Slashdot Mirror

← Back to Stories (view on slashdot.org)

Data Theft and Corporate Irresponsibility?

Posted by ryuzaki0 on from the they-lose-we-pay dept.

cjsnell asks: "Today, I received a letter from a student loan provider notifying me that my name and social security number had been stolen along with a contractor's computer. This makes -four- agencies that have lost my personal information, in the last year. Today's letter was the most disappointing yet: the company, Texas Guaranteed, did not offer any credit report monitoring like the previous three had. Their advice? Send a letter to the credit bureaus. Gee, thanks. Clearly, mass identity theft is completely out of hand and there doesn't seem to be any government regulation for handling these situations, nor does there seem to be any punitive action against businesses that lose customers' data. Do we, as consumers, have any recourse against these businesses?"

20 of 352 comments (clear)

  1. Completely out of hand by hackwrench · · Score: 4, Insightful

    There is a growing and growing group of things that seem completely out of hand once it happens to you. I'm not sure who "we" are, but we need to get together either as a nation or a planet or just some concerned human beings and take a serious look at where we are and where we want to go from here.

    1. Re:Completely out of hand by plover · · Score: 5, Insightful
      In this particular case I think the credit reporting agencies have way too much power. Their information is used for everything from cell phone contracts to insurance rates to employment background checks. And they've done it without oversight, without honesty and without ethics. They will collect, report and do anything to sell someone another peek at your Fair Isaac score. And every company wanting to sell anything at all gets to use this automated system of discrimination ("hey, it's not a race/ethnic thing, it's just your computer score and the computer is color blind." As if having an address in The Projects would be anybody's choice, yet it all factors into your score.)

      We've evolved our own Big Brother via capitalism.

      Somewhere, Karl Marx and George Orwell are sharing a laugh from beyond the grave.

      --
      John
    2. Re:Completely out of hand by gEvil+(beta) · · Score: 4, Insightful

      I'd tell people to mod you up, but you can't go any farther. As I've often said in the past (and will continue to say), the credit reporting agencies don't give a shit about you. They have no reason to care about whether the information they have on file for you is accurate. YOU ARE NOT THEIR CUSTOMER. Their customers are the ones they're selling your information to. When you contact them to complain about inaccurate information, they consider it a nuisance that *might* need to be dealt with. And the simple reason is because YOU ARE NOT THEIR CUSTOMER.

      --
      This guy's the limit!
  2. starting over by silentscope · · Score: 5, Insightful

    Start over with a fresh identitiy.

  3. Re:I just got "the letter" too by Anonymous+Brave+Guy · · Score: 5, Insightful
    If the most well-funded military in the world can't keep a lid on our personal data, who can?

    Someone who never has the data to lose in the first place.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  4. Don't be so quick to give it up by mr_stinky_britches · · Score: 3, Insightful

    Generally, it has been my experience that people are completely willing to give up very private information whenver demanded by a company or similar seemingly legitimate and authoritative entity. I encourage everyone to be more wary and careful about who they give their SSN to. Identity theft has become a rampant problem for many people all over the world. We have to wise up and Just Say No.
    --
    http://wi-fizzle.com

    --
    Censorship is obscene. Patriotism is bigotry. Faith is a vice. Slashdot 2.0 sucks.
  5. Re:Prepaid legal by nacturation · · Score: 3, Insightful

    If you're afraid of your identity being stolen, Prepaid Legal can help.

    An MLM scheme will help me with my fears? Do they offer counseling to overcome these fears?

    I got modded down last time...

    No kidding. It's like all these free iPod sites -- you get modded down because you're just hoping people will join your MLM so that you can personally profit from their fears.

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  6. Re:I think Ice Cube said it best by R2.0 · · Score: 5, Insightful

    Congress will care about it when a laptop full of THEIR personal data gets stolen.

    Just like the Jefferson fiasco - FBI busts down a citizen's door, it's strong justice; bust down a Congresscritter's door and it's a CONSTITUTIONAL CRISIS!!!!omgwtfbbq

    --
    "As God is my witness, I thought turkeys could fly." A. Carlson
  7. What I've done by cimmer · · Score: 4, Insightful

    I've stopped worrying about whether or not my information is out there. Having been involved in IT security in the financial services industry for some time now, I know how haphazardly our personal information can be treated. Many company executives don't want to spend the money to turn already functional and profitable systems into secure data stores or the money to hire enough skilled security personnel as they are cost centers, not revenue producers.

    Instead I've gone on the defensive and assumed that my identity is already compromised. I coughed up $130 for 3 in 1 credit monitoring services (one of the big three credit bureaus has a two for one going if you call them. got a spouse?). I also keep close tabs on my credit and debit card activities, which doesn't require all that much effort since I cancelled all but 2 credit cards and my debit card. It means some money and time spent up front, but it's not too intrusive and it gives me a reasonable degree of confidence.

    As long was we maintain some degree of privacy, identity theft is here for the forseeable future. I'm not saying don't hold companies responsible. I am saying realize that many companies in control of your information will be irresponsible regardless of what they can be held accountable for and that it's a good idea to take some personal responsibility for protecting yourself.

  8. Re:Liability, liability, liability by bmwm3nut · · Score: 3, Insightful

    I don't like the idea of a "safe harbor" or anything like that. If I give my money to a bank and they lose it, even through a "genuine mistake", I get it back. Likewise, I expect that if I give information to a company, and they lose it, they are liable for any harm that comes from that loss. The trouble is that when the governemnt gets involved, then the lawyers at the companies will get involved and they'll look for loopholes and such. There have been a couple of laws passed in the last couple of years that give protection to the companies (Why do you think the submitter was notified of the data loss? Not because the company cares about the submitter, but they get legal protection if they notify of the loss), what we need is to not have those laws and let it up to people to bring civil cases against the companies that lose the data. Yes it will be expensive, but after a few precidents are set, then it'll be easier for the little guy to go after the big companies that lose the info.

  9. class action lawsuit by bunions · · Score: 3, Insightful

    This sort of thing is exactly why class action lawsuits exist. Find a lawyer, start one. Companies will do whatever is most cost-effective, so you simply need to make losing your private data expensive.

    --
    there is no need to sign your posts. this isn't usenet. your username is right there above your post. stop it.
  10. Re:I just got "the letter" too by MillionthMonkey · · Score: 5, Insightful

    One of these days some government employee is going to run an errand with a laptop in his car and a lucky car thief will drive off with every single name and Social Security number in the country. You could fit them all on a USB thumb drive. And they could be all over the Internet within hours. It would be game over for Social Security numbers and the rickety infrastructure that has been built on top of them. It's only a matter of time before this happens. It might not be in a single theft as I described, but smaller thefts will eventually add up to the point where everyone's SSN has been compromised, and someone is going to compile them and make them widely available.

    That would be the most bitchin' thumb drive, wouldn't it? You could show it to all your friends and taunt them. I'd better not lose my keys or you're all screwed!

  11. Its not your data, bub. by xkr · · Score: 3, Insightful
    Under the law, it's not your data, it's theirs. Yup. Absolutely 100% true. Whoever collects data, owns the data. There is no legal basis whatsoever that information about you is owned by you, but for two exceptions: (1) Conversations with your lawyer are privileged, and (2) medical information. So, except for the lawyer and doctor lobby, you are hosed.

    Would this be a good time to put in a plug for a constitutional amendment that extends personal property rights to personal data?

    --
    I will create a sig when innovation restarts in the U.S.
  12. Re:the less information collected the better by kcbrown · · Score: 3, Insightful
    For most things, organizations don't need much if any of your information. The want it to mine... there is no down side for them.

    And, in general, you need their services more than they need your business. And it's not like you can count on competition to solve the problem: they're all like this, and it's likely there's a "gentleman's agreement" in place to keep things as they are. After all, nobody (except the customer) really benefits if someone steps up to the plate with a smaller information requirement.

    Which means you'll have to just suck it up and deal, because your only other option is to not make use of the type of service in question at all.

    If legislation also made them accountable for data theft then you would see a lot less information collected. That would be a good thing.

    Which is why it won't happen.

    Welcome to the 21st century, where corporations, not you, control what happens to your information.

    --
    Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
  13. Best solution is... by Dark+Coder · · Score: 5, Insightful

    Make the Social Security Number public to EVERYONE.

    That's right, cat's out of the bag. Can of worm has been opened. Too late.

    Ban use of Social Security Number as an identifier, except for Social Security, like it was supposed to be in the first place.

    Each business entities must use their OWN issued numbers.

    Wide-reaching Identity Theft Containment problem limited to just the affected business.

    Now, it is time to look into three-way public keys to ensure that consumer data is not misused:

          1. Merchant/Business/Corporation
          2. End-user/User/
          3. Arbitrator/Government

    With keys signed by each other in 3-ways, secured identification and security of data compartmentilization has been greatly enhanced.

    Each and every transaction is signed, sealed and delivered by all 3 parties.

    Now, let's get an infrastructure going on this...

    Even Bruce Schneier agrees to this.

  14. "Get over it" and serve your masters by Anonymous Coward · · Score: 4, Insightful

    Yeah, you've got no privacy, but that's not cause to "get over it." The reason you've got no privacy is that you are coerced into giving up your private information -- coerced by government identity-tracking, supposedly for tax purposes but far, far expanded; coerced by effective cartels, like the credit and banking industries; and coerced by laws which support those cartels in their demand for your private information. You don't even have a choice, unless you want to live as a hermit, and at an incredible economic disadvantage.

    Having no privacy isn't the problem in itself; the problem is other people exercising control over you with that information. Don't "get over it." Stand up to it.

  15. Re:Recourse by Ihlosi · · Score: 4, Insightful
    Let me get this straight; so you think if a bank gets robbed we should prosecute the bank and not the robber?



    If the bank stores all their customers' cash in cardboard boxes behind the building, then yes, prosecuting the bank would be in order.



    Also, your rhethorical question is wrong. The robber will be prosecuted in any case (for robbery), even if the bank is prosecuted for gross neglegience.

  16. Credit Card companies make money on fraud! by tres3 · · Score: 3, Insightful
    That's right, when a card is fradulently used they charge the purchase back to the retailer. That way they get a transaction fee on the original sale and then a bonus transaction fee when they carge the retailer for the fraud that they allowed to happen. The trick to wiping it out overnight is make the fraud cost the credit-card company money. As it stands now they have absolutely no insentive to do much about it. Did they not issue the fradulent card to someone other than you after your identity is stolen? Do they have no responsibility to verify the information they receive? Do they not have a responsibility to the retailer to honor debts that they authorize? (Well not really, that's what the merchant agreement is for. You don't like it? Don't accept credit cards.) It is no wonder that the most profitable industry last year was the banking/finance industry. It is also no wonder that they contribute the most to the politicians. On one side they change the bankruptsy laws so you can't get out of debit and start over and on the other they are pushing off the responsibility to the merchants as much as possible too. More reading:

    http://www.smithfam.com/news2/july02a.html
    http://www.answers.com/topic/credit-card-fraud
    One of the two (answers/wikipedia) plagerized the other. ;-)
    http://en.wikipedia.org/wiki/Credit_card_fraud

    Make the credit card companies take responsibility. Make it them that has to pay for fraud and the situation will rememdy itself overnight!

    --
    Restore America: Dr. Ron Paul for President!
  17. Re:Simple... by frisket · · Score: 3, Insightful
    > Do we, as consumers, have any recourse against these businesses?

    Nope.

    If you choose to live in a country where the government is pro-corporation instead of pro-people, you've got to accept that you're powerless. If you don't like the heat, get out of the kitchen -- or do something about the chef :-)

  18. Re:Recourse by beh · · Score: 3, Insightful

    The comparison is a bit slanted, if a someone robs your bank, you're not really inconvenienced, as the bank is insured - your money is safe.

    This particular case is more like you depositing a copy of your house key with your neighbour (in case you should lose yours), and that KEY gets stolen. Your neighbour might tell you that the key is gone - and worse yet, that the key actually has a tag with your name and address attached to it. So, until you can go and change your locks, your home is basically compromised and it takes a lot of effort keeping it safe, until the locks are replaced.

    With the stolen social security numbers, you can't switch your social security number easily, if at all? Is it possible at all to apply for a new social sec no in the US moving your data to the new one, but invalidating the old one?

    In the example with your key getting stolen from a neighbour's property; of course, it's not really the neighbour's fault, if someone breaks into his house.

    BUT - the neighbour might be liable, if gross negligence aided losing the key in the first place (i.e. putting up a sign with an arrow pointing to the key with all the data as to whose key it is, right outside on the front lawn - without any protective measure).

    If an agency hands over your data to an outside contractor - they HAVE to put safeguards in place (check out the contractor's background/reputation, and *his* security measures), because they are handing away data that you *entrusted* to them. Just handing out blanket data, without properly protecting it (really good encryption, at the least, with the key being nowhere near the laptop during transport), is them breaking your trust.

    And THAT is something that might make them very well liable for what happens.

    (Needless to say - even those that will pay for free credit checks for a year, what's that to say, at all? THEY broke your trust by not safeguarding the data, and while they pay for the checks (for a limited time), they are not paying for your time following up the checks and/or the hassle in case something happens.)