600,000 More Social Security Numbers Compromised

← Back to Stories (view on slashdot.org)

600,000 More Social Security Numbers Compromised

Posted by timothy on Monday May 2, 2005 @10:26AM from the social-security-simply-isn't dept.

DoubleWhopper writes "This time it's Time Warner Inc. According to this CNN article, an 'outside storage company' is to blame for the latest significant loss of personal information. From the article: '...the tapes contained names and Social Security information on current and former Time Warner employees and some of their dependents and beneficiaries dating back to 1986.' Fortunately, the tapes are said to have no customer information, at least."

10 of 34 comments (clear)

Min score:

Reason:

Sort:

Tired old excuse.... by Psmylie · 2005-05-02 10:29 · Score: 4, Insightful

I think its funny that they always make sure to note that it's an outside company... in my opinion, it doesn't really matter if it's an outside vendor or not, the company who owns the data is still responsible for the security of that information. Are the vendor's procedures inadequate? Well, it was your company's job to find that out before contracting with them. Were they not following procedures? Well, it's your company's job to check up on them and make sure they're following them.
Honestly, I'd like to see all of the victims of ID theft get together and start filing class-actions against the companies that allow this sort of thing to happen. Maybe if we start hitting them in the pocketbook, these companies will start taking data security seriously.

--

psmylie's dictionary: Godzillion (noun) Any number large enough to destroy Tokyo
1. Re:Tired old excuse.... by Seumas · 2005-05-02 16:50 · Score: 2, Interesting
  
  Apparently you know nothing about having your identity stolen. Very often, when someone has their identity stolen, they are treated like the criminal and not the victim. At the worst, the corporate entity that extended credit to "them" can write it off, get a tax break and just up their fees annually to cover for it. The victim, however, will have their credit ruined at the least.
  
  When your identity is stolen, there is very little you can do about it. A lot of people have been left in total financial ruin by just such unfortunate means. And when all of my identity was stolen five years ago (from my office, no less), the local police didn't offer any hope or information. Their only comment was "well, we've got this in the record which might help you, but chances are you're now the victim of identity theft, so keep an eye on things".
  
  I asked them "and if I find problems arising out of this?".
  
  They didn't really have much to offer. They said to just contact them again so they could make a record of whatever additional complaints arose - but they seemed to feel I was essentially screwed. I'm only lucky that the person was apparently too stupid to know what data they had (they had my social security card, state photo identification card, birth certificate, pay stub, bank account and checking numbers)...
2. Re:Tired old excuse.... by CaptainZapp · 2005-05-03 00:44 · Score: 2, Interesting
  
  And when all of my identity was stolen five years ago
  Well, first of all: Sorry for that. From all I know it sucks and I hope you could rectify the situation.
  
  Even though I believe your co-debator has a slightly simplified view of life, the universe and all, nevertheless I agree with what he says in spirit.
  
  If a financial institution is so friggin' greedy to provide everybody presenting a valid SSN with actual money they deserve to be hit and hit hard!
  
  There's such a thing called due diligence.
  
  This applies to me as the owner of a small data management consultancy. For example: When I take on a new customer I look at the customer. I might even run a financial check on that customer. If my customer is - say - a global company or the national Postbank I wouldn't do that, since I consider them well known, reliable entities. If Joe Blows Cheap PC Support wants to engage me, I try to make sure that JB is not at the verge of bankrupcy. I might even ask for a part of my fees up-front. If I did my homework and are nevertheless stiffed, well that's the risk of running a business. But the point is: I try to mitigate that risk
  
  This should not be different for a financial institution. If they provide every smooth talking Jasper presenting an SSN with actual credit, then it should be the responsibility of the finance bozos to clean up their act and recuperate their money.
  
  Now - and this is probably what your fellow debator fails to grasp: In the real world you're the one with the mess, it can take years to clean up and it will fuck up your credit history left right and central.
  
  In most of Europe laws seem to favour the consumer. A business that fails to check out a loan applicant would be laughed out of court and made aware in no uncertain words that they cannot tamper with the victims credit history at their discretion. There are pretty strong data protection laws in place which provide fairly stringent tools to fight offenders.
  
  Unfortunately the US seems to take a directly opposite approach. Business must be efficient, cost effective, streamlined and if there's collatoral damage, well that's just tough shit.
  
  --
  ich bin der musikant
  mit taschenrechner in der hand
  kraftwerk
Alway's Compromised by Seumas · 2005-05-02 10:31 · Score: 4, Insightful

Hell, I consider my social security number compromised every time I'm forced to give it to a $8/hr customer service person over the phone to get my Cable, Internet, Telephone, Gas, Electricity services, rent a car, get a loan, get a bank account, apply for a job.

Even when it's acceptable to request a social security number (an employer), you aren't promised that someone in the chain won't take your information for their own use. *shrug*
1. Re:Alway's Compromised by real+gumby · 2005-05-03 05:58 · Score: 2, Informative
  
  I'm forced to give it to a $8/hr customer service person over the phone to get my Cable, Internet, Telephone, Gas, Electricity services, rent a car, get a loan, get a bank account, apply for a job.
  For most of those cases you can get away without doing this. When people ask for my SSN I just tell 'em "I'm a foreigner" and they just assume that that means "....and so I don't have one." And since they generally do want to do business with me, they find a way around the problem.
  
  The really really nice thing about this is that the poor clerk taking my order doesn't need to get harshed about SSN politics, or even have to listen to a pointless rant. They just cast about and figure a way around the problem -- perfect! In fact they don't even see it as me causing a problem. It's just some faceless bureaucratic hassle that both of us are dealing with.
  
  (As it turns out I am a foreigner, but telling people that is about as useful as telling 'em "I have brown hair" since most foreigners in the USA for more than a brief holiday end up needing an SSN anyway. But most people don't realise that).
What sucks is... by digerata · 2005-05-02 11:00 · Score: 2, Interesting

There is enough compromised data out there to keep theives busy for years and years.
While companies say they will cover the costs of what happens to your identity, what if it doesn't happen right away? What if its 5 or 6 years from now? What is your recorse? How do you prove after that much time has passed that your identity was compromised by a particular company? Hell, in that much time, I would probably forget any of this happened.

--

1;
Social security numbers... by breakbeatninja · 2005-05-02 11:31 · Score: 3, Interesting

Are very flawed forms of identification. With them you can find the associated name, birth date, bank accounts, loans, credit cards, properties, etc. They are extremely exploitable and yet the security that surrounds them is minimal. What a lot of people may not know is you ARE NOT required to give your social security number to utilities, banks, creditors, etc. Sure, it helps your standing with them and they can probably find them on their own, but I personally think with the amount of abuse of this central identification number there needs to be a new, more secure system with safe guards to prevent this sort of rampent abuse. The first step is for financial institutions to limit the customer's liability for identity theft related fraud, because they're insured by the FDIC. After that, perhaps a biometric or RFID identification system could eventually be implemented. I know it sounds very big brotherish, but the current system is horrible.

--
shop.envescent.com - Computer hardware and more.
1. Re:Social security numbers... by anthony_dipierro · 2005-05-02 12:33 · Score: 2, Interesting
  
  What a lot of people may not know is you ARE NOT required to give your social security number to utilities, banks, creditors, etc.
  
  Required by what? By law? Yes, there isn't a law saying you have to give your social security number to any of those people. But you are required to give your social security number to most of those people, by those people (in other words, if you want to do business with them).
  
  Sure, it helps your standing with them and they can probably find them on their own, but I personally think with the amount of abuse of this central identification number there needs to be a new, more secure system with safe guards to prevent this sort of rampent abuse.
  
  The vast majority of businesses know this. And the ones that don't will find it out really quickly. Knowing a social security number doesn't prove you are who you say you are.
  
  The first step is for financial institutions to limit the customer's liability for identity theft related fraud, because they're insured by the FDIC.
  
  Limit liability? You have no liability whatsoever for identity theft related fraud. The law is already firmly on your side on that. You're never going to be required by a court to pay back a loan that you didn't take out just because someone knew your social security number. That would be ludicrous.
  
  After that, perhaps a biometric or RFID identification system could eventually be implemented. I know it sounds very big brotherish, but the current system is horrible.
  
  No, the current system is (pretty much) already fine. A business who wishes to extend credit to someone can use whatever means they wish to identify that person. If they screw up and misidentify the person, and that person never pays back, that's their problem. We don't need the government to step in and mandate what form of identification you need to check in order to extend credit to someone. Yes, that would be very big brotherish, and it would be a terrible idea.
  
  RFID? I'm not sure what that would help. RFID is utterly insecure, the benefit of it is convenience, not security. Yes, biometrics are a help, and we've already got a fairly good biometric system set up - the photo ID. Beyond that, for places making significant loans or needing to check your credit which can't verify your address, there's another biometric system commonly used - the fingerprint. Many banks require fingerprints when you cash a check there without having an account, and almost all check cashing places do. In order to get an account, you almost always have to verify that you receive mail at your address and receive phone calls at your non-mobile telephone number.
Re:Just goes to show by Flendon · 2005-05-02 13:33 · Score: 2, Insightful

That will definatly solve the problem. Outsourcing to India is a great idea. They would never steal our money over there.

If your going to post something like this you should really make your meaning clear. Are you being sarcastic and mean that the outsourcing is NOT the answer? Or as the fact you posted AC implies you are serious? If you had used your name I would have immeadiatly taken this for sarcasm as mine was, but since you are signed AC it makes you seem as if you are serious and an idiot.

--
chown -R us ./base
A solution to the ID crisis... by Dark+Coder · 2005-05-02 14:00 · Score: 3, Interesting

To reduce the identity theft immensely, one or more of the following MUST be legislated:

1. Replace the SSN with SecureID card with challenge keypad (none of those biometric foo-foo crap, bio is non-revokable)

2. Make data aggregation illegal (ooooh, sorry credit bureaus)

3. Make IRS the focal point of multi-keyed 2nd-generation SSN registration centre (sorry SSA, you screwed up, big-time!)

4. Customer "optionally" generate a NEW SSN for each business or financial institutions. (remember, data aggregation should be illegal)

5. Credit Bureau would function just fine (just a bit laggard with aggregation effort).

Once imposed, identity theft would (I guarantee this) be reduced to insignificant amount.

UNTIL THEN, nothing is currently being done to reduce the water flow from the Dutch Boy's leaking dikes.

It doesn't take much brain to resolve this crisis, just time and money. The Congress has absolutely no clue on how to fix this mess... Write your congressman today with these suggestions.