Slashdot Mirror

← Back to Stories (view on slashdot.org)

Data Theft and Corporate Irresponsibility?

Posted by ryuzaki0 on from the they-lose-we-pay dept.

cjsnell asks: "Today, I received a letter from a student loan provider notifying me that my name and social security number had been stolen along with a contractor's computer. This makes -four- agencies that have lost my personal information, in the last year. Today's letter was the most disappointing yet: the company, Texas Guaranteed, did not offer any credit report monitoring like the previous three had. Their advice? Send a letter to the credit bureaus. Gee, thanks. Clearly, mass identity theft is completely out of hand and there doesn't seem to be any government regulation for handling these situations, nor does there seem to be any punitive action against businesses that lose customers' data. Do we, as consumers, have any recourse against these businesses?"

14 of 352 comments (clear)

  1. the less information collected the better by carsonc · · Score: 5, Interesting

    For most things, organizations don't need much if any of your information. The want it to mine... there is no down side for them. For the companies that do need data, I believe that every field in a credit report should have a complete audit history and companies should have to pay up and fix their mistakes. If legislation also made them accountable for data theft then you would see a lot less information collected. That would be a good thing.

  2. starting over by silentscope · · Score: 5, Insightful

    Start over with a fresh identitiy.

  3. Liability, liability, liability by electroniceric · · Score: 5, Interesting

    There are two simple prescriptions for this:

    1) Create and enforce real liability for loss of personal data. After that it may make sense to introduce "safe harbor" general privacy regulation (unlike domain-specific regulation like HIPAA) where if you comply with the regs, you get relief from liability in the event of a genuine mistake or contingency.

    2) Create and enforce real responsibility of credit providers and credit bureaus. Allow consumers to immediately suspend any line of credit, and require true checks before issuing credit (no more instant credit). No more endless paper battles to get credit ratings fixed, charges rescinded, etc. [These previous two were cribbed from Kevin Drum at WashingtonMonthly.com. He expouns on this subject quite regularly]. Liability for failing to properly check that credit is properly issued or used, which is supposed to be the reason why vendors and buyers pay exorbitant credit card rates in the first place.

    Get the liability in order and regulation will the preferable alternative.

  4. I just got "the letter" too by bsartist · · Score: 5, Informative

    Mine came from the Dept. of Veterans Affairs. You might have seen the story about the stolen laptop on the news. If the most well-funded military in the world can't keep a lid on our personal data, who can?

    --
    Lost: Sig, white with black letters. No collar. Reward if found!
    1. Re:I just got "the letter" too by Anonymous+Brave+Guy · · Score: 5, Insightful
      If the most well-funded military in the world can't keep a lid on our personal data, who can?

      Someone who never has the data to lose in the first place.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    2. Re:I just got "the letter" too by MillionthMonkey · · Score: 5, Insightful

      One of these days some government employee is going to run an errand with a laptop in his car and a lucky car thief will drive off with every single name and Social Security number in the country. You could fit them all on a USB thumb drive. And they could be all over the Internet within hours. It would be game over for Social Security numbers and the rickety infrastructure that has been built on top of them. It's only a matter of time before this happens. It might not be in a single theft as I described, but smaller thefts will eventually add up to the point where everyone's SSN has been compromised, and someone is going to compile them and make them widely available.

      That would be the most bitchin' thumb drive, wouldn't it? You could show it to all your friends and taunt them. I'd better not lose my keys or you're all screwed!

  5. Re:Simple... by Ruff_ilb · · Score: 5, Funny
    Tell them that if you don't get your credit card watched, you're going to burn the place down. Burn it to the ground, and then take a vacation in some far off tropical place.
    Like Nigeria? I hear there are lots of... lucrative... investment opportunities over there.

    Just Email me with your Name, Address, Social Security number, and Credit Card information and I'll take care of it all.
    --
    http://www.TheGamerNation.com/Forums
  6. You can place a fraud alert on your credit report by tlambert · · Score: 5, Informative

    You can place a fraud alert on your credit report. An initial alert does not require a police report, and lasts for 90 days. During this time, you may end up having to jump through additional hoops to obtain new credit.

    The easiest way to put an alert is to use the online form at Experian; alternately, you can call any of the credit reporting agencies to also set up an alert, if you want to do it by phone, instead.

    The direct link for the Experian site to do this is:

    https://www.experian.com/consumer/cac/InvalidateSe ssion.do?code=SECURITYALERT

    More advice available here for identity theft victims:

    http://www.consumer.gov/idtheft/con_steps.htm

    Hopefully, you will not need it.

    -- Terry

  7. Yep... by msauve · · Score: 5, Interesting
    unless they're making payments to my Social Security "account," (i.e. paying me on a W2) they don't get my SSN. Unless they're [i]required[/i] by law to report tax info, they don't get my Federal Taxpayer ID (which happens to be the same as an SSN). I even went after my employer for violation of their own "Employee Privacy Policy," for giving my SSN to a third party health care provider and forced issuance of an insurance card with a non-SSN assigned number.

    You [b]can[/b] do it, but it can also be a hassle, since you have to educate people (especially health care people, who seem to be clueless as a whole).

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  8. Re:I think Ice Cube said it best by R2.0 · · Score: 5, Insightful

    Congress will care about it when a laptop full of THEIR personal data gets stolen.

    Just like the Jefferson fiasco - FBI busts down a citizen's door, it's strong justice; bust down a Congresscritter's door and it's a CONSTITUTIONAL CRISIS!!!!omgwtfbbq

    --
    "As God is my witness, I thought turkeys could fly." A. Carlson
  9. Re:Simple... by Eccles · · Score: 5, Funny

    Tell them that if you don't get your credit card watched, you're going to burn the place down.

    They stole my identity, not my stapler.

    --
    Ooh, a sarcasm detector. Oh, that's a real useful invention.
  10. Re:Completely out of hand by plover · · Score: 5, Insightful
    In this particular case I think the credit reporting agencies have way too much power. Their information is used for everything from cell phone contracts to insurance rates to employment background checks. And they've done it without oversight, without honesty and without ethics. They will collect, report and do anything to sell someone another peek at your Fair Isaac score. And every company wanting to sell anything at all gets to use this automated system of discrimination ("hey, it's not a race/ethnic thing, it's just your computer score and the computer is color blind." As if having an address in The Projects would be anybody's choice, yet it all factors into your score.)

    We've evolved our own Big Brother via capitalism.

    Somewhere, Karl Marx and George Orwell are sharing a laugh from beyond the grave.

    --
    John
  11. Credit freeze under fire by greeneggs2000 · · Score: 5, Informative
    Don't worry, Congress is on the case. Republicans are trying to overturn state laws protecting against identity theft. Overriding the California law is particularly important, even to people who don't live in California -- it is the California law which has forced companies to disclose identity thefts in the first place (they have to disclose thefts involving Californians, but that's most of them).

    Credit Freeze Under Fire

    'The so-called Financial Data Protection Act of 2006 (HR3997) would also weaken state laws requiring disclosure of security breaches. In California, businesses must notify people if their personal info "was, or is reasonably believed to have been, acquired by an unauthorized person."

    'Under the proposed federal legislation, such disclosure would have to be made only if a company determines that a security breach "is reasonably likely to result in harm or inconvenience" to individual consumers.

    '"Basically, the company would have to know that you're a victim of identity theft before it needs to tell you that you could be a victim of identity theft," said Ed Mierzwinski, director of the U.S. Public Interest Group's consumer program in Washington.'

  12. Best solution is... by Dark+Coder · · Score: 5, Insightful

    Make the Social Security Number public to EVERYONE.

    That's right, cat's out of the bag. Can of worm has been opened. Too late.

    Ban use of Social Security Number as an identifier, except for Social Security, like it was supposed to be in the first place.

    Each business entities must use their OWN issued numbers.

    Wide-reaching Identity Theft Containment problem limited to just the affected business.

    Now, it is time to look into three-way public keys to ensure that consumer data is not misused:

          1. Merchant/Business/Corporation
          2. End-user/User/
          3. Arbitrator/Government

    With keys signed by each other in 3-ways, secured identification and security of data compartmentilization has been greatly enhanced.

    Each and every transaction is signed, sealed and delivered by all 3 parties.

    Now, let's get an infrastructure going on this...

    Even Bruce Schneier agrees to this.