Slashdot Mirror

← Back to Stories (view on slashdot.org)

Indiana Data Theft Compromises 700,000

Posted by timothy on from the can't-the-thieves-just-trade-among-themselves dept.

palewook writes "A Midwest collection company, Central Collection Bureau, admits a server and eight PCs stolen contain over 700,000 individuals' personal data. Central Collection Bureau acts as a collection contractor for doctors and utility companies. The Indiana based company admits the stolen info consists of addresses, social security numbers, and medical codes."

2 of 52 comments (clear)

  1. Business should assume that SSN is public by PIPBoy3000 · · Score: 3, Insightful

    At this point, it seems like just about everyone's SSN is out there in the public domain in one form or another. What pains me is that SSN is still used like a password for many institutions. Banks will ask for SSN, birthdate, and mother's maiden name. Unfortunately all of those things can be found out with a bit of digging.

    The more these breaches happen, the more apparent it is that we need a better "proof of identity" mechanism. I'm not advocating for the government to pass out universal ID cards to everyone. I think I'd rather see something along the lines of SSL certificates, where business can issue identification to people and later use that number and passphrase to do business with them. Perhaps a handful of business certificates become the "gold standard" and and are accepted by other businesses as a valid identifier.

    1. Re:Business should assume that SSN is public by menace3society · · Score: 2, Insightful

      I disagree, the solution is to do away with the concept of any sort of proof-of-identity mechanism. Whatever you come up with, people will always be able to forge it or fake it or commit fraud with. Banks and things like the current situation with the SSN because it gives them someone to go after in the short-term. In the long-term, of course, they have to give you back the money they took, but to do that requires the victim of fraud/identity theft to jump through quite a few bureaucratic hoops to prove they were a victim. In the meantime, the financial institution can get help from the FBI, the Secret Service, and usually the IRS to go after whoever it was that really did it. You get your money back, sans interest earned on it and less legal expenses, fees, and the time you put in. They also don't fix your credit for you, and you can bet you'll still be answering questions to the IRS about it for months, if not years.

      Banks could do a lot more to prevent fraud before it happens without having a social security number, but they don't bother because they know either way they end up ahead. Putting them, and not the consumer, on the hook when they get duped by scammers will go a long way towards shoring up bank security and personal information privacy.