Slashdot Mirror
Experian Sold Social Security Numbers To ID Theft Service
realized writes "Experian — one of the three national U.S. credit bureaus — reportedly sold SSNs through its subsidiary, Court Ventures, to the operators of SuperGet.info who then offered all of the information online for a price. The website would advertise having '99% to 100% of all USA' in their database on websites frequented by carders. Hieu Minh Ngo, the website owner, was recently been indicted for 15-counts filed under seal in November 2012, charging him with conspiracy to commit wire fraud, substantive wire fraud, conspiracy to commit identity fraud, substantive identity fraud, aggravated identity theft, conspiracy to commit access device fraud, and substantive access device fraud."
WHAT THE FUCK!!!?!!!?
These are the same people who offer to counsel you for $15, with a made-up number (even more made up than FICO) with fine print like this: "your Experian Credit Score indicates your relative credit risk level for educational purposes and is not the score used by lenders". Yep, super class act all the way. Even among credit rating scams, er "agencies", they are the worst.
The US Credit system is a racket designed to screw people. I have been fighting a bogus charge on my credit report for years and I would love to see the power that these behemoths lowered.
Granted, I do not know of a superior way to track people, but the amount of destruction caused by identity theft or improper billing is insane.
So if the credit bureau is selling all of the information to the identify thieves you're pretty much fucked.
Sounds like this company is playing both ends against the middle and needs to be shutdown.
Pathetic.
Lost at C:>. Found at C.
Even though Experian was selling the info, only the people who bought it will get punished.
I'm an American, so I'll admit that I couldn't find Experia on a map if I tried, but this is an outrage and I say we start bombing the Experians back to the stone age right now!
If convicted in an american court those 15 counts amount to:
10 years in prison, appealed to 7
parole after 4
and experian leaving the room without ever having admitted any wrongdoing. Visa and Mastercard dont care, because the amount of credit as a balance reflected on a card is imaginary anyhow and doesnt correlate to any real value. They simply issue chargebacks against the vendors affected by fraudulent purchases.
the vendors in turn get a strike against them for accepting fraudulent transactions. cardholders get a new card, and the game resets. Consumer capitalism cannot be permitted to short-circuit at the expense of the consumer.
The cards are commonly used to purchase web hosting or secure free trials to distribute malware as a means of garnering more legitimate cards and absolving their dependence on lucky ducks like the Experian guy. The wheel is still turning.
Good people go to bed earlier.
Oh god, is Slashdot now The Blaze, where everyone has Obama Derangement Syndrome and every single comment has to tie to Obama, no matter how loosely related they are?
I never understood why social security numbers have become secret. It was my student ID both in undergrad and grad school. Available to everyone. Once upon a time, you were even supposed to keep your social security card in your wallet. Now it needs to be kept secret, along with my mother's maiden name.
It is just a has code -- not a password.
I have a general question: why does the Social Security Number endure as the primary key of, well, every kind of financial account or transaction in the United States. The SSN - how it's assigned, how it's revoked, the regulations regarding who can use it and for what, what necessary safeguards are in place to prevent theft or misuse, its anonymity or lack thereof - was never intended for the tasks that it is now burdened with. It's broken in so many ways that it would be hilarious - if the consequences were not so dire.
Is it just that this is the system that we in the US are stuck with, and that's that? How do other countries handle this? What are the potential alternatives? What are the true requirements for a "master identifier key", and how can they be realized in a way accessible to all people? How can we convince the business and banking community to stop using the SSN - not because they're forced to, but because it's such an awful liability?
Which politicians' identities need to be stolen in order to put such a system in place?
A very articulate and insightful comment. No sarcasm intended
No, but he does make an interesting comparison. It is worth at least mentioning. Is it not? Last I read the contract was a no-bid(aka no competition) contract. Usually those are given to companies that are getting "special privledges" from those high in the political ranks.
Why does someone at one level of the crime get charged but not the one at the top. Remember:
Why are they not being charged? Using SSNs for certain things is illegal, and selling them probably is too - otherwise what did the other guy do wrong?
http://dilbert.com/strips/comic/2010-10-14/
Agreed. I'd vote for hanging some of the Experian exec responsible for this.
Mod me down, my New Earth Global Warmingist friends!
4. Get one rifle shot shot at long range from a citizen who got screwed in the bargain. Make it a .50 caliber.
I've been saying since Enron we should add more FEAR to the "greed and fear run Wall St." aphorism...
captcha: brooms (which sweep clean)
WHAT THE FUCK!!!?!!!?
According to TFA, basically the company that Experian purchased had already been selling information to the notorious 24-year old cyber criminal. Once the company was purchased, Experian didn't review its own transactions closely enough and inadvertently sold our SSNs to the guy too. Monthly. The Secret Service found out, captured the 24-year old, and it's unknown if Experian, credit watchdog, will suffer for sleeping on the job.
I'm not sure who appointed Experian watchdog (though I'm certain someone on Slashdot will point out how ignorant I am for not knowing), but for a company with so much power over your own life in terms of credit, it would be nice if, with the power came some sort of responsibility -- and accountability. I suppose we'll need to off Experian's Uncle Ben to get our point across...
Credit reporting ought to have everyone up in arms anyway. Every company an American does business with sends personal, financial details to these agencies. No permission required. The agencies themselves have a shared monopoly, but the size of their market is static. So they are always looking for quasi-legal ways to make even more money by selling your personal data. Sometimes quasi-illegal.
The whole system stinks. Americans need to get themselves some privacy rights...
Enjoy life! This is not a dress rehearsal.
My family and I were looking to move recently. Of course, we have to print out our credit reports. It used to be nice years ago when Yahoo had a service where you could easily get all 3 in just a few mins. But I'm sure since that was actually useful in real life, someone had to end it. So now, you have to log into the big 3 separately and request your 'free' report.
Of course, it's not 'free' since there's quite a bit of time involved in just getting it. You have a right by law to get this information once a year, but in order to do so, you have to put in your credit card. Red flag right there. This 'entitles' you to a free month of credit 'protection'.
After your done with your 'free' month, you have to call and cancel or else they'll charge you. Yup, you're right, no easy way to do that, no cancel account link or button to click - you gotta get on a phone and do an old school call. To keep the good times rolling, once you're actually off hold and connected to someone, it's some call center in another country. Mine happened to be India. What ensued next was back and forth on just getting the fucking thing canceled. There were many "just a moment" pauses and even a few upsells. I had to tell the guy 3 times I want to cancel. Just click the cancel button in your crappy web app.
30 mins later, I was off the phone. This company and the people that work for it are trash, plain and simple. They are a scourge on society and a drain on humanity. And along with banking (and warring I guess), credit 'scoring' and manipulation has to be one of the worst human endeavors ever. I don't understand how these people sleep at night and I'm not surprised they're selling people's info to whomever will pay.
Which makes you wonder why they are using Experian for validation.
For fuck's sake, it has nothing to do with obamacare. Stay on topic and stop trolling.
OK, so they put the ID theft guy in prison, how about having Experian's CEO in an adjoining cell? Why is it legal for Experian to sell my SS#??? I never gave them permission for that.
Free Martian Whores!
These are the same fuckers who insisted that I was dead because someone had mistyped a social security number. Therefore they rejected all credit requests (I was trying to get financing on a car) until I could prove that I was still alive. That's right. If they make a mistake, the victim, errr, customer, has to correct it.
The only thing worse than a Democrat is a Republican.
Always go check for an apposite Will Rogers quotation:
"A holding company is a thing where you hand an accomplice the goods while the policeman searches you." - Will Rogers
Brining Obama into it frames the discussion on partisan politics. The discussion becomes "Obama and the democrats are corrupt, look at this no bid contract" instead of "The entire goverment, regardless of political party, is corrupt; no bid contracts have been part of the goverment bidding process for years and we need to reform it now".
We get nowhere when we fight about one party over another. But thats how all the debates are framed, and partisan drones are programmed to jump all over the opportunity to blame opposing party while ignoring the same transgressions when it is their party being bad.
At the very least, Experian's board should be held accountable by its shareholders for gross negligence in failing to do its due diligence during the purchase.
"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
WE need to switch to DNA-based identification, where computers can lift your DNA sample on the fly to confirm your identity rather than rely on a number and piece of paper that can be easily duplicated.
Yeah, that's a swell idea. We can adjust your health and life insurance premiums at the same time, and even check to see if your DNA is related to any unsolved crimes.
The solution to this issue is for the Social Security Administration to publish EVERY SSN along with name in a big set of phone type books, and online. The SSN was never intended to be a secret number.
Banks and credit organisations who use the SSN as some sort of secret code can find some other real authentication method. Publishing them all at once would 'shock' the system into the fix that is needed.
I think it frames it in terms of arguments of a federal website and program that is going to be gathering unprecedented personal and medical information on US citizens, and that is showing incredible ineptness of design and implementation through its first website portal is a fair argument to be brought up by anyone remotely concerned about their information, the safety of the information...and well frankly, what the govt does with that info.
Nothing is unprecedented. The government has been collecting all of your data for years, regardless of if the President has a (R) or a (D) next to his name. Bringing Obama into the discussion distracts from the fact that it doesn't matter who the president is, the government will continue being the government and continue doing whatever it wants.
No matter what you call it....there is justifiable cause for concern. Remember the other day about the code viewable in the source of the ACA website about "no expectation of privacy"?
Yes I do, and in that discussion everyone whined about Obama and missed the opportunity to discuss the fact that the government and corporations have always acted as if you "have no expectation of privacy". Hence the fucking story we should be talking about here.
healthcare.gov uses Experian to validate registrants. Experian sells account information to whoever will pay for it. You're saying there's no relationship???
I swear to God...I swear to God! That is NOT how you treat your human!
Hanging's too good for him. Burning's too good for him! He should be torn into little bitsy pieces and buried alive!
HA! I just wasted some of your bandwidth with a frivolous sig!
Now watch for the new Experian advertising campaign.
We know for a fact that criminals have your Social Security number, because we sold it to them! Now wouldn't it be a shame if they were to use that information to ruin your credit (hint, hint, nudge, nudge)? For only $9.99 a month we will make sure that those fraudulent charges don't apply to your credit score, so you can argue with the credit card companies without that worry!
"Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
What did you read?
"The work on Healthcare.gov grew out of a contract for open-ended technology services first issued in 2007 with a place-holder value of $1,000. There were 31 bidders. An extension, awarded in September 2011 specifically to build Healthcare.gov, drew four bidders, the documents show, including CGI Federal."
Search for part or all for source. Now, last you read it was a bid contract, invalidating your point.
Nobody "appointed" Experian watchdog over this information. Many companies (banks, lenders, credit card companies, etc) needed reliable information on a customer's past creditworthiness. Experian (and TransUnion and Equifax) collected and provide this information in sufficient quality for these companies' needs, and so they've become the watchdogs.
The problem is a subtle one I've noticed in several fields (mainly HR and hiring). The credit agencies protect against a false positive - one where an individual who is a high credit risk is incorrectly determined to be a low credit risk, and thus the bank gives them a loan. This protects the companies who seek this information before lending out money or equipment.
They do very little to protect against false negatives - one where an individual with low credit risk is incorrectly flagged as a high credit risk. The companies who use the credit bureaus don't really care about this case because it's a "safe" error for them. If they refuse a loan to someone who would've paid it back, they just lose out on the interest. So there's less incentive to verify the accuracy of negatives on someone's credit report. (Incidentally, low interest rates exacerbate this situation. If interest rates are higher, the interest on a loan can exceed the principal, and thus a false negative could become a greater financial loss than a false positive.)
(In the HR case, a HR department which carelessly culls out job applicants based on keywords and unrealistic years of experience is lowering their risk of false positives. But they're also increasing their risk of false negatives and weeding out a lot of qualified people. From management's standpoint, they can see the direct negative consequences of a bad hire. The negative consequences of failing to hire someone who was a good fit for the job are not so obvious. To correct for this, companies should regularly test their HR departments by submitting applicants who are "perfect" for a job and seeing how many of them get asked for interviews.)
In particular the Supreme Court has, IIUC, decided that if you share any information with anyone except your lawyer, then you have "no expectation of privacy". And currently most of the Court has strong Republican leanings.
Neither party is worth ANY degree of trust. A very few individuals within each party appear to currently be trustworthy. (And being trustworthy doesn't mean that they will support your position, it means that they will support their own stated position.)
This is what you get when you have a "plurality wins" electoral system. It took it over a century to get quite *this* corrupt, but I don't think it's achieved maximum corruption quite yet.
I think we've pushed this "anyone can grow up to be president" thing too far.
Not much. Harsh punishments are less effective at deterring crime than are moderate punishments that are more likely to happen...unless, of course, you are likely to be punished even if innocent. To be effective the punishment only needs to be sufficient that the net benefit of an act is negative...but they need to be expected to happen if you are guilty. And sooner is much more effective than later.
Yeah, I know these requirements are in conflict. If it were simple, someone would have had a decent government by now.
I think we've pushed this "anyone can grow up to be president" thing too far.
Your blog sucks.
Usually I laugh at claims that the CEO should be in jail when a company does something bad, but in this case there are laws with teeth about credit report info. Unless this was some case where he could not reasonably have known that this was going on, there must be some crime here, times 300 million counts.
Socialism: a lie told by totalitarians and believed by fools.
As a former Experian employee and Systems Administrator to boot - I have only this to say, "Buwahhhhhhhhhaaahhhahhhhahhhahhhaaaa! Oh god, stop it! You're making my sides hurt!"
Ah - the good old days of Experian! For the record, this was my original CIO's personal nightmare that he shared in nearly every "All Hands" meeting while I was there. He got cut loose and within 3 years so did I and most of the technical experts in the US. RIF'd because we're expensive help. Remember, Experian is NOT an american company. It is listed in the London stock exchange since it was originally bought by "GUS Plc" back when it was TRW. So, now that the Experian CIO position has shifted back to the Brits (it was an American when I first started), they're GUTTING the IT infrastructure staff in all of the "expensive" locations (i.e. - the US) and outsourcing to places like Costa Rica. No offense to anyone in Costa Rica - but they are very late players in this corporate reshuffle and have NO voice in any IT decisions. We (the US IT infrastructure staff) have been warning senior management for nearly a decade (I was employed for 8 years) that they were SERIOUSLY screwing up each and every corporate acquisition company integration. Since there was NO oversight of the IT integration (at any level) is it any kind of shock that there was little to no oversight of the account management of customers in these subsidiary's?
It's a shame that the good people I know in that company will now pay the price for senior management greed and stupidity. And yes - I agree with everyone who posted about the predatory website and practices by Experian with the so called "free credit report". What a freaking racket. If it's any consolation - I argued against it (and so did all of the web developers and IT staff) but senior management was looking to hook all customers any way they could. Sorry if this sounds disgruntled - truly I'm more disillusioned and saddened because I know how much effort the good guys are expending trying to make it right from within. Poor bastards.
So are all SSNs compromised?
They're up 24 points, 2% right now. Don't think investor care so long as they make money. $1,224/share is pretty staggering.
jsut athnoer menagiensls ltitle psrhae for you to dcoede. Why do we wtsae our tmie dnoig tihs?
How about penalizing Experian for selling the information in the first place.
I am Bennett Haselton! I am Bennett Haselton!
In the words of Brick Top... Feed 'em to the pigs.
The bill would die immediately after being introduced, if not because of its blatant immorality then because of corporate lobbyists. I find it strange that people fantasize so much about a legislature comprised almost entirely of corporate lapdogs turning on its masters.
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
We should first make it illegal to do this. In fact, we should making gathering or selling credit info and social security numbers illegal for anyone but the government themselves. The only use is for companies to charge you, the USA people, more money for their services. They do it under the pretence that if you check out, you get a discount, but you never do. If you don't check out, you don't get a service at all, except with companies that charge way more because they want to counter the risk somehow. A law that contra-beneficial to over 90% of the people is not in anybodies interest, so it should be made illegal that this is possible at all.
I was promised a flying car. Where is my flying car?
Ok. Stop mocking and tell me: Why is share price relevant, except as a relative measure?
As an absolute measure it's totally pointless. £12 for a share. So fucking what. HOW MANY SHARES ARE THERE?
If there's one share, the company is worth £12. Suddenly a share price of £14bn sounds reasonable. If there are 400 billion shares than £12 feels a tad excessive.
It's a meaningless measure. Or do I sound like a politician using common sense, logic, financial nous and a background in writing portfolio management software. You decide.