Slashdot Mirror

← Back to Stories (view on slashdot.org)

40 Million Identities Up For Sale On the Web

Posted by kdawson on from the big-fat-target dept.

An anonymous reader writes "Highly sensitive financial information, including credit card details, bank account numbers, telephone numbers, and even PINs are available to the highest bidder. The information being traded on the Web has been intercepted by a British company and collated into a single database for the first time. The Lucid Intelligence database contains the records of 40 million people worldwide, mostly Americans; four million are Britons. Security experts described the database as the largest of its kind in the world. The database is in the hands of Colin Holder, a retired senior Metropolitan police officer who served on the fraud squad. He has collected the information over the past four years. His sources include law enforcement from around the world, such as British police and the FBI, anti-phishing and hacking campaigners, and members of the public. Mr. Holder said he has invested £160,000 in the venture so far. He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached."

12 of 245 comments (clear)

  1. splitting hairs by tverbeek · · Score: 5, Interesting

    "He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached."

    How, exactly, does this differ from extortion?

    --
    http://alternatives.rzero.com/
    1. Re:splitting hairs by FromellaSlob · · Score: 5, Insightful

      If this was a "post-retirement" project he's been working on, then it would be legal.

      No it wouldn't. This guy has no legal basis to acquire or retain this data, he's in very serious breach of the UK Data Protection Act.

    2. Re:splitting hairs by FromellaSlob · · Score: 5, Informative

      The UK DPA also requires that he have a legitimate reason to hold this data in the first place, which would be either a direct customer relationship, or a third party one like a credit reference agency (where the customer gives permission for the third party data-sharing as part of their credit applications). It also requires that he hold it for no longer than strictly necessary for the purposes of said business relationship. The law in question thankfully makes this an explicitly opt-in thing, outside of government no-one can legally collect your data without your permission and then require you to opt out.

  2. So let me get this straight... by FSWKU · · Score: 5, Interesting

    He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached.

    So in order to find out if your personal information has been breached, you have to disclose said information AND pay a fee. Seems a little fishy to me. Isn't that how a lot of identity-theft scams operate in the first place? "Hey, your identity is at risk. Send us money and details and we'll check to see if you're a victim or not.........and.....YES...you are now a victim! Thank you for using Thieves-R-Us!"

    --
    "So after all this, you make my case for me. To end this stalemate, you must die..."
  3. Re:Where does a cop get £160,000? by mccalli · · Score: 5, Insightful

    No, we did. We being British tax payers, of which I am one, who are currently funding his pension. We're also funding the British police too, mentioned in the article as one of his sources. It follows then that we funded his career in the Met as well.

    And now the git wants us to pay for stolen information, obtained from publicly funded sources utilising his publicly funded connections to acquire. Whatever his previous achievements in the Met may or may not have been, now he is simply a slimy scammer trading in stolen goods. The man is a disgrace.

    Cheers,
    Ian

  4. ur doin it wrong by interkin3tic · · Score: 5, Funny

    I have put together a database of upskirt photos collected from the internet. For a small fee and a reference upskirt picture you can peruse my collection and find out if you were a victim.

    fixed that for you

  5. Re:Where does a cop get £160,000? by Anonymous Coward · · Score: 5, Interesting

    Actually, under the Data Protection Act he isn't allowed to hold that database at all. This will end very badly for him.

  6. Date and place of birth? by Ungrounded+Lightning · · Score: 5, Funny

    My name? It's ... Barak Obama.......

    And what is your date and place of birth?

    = = = =

    (Moderators: Google "Barack Obama citizenship conspiracy theories".)

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  7. Re:Where does a cop get £160,000? by BitZtream · · Score: 5, Insightful

    Like ... actually having the information in the first place without permission of the owners of the data. The only legal thing he can do with it is destroy it.

    I certainly have not authorized him to use my information.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  8. Re:Hmm... Who's that at the door at this hour? by commodoresloat · · Score: 5, Funny

    They're actually here to do two things -- kick ass and have tea and biscuits. As it happens, however, they're all out of tea and biscuits.

  9. Re:Isn't it a crime by rohan972 · · Score: 5, Insightful

    The pro-piracy folks around here say that copying isn't theft. I'd say that'd apply here too.

    Not just the pro-piracy folks. Although I'd like to see reform, I am in favour of copyright. Incorrectly defining terms makes sensible discussion of a topic difficult or even impossible.

    This topic doesn't inflame the argument so much because there is not a substantial portion of people who want "identity theft" to be legal. Since there is no debate on whether it should be allowed or not, using an incorrect term doesn't highjack the argument into being propaganda for one side. Theft and stealing are terms commonly used to describe things that are not in fact theft. That's usually ok, but when discussing proposed changes to laws that affect the whose society it isn't. For example, I would regard MPAA equating copying a movie with stealing a car, repetitively making that connection in the absence of opposing argument to the general population (on DVDs) as tainting the jury pool.

    A teenage girl might accuse another of "stealing" her boyfriend. No problem, until you start proposing laws to have boyfriend thieves charged with theft. At that point, it would be necessary to point out the differences and that "stealing" is not really an appropriate term for what happened. That's where we are with copyright right now. In identity theft cases, I'm not sure there is a word to properly describe it yet. It is usually done in order to commit fraud, but the harvesting of the identity info is only the first step and probably isn't fraud in and of itself. Although fraud and theft are different, common usage of theft includes fraud, so theft is perhaps the best word to use right now even though it isn't exactly correct.

    --
    http://marriedmansexlife.com/
  10. Re:Look up our own information, huh? by meuhlavache · · Score: 5, Funny

    Welcome into our huge database!

    To check if you are on our database please fill some informations:

    Type your name/surname: *tip tip tip tip*
    Type your credit card number: *tip tip tip tip tip tip tip tip tip*
    Type your phone number: *tip tip tip*
    Type your social security number: *tip tip tip tip tip tip tip tip tip*
    [...]
    Press Ok right now.

    ... Loading...

    Sorry, you were not on our database... Fixed that!