasn't been stolen?

[loggia]

With phishing, spyware, database theft... people picking thru your trash...

How long before ANYONE'S identity has not been stolen?

Seriously.

Why not just put a fraud alert on everyone's credit reports and let's get it over with. You want to apply for credit? You'll have to jump through a few more hoops...

The system as it is now is painfully broken.

Why is it, that Windows based companies...

are the worse at security on everything? Not just the OS, but everything about it. They spend 5x as much money and STILL they do not get it right.

Re:Why is it, that Windows based companies...

[SunFan]

Microsoft isn't just a software company, they are a culture. The people that are attracted to Microsoft value the appearance of convenience to real utility, and they value the appearance of convenience over real security. In the end they don't get utility, security, or convenience.

How long it will take ..

How long it will take someone to build a complete (may be 90%)databese of all americans thet will include SSN, DL#, Home address & Phone # etc. If this is the rate of privacy the thefts.

How much it will be worth it and to whome it will worth it.

Re:How long it will take ..

[Vlad2000]

In Westlaw it's called "People Search." Type in a name and some other information, such as what state the person lives in and Westlaw will give you the persons current address, past addresses, social security number, phone numbers, what elections they voted in, pretty much everything. I had a chance to play around with it about a month ago and was able to find all of the above information about myself. I was pretty blown away. You could even find the above info on Congressman and other high ranking government officals.

The problem is that a lot of information that you think is private it not and its already inside a computer somewhere. For instance if you have a listed phone number, your name, phone number, and address is inside a computer, thus it just takes a simple SQL query to retieve all of your past addresses and phone numbers. And of course since you chose to have a listed phone number all of that information is public. It just was a matter of time until Lexis and Westlaw linked all the databases. They are very good at that type of thing. The only way I see to truly protect your identity is to have a really common name.

Re:How long it will take ..

[stg]

I liked "databese" more. I guess that would be a very fat database, which makes sense since it would have to be very large to have everyone's data.

Re:How long it will take ..

[langelgjm]

From the Oxford English Dictionary:

"whom, pron.

Forms: [snip] 4-7 whome [snip]

1551 TURNER Herbal I. Kv, We haue no herbe in Englande that I knowe to whome all thes hole descriptions do agre."

From the same page:

"The objective case of WHO: no longer current in natural colloquial speech."

So while he might've been able to get away with 'to whome' 450 years ago, I don't ever recall 'worth' being a verb (at least not with his intended meaning). As a whole, the grammar (or lack thereof) of that post is fascinating. I hope he is not a native speaker.

Windows Servers

[zymano]

Looks like Windows 2000/NT servers.

Unpatched ?

Re:Windows Servers

[odin53]

The article says that the data stolen was collected by Seisent, which is a company that LexisNexis/Reed Elsevier acquired recently. Because of this, I doubt that looking up the netcraft report for www.lexisnexis.com will tell you much about where that data is stored.

If you look up Seisint, you'll see Linux/Solaris servers.

Is it really stolen?

[Sheetrock]

It can't be theft if the data is still there, right?

I am a man, not a number

[chiph]

I am a man, not a number!

Signed, #6

Re:I am a man, not a number

How about you and I get together for a good time?

Signed, #9

Washington Post article

[CRepetski]

The Washington Post has another article about this:
http://www.washingtonpost.com/wp-dyn/articles/A199 82-2005Mar9.html

Most organizations have some sort of regulatory body. Does the data harvesting industry have this?

Perhaps this should turn some heads in Congress now that we've got multiple cases of this insecurity. The question is, is Congress going to be able to do anything about it or will it be the same situation as with government computer security: Right now they just say "your security is bad" but that doesn't always fix the problem.

How can we really know who is affected?

[SunFan]

I know only the name of my phone company, for example, but I have no clue who they contract with for data processing or billing or marketing. How can we ever really find out if a security problem at one company affects us? These back-end companies are generally companies that serve niche markets and practically no one has heard of them.

Social Security numbers?

[mithras+the+prophet]

Did anybody else think -- what the hell is LexisNexis doing with peoples' Social Security numbers? But it turns out that this is a subsidiary that gathers up consumer data. So it's not that you have to key in your SSN before doing a Lexis search these days.

Though I'm sure Ashcroft^H^H^H^H^H Gonzales would like that idea...

Re:Social Security numbers?

[AtomicDog]

A company that does, and that refuses to do business with you if you refuse to give them your SSN is in violation of federal law.

Which federal law? I couldn't find anything about that from the SSA's website, but I did find this page:

When am I legally required to provide my Social Security number?:

"If a business or other enterprise asks you for your SSN, you can refuse to give it. However, that may mean doing without the purchase or service for which your number was requested. For example, utility companies and other services ask for a Social Security number, but do not need it; they can do a credit check or identify the person in their records by alternative means."

Also, your SSN is required for more than just tax purposes, as you claimed:

"Specific laws require a person to provide his/her SSN for certain purposes. While we cannot give you a comprehensive list of all situations where an SSN might be required or requested, an SSN is required/requested by:

• Internal Revenue Service for tax returns and federal loans
  
• Employers for wage and tax reporting purposes
  
• States for the school lunch program
  
• Banks for monetary transactions
  
• Veterans Administration as a hospital admission number
  
• Department of Labor for workers compensation
  
• Department of Education for Student Loans
  
• States to administer any tax, general public assistance, motor vehicle or drivers license law within its jurisdiction
  
• States for child support enforcement
  
• States for commercial drivers licenses
  
• States for Food Stamps
  
• States for Medicaid
  
• States for Unemployment Compensation
  
• States for Temporary Assistance to Needy Families
  
• U.S. Treasury for U.S. Savings Bonds"

The Privacy Act regulates the use of SSNs by government agencies. When a Federal, State, or local government agency asks an individual to disclose his or her Social Security number, the Privacy Act requires the agency to inform the person of the following: the statutory or other authority for requesting the information; whether disclosure is mandatory or voluntary; what uses will be made of the information; and the consequences, if any, of failure to provide the information.

(from the same page linked to above)

Finally, to the grandparent: yes, you can get a new SSN number assigned to you. Here's how:

How can I get a different Social Security number assigned to me?

The solution: Opt In

[sulli]

Of course the bastards will do everything in their power to prevent it, but the answer is federal regulations requiring the explicit permission of the affected parties before any data on any individual is sold to anyone.

I don't want a bunch of strangers reading my dossiers (and I have had exactly this - I was affected by the ChoicePoint scam). If I had to approve every offering or sale of my data, I would have easily been able to block said scam.

Ephemeral data

[1davo]

Perhaps we need to keep our identity data offline.

Our data should only live for the time it takes to make an online transaction; and not a femto-second longer.

I want a "Mission Impossible" ID that self-destructs!

How hard would this be to imple%$^? pfffttt __end_smoke_fx;

Legal comeback?

[danbond_98]

What kind of comeback do people have if their data is misused as a result of this? I know in the UK the Data Protection Act would cover this kind of thing, but are there powers in the US to prosecute LexusNexus should their failure to protect your data cause you loss?

*Not* Customer Profiles

[cfulmer]

It was information on 32,000 (anybody want to bet it was 32,768?) members of the public, not customers. To bad, in a way -- Lexis is used most by lawyers, judges, congresspeople and so on -- had the Lexis customer data been hacked and say all the judges on the 5th Circuit or the Ohio congressional delegation had their identities stolen as a result, you'd probably see reform a whole lot faster.

Re:*Not* Customer Profiles

[anagama]

I had lexis for a while. now westlaw, but for the lexis service, I have no recollection of giving them my SS#. We had to give firm name, lawyers who would use it, credit card unless we wanted to pay by check. But SS# ... not that. Aside from a credit card number, everything they got on me is already in the phone book. The problem here is with their subsidiary which is trying to collect information without people's assent. The subsidiary should be sued to hell by anyone who is affected. The irony would be if the plaintiffs' lawyers did their research on Lexis. *wild cackling*

Rivals?

[psaindon]

I'm not sure how the two are really comparable as rivals. LexisNexis (along with their rival in the legal profession, http://www.westlaw.com/ ) Provide excellent (as well as very expensive with searches running at over $70 per minute) coverage of court cases, codes, laws, public records, etc, which are all immensely helpful to legal types. Sure they have public records containing some personal information, but very little that isn't already available as public information (so things such as deeds, criminal records, voter registrations, etc), and it's definately not their primary focus in life.

Re:Tale of woe

[ackthpt]

Woe to the sysadmins at these places!

Sysadmins? Screw that, most of this shit happens with social engineering.

This is getting to be like the Enron/WorldCom type of scandal. Company X coughs up a few thousand files, Company Y coughs up a couple hundred thousand files, Company Z has the fucking barn door wide open and the theives have a battered pickup truck parked on the lawn and they're so damn surprised that it takes place.

So... where's the law that can be leveraged, saying these companies are responsible for keeping this information under lock and key, to hit them with the civil suits they so richly deserve for their laxis maxis business controls?

DSW Shoe Warehouse - Stolen CC Data

DSW's parent company, Retail Ventures, just issued the warning that thieves may have stolen credit card information for thousands of customers by hacking into the company's corporate database.

It only affects credit card customers who used their cards the past three months at more than 100 stores nationwide. There are at least eight locations in North Texas.

http://www.msnbc.msn.com/id/7137966/

Re:data mining

[eight08]

oops.. http://www.turbulence.org/Works/swipe/request.html

LexisNexis must die anyhow.

[Caspian]

They're flippin' evil. I'm sure I'm not the only one out there who's revolted by the fact that private corporations are the only effective sources of legal (read: public domain) data and other such public information. Shouldn't the government offer a LexisNexis-type service for free?

From the Wikipedia entry on Lexis-Nexis; all emphasis mine:

"LexisNexis is a popular searchable archive of content from newspapers, magazines, legal documents and other printed sources. Primary customers are lawyers and journalists.

Besides all current statutes, Lexis contains nearly all published case opinions in the United States back to the 1770s, and all unpublished (but publicly available) case opinions from 1980 onward. It also has full libraries of statutes and case opinions for many other common law jurisdictions like Australia and the United Kingdom.

News stories from the majority of English-language periodicals worldwide are available back to 1986, and there are a few articles available as far back as 1980.

Lexis has a library of public records, which includes current mailing addresses for nearly every living person in the United States. It has real property deeds and mortgages for most states.

A fee is charged for using the service. The fee was formerly hourly (at $300/hour or higher) but LexisNexis now prefers to negotiate monthly flat fees based on the user's ability to pay."

("Based on the user's ability to pay"? I wonder how they'd respond if I said "I barely can afford to pay my bills, much less offer you money for access to public domain data...")

Re:LexisNexis must die anyhow.

[eclectro]

Public records are free if you go down to the local courthouse and look up the information yourself.

It's the digitizing of the information that costs money. LexisNexis (and many others) pay somebody $8-$10 and hour looking up public casefiles, writing the information down (or typing it into a laptop) and sending it back to headquarters.

People are willing to pay (handsomely) to have this information at their fingertips when they need it, especially when it comes from a courthouse in another state.

I suspect that as time goes on, there will be more shakeout in this industry as the people with the records try to compete with the big players by digitizing the info themselves and selling it around.

Unfortunately issues such as privacy and security are going to be so much roadkill (as is other online rights are) as we no longer have a government that works on the behalf of the people.

People are going to argue with me about this, but we are ruled by whores. And I consider myself an optimist.

That's it!!!

[toupsie]

I'm changing my name to Holden McGroin. Let's see you try using that name in your ripoffs!

Re:Tale of woe

[MightyMartian]

I access Lexus Nexus thorugh my school login. Should I be worried?

Very definitely. You need to immediately report to the Credit Correct Center nearest you. Please advise a family member to pick up the ashes in 9-10 business days.

I want to avoid being like those schlubs

[Who+drank+my+chocola]

Recent events have forced me to examine and then re-examine my security arrangements. I'm the new admin for a small publishing concern and I'm playing catch up right now. Before I got hired, a lot of admin work was left undone. So I want to do a good job, and all this talk of data theft has me spooked...

I've inherited a mess. A total mess. Employees with default passwords (that never expire,) vendors from years long gone by with active accounts, some used recently... (Yeah, I've already disabled them.) The list just goes on.

My point is, when you read a story like this you feel bad for how screwed the admin(s) will be (especially if they have family) for a moment.

And then you get to work and double-check that you're not next in line for a public de-pantsing.

Social Security numbers?

[dbIII]

They should not be storing this information, it should only be for government use. Realisticly the implications are the same as the theives getting your credit card number, expiry date and PIN.

In this Homeland paranoia age where everything that is in the database must be right, you certainly don't want to see government ID numbers getting used in fraud. How do you go about getting a new Social Security number when the existing one is being used in fraud?

the law is...

[zogger]

...people willingly give away their personal property, their data, their "IP", then these other companies own it. If people just insisted that THEIR data was THEIR property and took care of it with that sort of mindset backed op with some rational laws, then this wouldn't happen, and these companies with the data warehouses wouldn't even exist like they do now.

Most people don't think that way, but people who start corporations DO think that way, they recognize valuable property when they see it, and make billions off of millions of people voluntarily giving away their property to them.

If it wasn't stolen from you directly, it's sure not your property anymore. If you donate your old TV to the thriftstore and they get broken into and that TV is stolen, well, "your" TV didn't get stolen, their TV got stolen. If you want to own and keep possession of your TV, well, don't give it away in the first place then. Simple concept, just apply it to your data. It's similar enough for conversational purposes anyway. "IP" ownership is bigtime in business, there's zero reason everyone's personal data "IP" shouldn't be theirs in total.

So people can't really say "their" stuff got stolen, some big companies stuff got stolen, they gave up their rights to full and complete ownership a long time ago. they already got "social engineered" out of ownership, just they don't realise it, or just don't care enough to think it through. Now that same data property down the pike got social engineered again, oh well, guess the original owner didn't care enough to hang on to it.

but, but..we can't live in society without giving our property away! Yep, that's the point, much less than .0001% people ever even tried one time to keep their data to themselves and to insist to government that this should be so. They never gave a care, to busy with entertainments or whatever to even lift a phone to make a call to a congress critter, or to say NO to some company "asking" for data they don't need really for a business transaction. Mass conditioning that it's socially cool to get ripped off. Shazzam, the world is full of thieves, maybe more people will stop and think about who they give their property to and why they give it away for what purposes now. Maybe it's a better idea to just retain ownership? One law would do it, too, your data is yours, it shouldn't be necessary to transfer ownership of your data just to do business someplace.

Re:Heres how they got hacked:

[rabbit994]

yea, how? Just because it's running IIS 5 doesn't mean it has 14 holes automatically. I would imagine it's either A. Unpatched or B. Holes in LexusNexus software. C. Social engineering.

Re:You have a point...

[symbolic]

However, I don't think the comparison with giving away a TV is accurate. One's name, address, phone number, social security number, drivers license number, etc., are attributes that are retained by the one who owns them. This information is simply provided under various circumstances. The fallacy here is that businesses and other entities have taken it upon themselves to decide that the mere act of provision extols upon them a right of ownership. While there are not yet any laws that clarify this, I maintain that it does not, Be that as it may, people must be proactive about how this information is used. Insist that it not be used for anything but the transaction at hand.