Slashdot Mirror

← Back to Stories (view on slashdot.org)

600,000 More Social Security Numbers Compromised

Posted by timothy on from the social-security-simply-isn't dept.

DoubleWhopper writes "This time it's Time Warner Inc. According to this CNN article, an 'outside storage company' is to blame for the latest significant loss of personal information. From the article: '...the tapes contained names and Social Security information on current and former Time Warner employees and some of their dependents and beneficiaries dating back to 1986.' Fortunately, the tapes are said to have no customer information, at least."

6 of 34 comments (clear)

  1. What sucks is... by digerata · · Score: 2, Interesting
    There is enough compromised data out there to keep theives busy for years and years.

    While companies say they will cover the costs of what happens to your identity, what if it doesn't happen right away? What if its 5 or 6 years from now? What is your recorse? How do you prove after that much time has passed that your identity was compromised by a particular company? Hell, in that much time, I would probably forget any of this happened.

    --

    1;
  2. Social security numbers... by breakbeatninja · · Score: 3, Interesting

    Are very flawed forms of identification. With them you can find the associated name, birth date, bank accounts, loans, credit cards, properties, etc. They are extremely exploitable and yet the security that surrounds them is minimal. What a lot of people may not know is you ARE NOT required to give your social security number to utilities, banks, creditors, etc. Sure, it helps your standing with them and they can probably find them on their own, but I personally think with the amount of abuse of this central identification number there needs to be a new, more secure system with safe guards to prevent this sort of rampent abuse. The first step is for financial institutions to limit the customer's liability for identity theft related fraud, because they're insured by the FDIC. After that, perhaps a biometric or RFID identification system could eventually be implemented. I know it sounds very big brotherish, but the current system is horrible.

    --
    shop.envescent.com - Computer hardware and more.
    1. Re:Social security numbers... by anthony_dipierro · · Score: 2, Interesting

      What a lot of people may not know is you ARE NOT required to give your social security number to utilities, banks, creditors, etc.

      Required by what? By law? Yes, there isn't a law saying you have to give your social security number to any of those people. But you are required to give your social security number to most of those people, by those people (in other words, if you want to do business with them).

      Sure, it helps your standing with them and they can probably find them on their own, but I personally think with the amount of abuse of this central identification number there needs to be a new, more secure system with safe guards to prevent this sort of rampent abuse.

      The vast majority of businesses know this. And the ones that don't will find it out really quickly. Knowing a social security number doesn't prove you are who you say you are.

      The first step is for financial institutions to limit the customer's liability for identity theft related fraud, because they're insured by the FDIC.

      Limit liability? You have no liability whatsoever for identity theft related fraud. The law is already firmly on your side on that. You're never going to be required by a court to pay back a loan that you didn't take out just because someone knew your social security number. That would be ludicrous.

      After that, perhaps a biometric or RFID identification system could eventually be implemented. I know it sounds very big brotherish, but the current system is horrible.

      No, the current system is (pretty much) already fine. A business who wishes to extend credit to someone can use whatever means they wish to identify that person. If they screw up and misidentify the person, and that person never pays back, that's their problem. We don't need the government to step in and mandate what form of identification you need to check in order to extend credit to someone. Yes, that would be very big brotherish, and it would be a terrible idea.

      RFID? I'm not sure what that would help. RFID is utterly insecure, the benefit of it is convenience, not security. Yes, biometrics are a help, and we've already got a fairly good biometric system set up - the photo ID. Beyond that, for places making significant loans or needing to check your credit which can't verify your address, there's another biometric system commonly used - the fingerprint. Many banks require fingerprints when you cash a check there without having an account, and almost all check cashing places do. In order to get an account, you almost always have to verify that you receive mail at your address and receive phone calls at your non-mobile telephone number.

  3. A solution to the ID crisis... by Dark+Coder · · Score: 3, Interesting

    To reduce the identity theft immensely, one or more of the following MUST be legislated:

    1. Replace the SSN with SecureID card with challenge keypad (none of those biometric foo-foo crap, bio is non-revokable)

    2. Make data aggregation illegal (ooooh, sorry credit bureaus)

    3. Make IRS the focal point of multi-keyed 2nd-generation SSN registration centre (sorry SSA, you screwed up, big-time!)

    4. Customer "optionally" generate a NEW SSN for each business or financial institutions. (remember, data aggregation should be illegal)

    5. Credit Bureau would function just fine (just a bit laggard with aggregation effort).

    Once imposed, identity theft would (I guarantee this) be reduced to insignificant amount.

    UNTIL THEN, nothing is currently being done to reduce the water flow from the Dutch Boy's leaking dikes.

    It doesn't take much brain to resolve this crisis, just time and money. The Congress has absolutely no clue on how to fix this mess... Write your congressman today with these suggestions.

  4. Re:Tired old excuse.... by Seumas · · Score: 2, Interesting

    Apparently you know nothing about having your identity stolen. Very often, when someone has their identity stolen, they are treated like the criminal and not the victim. At the worst, the corporate entity that extended credit to "them" can write it off, get a tax break and just up their fees annually to cover for it. The victim, however, will have their credit ruined at the least.

    When your identity is stolen, there is very little you can do about it. A lot of people have been left in total financial ruin by just such unfortunate means. And when all of my identity was stolen five years ago (from my office, no less), the local police didn't offer any hope or information. Their only comment was "well, we've got this in the record which might help you, but chances are you're now the victim of identity theft, so keep an eye on things".

    I asked them "and if I find problems arising out of this?".

    They didn't really have much to offer. They said to just contact them again so they could make a record of whatever additional complaints arose - but they seemed to feel I was essentially screwed. I'm only lucky that the person was apparently too stupid to know what data they had (they had my social security card, state photo identification card, birth certificate, pay stub, bank account and checking numbers)...

  5. Re:Tired old excuse.... by CaptainZapp · · Score: 2, Interesting
    And when all of my identity was stolen five years ago

    Well, first of all: Sorry for that. From all I know it sucks and I hope you could rectify the situation.

    Even though I believe your co-debator has a slightly simplified view of life, the universe and all, nevertheless I agree with what he says in spirit.

    If a financial institution is so friggin' greedy to provide everybody presenting a valid SSN with actual money they deserve to be hit and hit hard!

    There's such a thing called due diligence.

    This applies to me as the owner of a small data management consultancy. For example: When I take on a new customer I look at the customer. I might even run a financial check on that customer. If my customer is - say - a global company or the national Postbank I wouldn't do that, since I consider them well known, reliable entities. If Joe Blows Cheap PC Support wants to engage me, I try to make sure that JB is not at the verge of bankrupcy. I might even ask for a part of my fees up-front. If I did my homework and are nevertheless stiffed, well that's the risk of running a business. But the point is: I try to mitigate that risk

    This should not be different for a financial institution. If they provide every smooth talking Jasper presenting an SSN with actual credit, then it should be the responsibility of the finance bozos to clean up their act and recuperate their money.

    Now - and this is probably what your fellow debator fails to grasp: In the real world you're the one with the mess, it can take years to clean up and it will fuck up your credit history left right and central.

    In most of Europe laws seem to favour the consumer. A business that fails to check out a loan applicant would be laughed out of court and made aware in no uncertain words that they cannot tamper with the victims credit history at their discretion. There are pretty strong data protection laws in place which provide fairly stringent tools to fight offenders.

    Unfortunately the US seems to take a directly opposite approach. Business must be efficient, cost effective, streamlined and if there's collatoral damage, well that's just tough shit.

    --
    ich bin der musikant

    mit taschenrechner in der hand

    kraftwerk