×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Lifelock Worries After Employee Data Leaked To Web

samzenpus posted more than 3 years ago | from the protect-that dept.

Security 145

itwbennett writes "Last week, Phoenix New Times reporter Ray Stein revealed that LifeLock CEO Todd Davis (who famously published his Social Security number in LifeLock ads) had been the victim of identity theft at least 13 times. This week, LifeLock made it clear that it's not so cavalier with its employees' personal data. The company asked the New Times to remove from its website a police report containing a redacted Social Security number, date of birth, address, and phone number of Lifelock employee Tamika Jones. In an interview, Stein said that the fact that LifeLock had to call and ask for the document to be removed reflected badly on Lifelock's service. 'I think this shows clearly that they know that it's got potential problems.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

145 comments

No different than the DNC registery (0)

BitZtream (692029) | more than 3 years ago | (#32357382)

All LifeLock does is add you to all the little BS registries and companies that list people who don't want to be 'contacted'.

Unforunately, thats all the data someone needs to effectively steal your identity anyway, so in reality they just become a distributor of the very information they are 'protecting'.

Re:No different than the DNC registery (4, Informative)

Mr. Freeman (933986) | more than 3 years ago | (#32358506)

You're an idiot, it has nothing to do with no-call lists or any such thing.

It puts a "fraud alert" on your accounts and renews it every 90 days or however long they last for. Something you can easily do yourself for free. Basically having a fraud alert makes banks, lenders, etc. actually do SOME amount of work to verify your identity rather than blindly allowing anyone with a social security number to get a loan in the owner of that number's name.

Re:No different than the DNC registery (0)

Anonymous Coward | more than 3 years ago | (#32360444)

Back in the early 90's I had a student loan taken out against my social security number by a women who was attending college in a different state. If it were that easy back in the days before the Internet, the permutations of possible financial fraud now are approaching infinity.

Re:No different than the DNC registery (4, Informative)

Anonymous Coward | more than 3 years ago | (#32360786)

Basically having a fraud alert makes banks, lenders, etc. actually do SOME amount of work to verify your identity rather than blindly allowing anyone with a social security number to get a loan in the owner of that number's name.

Not entirely true. It theoretically requires banks, lenders, etc do some work before opening a new account. In practice, they usually skip this step. Trust me, I know from experience. I opened a new bank account while I had a fraud alert on my files, yet I was never contacted to confirm that I indeed opened that account. When I pressed the credit reporting agencies on it, I was told that the fraud alert system is more of a "best practice" type of thing, and that companies were in no way obligated to actually follow the guidelines.

Re:No different than the DNC registery - NOT (0)

Anonymous Coward | more than 3 years ago | (#32358798)

LifeLock never claimed to prevent your identity being stolen - they have always said they'll take the normal precautions (putting you on the credit lock lists, for example) and will pay up to $1M to have other people work to correct problems should your identity be stolen.

After all, for most of us the real expense isn't the theft...it's the ridiculous, time-consuming process of correcting everything with credit bureaus which are shielded by law from we consumers.

Really now? (4, Interesting)

Darkness404 (1287218) | more than 3 years ago | (#32357384)

Anyone who expects a service to 100% protect them from identity theft is an idiot. Its just like a virus scanner, it might be helpful but its no substitute for common sense.

Re:Really now? (5, Insightful)

Shakrai (717556) | more than 3 years ago | (#32357458)

it might be helpful but its no substitute for common sense.

Common sense would be banks requiring more information than an SSN and DOB from an internet connected computer before opening lines of credit. I watched someone apply for a line of credit with Citi online and receive a $15,000 account with no verification of his identity beyond the SSN/DOB match. What's wrong with that picture?

Re:Really now? (1, Insightful)

Anonymous Coward | more than 3 years ago | (#32357570)

What's wrong with that picture?

That you're making shit up?

Re:Really now? (2, Interesting)

Anonymous Coward | more than 3 years ago | (#32357710)

However, on the flipside, there are privacy issues with giving personally identifiable data to a prime hacking target (like a major lending institution.)

In order for them to validate a session as a legitimate person, they need personally identifiable data on that person. That means that they are warehousing such data, and in addition to being a target for wirefraud directly, they also become a target for identity theives of the highest order.

Knowing a little bit about data security (and security in general), there is NO SUCH THING as a perfectly secure system. Even an inoperable computer encased in 5 feet of concrete is not "Secure", since a jackhammer can grant access. You just have to be patient, and dilligent.

Thus, it is not a question of *IF* such a breach will occur, but WHEN. I am reminded of the "Malware on "Update" CD sent to a bank" covert security test last year. There are any number of ways that a bank could be compromised, and the data distributed. Unlike a password, or a username, or even a SSN, there is no way to change your mother's maiden name, etc.

Really, online banking is a very terrible idea. That's why I don't engage in it.

Identity theft will continue to be a problem as long as the internet is used to fascilitate banking. The incentive to steal an identity and get rich quick at some poor SOB's expense (especially in a foriegn country where the target's currency is "Hyper valued") will ensure that this is always so.

I might be a bit of a paranoid crank, but from where I sit, there is

1) Incentive
2) Opportunity

and therefor

3) profit

and as long as the first two hold true, the last one will always exist as well. Should it become not worth the time, or should there bey a major financial breakage where nobody has money thats worth a shit-- then 1) will go away. I suggest the far less deleterious 2) be removed-- Remove hacker opportunity to steal that data, by not having that data on public networks to begin with; EG, no online banking.

IMHO, Banks should use a dedicated, private network that does NOT have ANY endpoints connected to the public internet for just this reason.

Really, it's like having the door to your "Super sensitive, mission critical server room" outside in the public lobby, next to the bathroom. The only thing keeping people out is the lock on the door. I don't think it unreasonable to say that this is far from ideal from a security standpoint, and that a better solution is to have that door deeper in your company, well entrenched in the "employees only" section of the building.

The reason why wirefraud, and identity theft are so prevelent, is because the opportunity part of the equasion is running wild, in the name of "Convenience"-- Sure, online banking is very convenient, I am sure. It's also very convenient for the people that want to spend your money for you illicitly. It's also very convenient to dispose of toxic chemicals in a ditch somewhere too.

Sadly, people never seem to learn the intrinsic lesson here-- "Convenience" is not a justifiable reason to trump sensibility. EVER.

A simple mnemonic to think of when contemplating using the internet for something: Would trust handing that data to a total stranger on the street?

If the answer is no, then under no circumstances should you use the internet for that purpose. It's just that simple.

Re:Really now? (5, Funny)

biryokumaru (822262) | more than 3 years ago | (#32357798)

Right on, brother!

This is exactly what I said when they first invented banks! I mean, anyone can just walk into one of those places with a fake ID and *bam* they've got all my money! That's why I keep all my money in gold Krugerrands in a shoe box under my...

Hey now, I'm not gonna tell you where I keep my shoe box! Now get off my lawn, you wacko!

Re:Really now? (1)

Gr8Apes (679165) | more than 3 years ago | (#32357810)

A simple mnemonic to think of when contemplating using the internet for something: Would trust handing that data to a total stranger on the street?

And that's why I wish I could give 1 time card numbers to stores as well. Keeps them from tracking me too.

Paranoid? Obviously not enough, I'm not AC.

Re:Really now? (-1, Redundant)

logjon (1411219) | more than 3 years ago | (#32357872)

Police fucked up redacting a public record when they made it public. Lifelock moved to correct. If anything, this speaks well of lifelock, they did what they were supposed to. Nothing to see here, move along. Bullshit story and I marked it as such when it first showed up at the firehose. /. editors are full of shit. Next question.

Re:Really now? (1, Informative)

Anonymous Coward | more than 3 years ago | (#32358172)

No. Actually it went more like this:

Police fucked up redacting a public record when they made it public. The Lifelock employee was made aware of the screw up via a web site which reported the fuck up (and NOT by Lifelock), otherwise, the employee would still be clueless as to why she was getting her identity anally raped hundreds of times a day, despite the (hopefully free) Lifelock "protection" she has signed up for. The Lifelock employee made her superiors aware of this, and probably asked what they could do to have the document removed. The situation was sent up the chain, probably all the way to the CEO, who then sent their corporate lawyers after the web site in question.

Now, had this been a regular customer of Lifelock and not an employee, does anyone REALLY believe Lifelock would have lifted a finger to help this person? There is nothing in the Lifelock service agreement that states they have to scan the web for PDF files which might have accidentally revealing information about their customers. The services that Livelock offer are clearly spelled out, and do not include actively scanning the internet for all possible customer identity leaks occurring in any possible web site or downloadable document.

Here is my guess as to the thought processes of the higher-up's at Lifelock: "Oh shit, one of our own employees has their personal info being broadcasted world wide! When (not if) they get their identity stolen, it will make all the headlines. Quick, lets call the lawyers and try to get this under control before we suffer yet another public relations black eye."

Lifelock is pure snake oil. It sounds great, till you drink it. Then, you suddenly realize it doesn't work, and you are worse off for having tried it, and not only did you lose the money you spent on the snake oil, but now you also have to pay for a doctor to cure you of the poison you just drank.

Re:Really now? (1)

logjon (1411219) | more than 3 years ago | (#32358178)

Really nice straw man. The real story is that the police are releasing this data and that lifelock can't be expected to watch the entire internet 24/7 but they're catching blame from this anyway somehow.

Re:Really now? (1)

ArsenneLupin (766289) | more than 3 years ago | (#32360452)

Really nice straw man. The real story is that the police are releasing this data

No, they aren't. They released a properly redacted document, with all info that could be used by an identity thief properly covered up.

and that lifelock can't be expected to watch the entire internet 24/7

... and yet, they expect their customers to pay $10 / month for exactly this "service".

but they're catching blame from this anyway somehow.

... because they're selling snake oil, then are caught red-handed trying to censor the news, and finally spin their censorship as just protecting their employee's id data (which was never actually exposed in the police report).

Re:Really now? (1)

ArsenneLupin (766289) | more than 3 years ago | (#32360432)

Good analysis, except that police didn't even fuck up the redaction of the PDF document. Well, it's a plausible error to do, indeed lots of institutions, even 3 letter agencies should should have known better have goofed in such a way.

But in this case, police actually did just fine, by putting the rectangles right into the image, rather than adding them as an (easily removed) additional layer into the PDF.

So why is Livelock fighting this then, if it didn't actually expose the employees data?

Easy: because it's egg on their (the corporation's) face. But they can't admit that of course. so they send out their astroturfers with some silly "o God, police redacted the document poorly", and slashbots are falling for this without actually doublechecking that document.

Re:Really now? (4, Insightful)

jonwil (467024) | more than 3 years ago | (#32357978)

When I opened my bank account (here in Australia) I had to go into the branch physically and sign up for it, including showing various forms of ID.

The only reason the US isn't as strict is that the banks have used their powerful influence to make sure that nothing gets in the way of their ability to offer vast amounts of credit (home loans, car loans, personal loans, credit cards etc) to anyone and everyone.

They want to make getting a credit card as easy as possible.

Re:Really now? (1)

Kiel0 (1365383) | more than 3 years ago | (#32358304)

Case in point, I took this idea to my neighbor around dinner-time this evening. Within 40 minutes I had places of birth, first car models owned, and the easiest was the ever-sacred maiden names. Now....what to buy???

Re:Really now? (1)

Ihmhi (1206036) | more than 3 years ago | (#32358492)

Where's the best place to start, then? Any advice for someone who is going to get their first CC this year? Should I get it from my bank, or somewhere else?

Re:Really now? (2, Insightful)

sodul (833177) | more than 3 years ago | (#32359134)

American Express is your friend.

It took me over a year once I moved to the US to get a credit card. It took even longer for my wife since she had no SSN until a few years ago (yes you can live legally in the US for years and declare taxes without being allowed a SSN).

There is a vicious circle: no credit history, you can't get a credit card ... but you need one to get a credit history. You also have the option of the prepaid credit card, where you have to loan the bank say $500 for a $500 line of credit.

But my best advice: live within your means and always pay off you cards.

Re:Really now? (1)

Z8 (1602647) | more than 3 years ago | (#32360762)

The only reason the US isn't as strict is that the banks have used their powerful influence to make sure that nothing gets in the way of their ability to offer vast amounts of credit (home loans, car loans, personal loans, credit cards etc) to anyone and everyone.

Do you have any evidence of this? Because it also happens the other way around—the banks put up fake barriers to credit, and the government orders them to take them down due to fairness, anti-discrimination, etc.

Re:Really now? (5, Interesting)

AK Marc (707885) | more than 3 years ago | (#32358014)

There are any number of ways that a bank could be compromised, and the data distributed. Unlike a password, or a username, or even a SSN, there is no way to change your mother's maiden name, etc.

I opened a bank in a foreign country. They take and hash your password as you give it to them. The password is never known by anyone there, can't be retrieved and will never be seen. It's up to me to make sure I don't use it on an infected system. If it gets out, I'm pretty much on the hook for whatever is in my account when someone wipes it out. That password is worth thousands of dollars. You make sure it's secure, and you treat it as such.

The fraud levels in the US are some of the highest in the world, and it's because the banks don't care. They make enough with the fraud and aren't held responsible for the actual harm they cause people when they put inaccurate information on credit reports.

Let someone sue when there's an inaccuracy on their credit report (with the burden being on the person who put it there to prove it's accurate) and you'll see that crap stopped pretty quick. Make the banks pay an "oops" fee of $100 to their customers when the banks take out money because of a fraudulent transaction the customer couldn't have prevented. Hold the banks responsible for the damage they are causing through "identity theft" (which is nothing more than lax security blamed on their customers when the banks have the ability to stop nearly all identity theft). When that's done, then fraud will drop and identity theft will be gone except for the few cases where couples pretend to be the other to wipe out an account as part of a breakup.

Re:Really now? (2, Interesting)

Moridineas (213502) | more than 3 years ago | (#32358398)

I think your heart is in the right place, but I'm not sure your ideas make sense?

I opened a bank in a foreign country. They take and hash your password as you give it to them. The password is never known by anyone there, can't be retrieved and will never be seen. It's up to me to make sure I don't use it on an infected system. If it gets out, I'm pretty much on the hook for whatever is in my account when someone wipes it out. That password is worth thousands of dollars. You make sure it's secure, and you treat it as such.

God, I hope most banks don't rely on such weak security? The bank where I have my business account gave me a security token that I've got to use in addition to a username/password to login. Before I do anything major like account transfers or wires, I've got to use the security token again. Interactive Brokers trading offers security tokens as well though I haven't used theirs--I have a lookup page from them that serves the same function though.

Admittedly my personal banks do not use a security token, otp, etc. Most of them DO require usage of a pin code or csv code off a credit card/bank card before you can make account changes.

If freaking Blizzard can release a battle.net mobile authenticator for iphone/blackberry/etc, banks certainly should be able to. It's annoying.

The fraud levels in the US are some of the highest in the world, and it's because the banks don't care.

Are they really?

Let someone sue when there's an inaccuracy on their credit report (with the burden being on the person who put it there to prove it's accurate) and you'll see that crap stopped pretty quick.

Uh, really? You CAN sue, and it happens (google). First of all, you have a clear set of rights as laid out under the Fair Credit Reporting Act (it's been amended and updated, but is NOT new). If you're not familiar with your legally protected rights and options, take a look at it, I think you might not be quite as disgruntled. Your rights include the credit report companies being REQUIRED to give you a written explanation (or fixing the error) when you notify them of a mistake. And so on. If they ignore you, they get in trouble.

There are plenty of types of identity theft that are not the customers fault, nor should the bank be able to catch.

Make the banks pay an "oops" fee of $100 to their customers when the banks take out money because of a fraudulent transaction the customer couldn't have prevented.

That would be awesome. I'd set up an arrangement where my friends would steal my identity. They'd give whatever they got back to me, and we'd split the $100. Nobody would possibly take advantage of that system!

Hold the banks responsible for the damage they are causing through "identity theft" (which is nothing more than lax security blamed on their customers when the banks have the ability to stop nearly all identity theft). When that's done, then fraud will drop and identity theft will be gone except for the few cases where couples pretend to be the other to wipe out an account as part of a breakup

It's your statement here that makes me think maybe you're missing what exactly identity theft is? It doesn't HAVE to be because of "lax security" at a bank. That's certainly a problem, yes, but not by any means the sole cause! Instead of thinking about it as "identity theft" think of it as impersonating somebody else. My wife's family was hit by identity theft when a piano teacher's trash was gone through by a criminal. Inside the trash was a ripped up and voided check. Who's liable in this situation? Between going through trash, malware, malware, professional hacking rings, weak security from VENDORS, public records, giving too much data to vendors/organizations/etc, there is a LOT of information out there. Not even getting into social engineering...

Identity theft is going to be a problem as long as there are people. Heck in a way counterfeit species is identity theft (of the certifier of value?) though that's quite a stretch. Certainly counterfeit checks which have been done for decades fall under the category. Until every single financial transaction you are at all involved in does a bio-scan to make sure you're exactly who you say you are there are going to be problems. Heck, even then I'm sure there will be hackers figuring out how to get around that...

Let me just be clear too--I think there ARE steps that can be taken to make identity theft HARDER for criminals to pull off. It's not as simple as ranting at the banks, however. It is really systemic throughout our financial system. Think about something like checks--would anybody design a system like that now? A piece of paper that takes hours/days to verify? Has no passwords, pins, identification image, or anything...

Re:Really now? (1)

jittles (1613415) | more than 3 years ago | (#32360582)

Are you sure people can't sue? I had Cingular (Now AT&T Wireless) put a fraudulent entry on my credit report. They even sent me to collections on a $0.00 balance. I wrote both the collections agency and AT&T and told them they had 2 business weeks to correct my credit report and cease collections attempts or I was going to sue them both for libel. Sure enough, two weeks later everything had been cleaned up.

I'm certainly no expert but my guess is that's a record time for having a credit report fixed.

Re:Really now? (1)

Aeternitas827 (1256210) | more than 3 years ago | (#32358442)

IMHO, Banks should use a dedicated, private network that does NOT have ANY endpoints connected to the public internet for just this reason.

Would there not be some point in transit between, say, a point-of-sale cardreader or an ATM, that could be similarly compromised? It wouldn't necessarily be easy, but where there's a will, there is a way. Even if every unit had it's own dedicated line from itself to the bank, those cables have to run somewhere, and you can't necessarily keep them under constant supervision. It might reduce the number of points of failure (as far as security mechanisms are concerned), but by no means would it eliminate them.

Re:Really now? (1)

mlts (1038732) | more than 3 years ago | (#32358848)

I like the idea of a dedicated, private network. This is what a lot of companies used to have before they were called intranets.

Maybe expand on this some, have it be a B2B backbone (BIPRnet, similar to NIPRnet and SIPRnet) where unless authorization is prearranged beforehand for one business's machines to communicate with another's, the switching fabric wouldn't allow the connection? This could be done even at a port level, so B2B E-mail via an Exchange connector at a custom port would go through, but someone on a non-email host trying to spam would not be able to. This network doesn't even need to run TCP/IP.

This backbone can run connections atop the Internet if needed, using dedicated bridges which use preshared keys (no public keys to crack or PKI because the bridges only connect with 1, maybe 2-3 other failovers). However, the best security is dedicated lines. Add to this endpoint to endpoint encryption similar to IPSec on the packet level for starters, and application to encryption on higher layers.

This way, a large business that processes credit orders never have to send their batch transactions over the Internet, and unless someone hacks the central switch, the packets are not touchable by normal Internet hacking, and if they are, the unencrypted data is protected by multiple layers so one compromised host (unless it is an endpoint) doesn't reveal much.

It could even go as far as to have a hardware card that has functionality of a mini HSM, keeping public keys in that. That way, a compromised or hacked machine could be booted off the backbone by a CRL.

Re:Really now? (1)

mlts (1038732) | more than 3 years ago | (#32358210)

Common sense would be banks offering either a hardware keyfob and/or an app for Android/iPhone/Win Mobile that gives secondary authentication, or confirmation of transactions like IBM's ZTIC.

Or even better, a common standard, similar to RSA SecurID, so each bank doesn't have to have their own different, incompatible type of offline auth device.

Having this would shift theft of accounts from just getting malware onto peoples' computers back to either attacking banks directly, or their patrons.

Re:Really now? (3, Insightful)

rtfa-troll (1340807) | more than 3 years ago | (#32358332)

Putting these technical restrictions to regulation is a bad idea (though some limited minimum standards is probably good). I think you have to look at the difference between the credit card system and the bank account system. You'll probably find that there's more technical protection on your bank account access, but credit card fraud worries you less and causes you fewer problems. The reason for this is that the credit card fraud is pushed to the place which is able to verify the transaction and not just the account holder; the shop and the credit card system. The security is very dynamic. If you make a small transaction in a place near where you live, it will almost always go through. If you make a large transaction in Cambodia, soon after making one at home (unless, of course you are Cambodian, in which case the same argument applies, but in New York), the company will call you directly to your mobile phone and ask you to confirm the transaction.

The reason this works like this (which is expensive) and works so well is simple. You are allowed to reverse the transactions if they aren't yours. This pushes the liability to the bank. If the same applied to bank accounts, that you could just reverse any transaction and the bank had to prove you were liable for it, suddenly bank fraud would be massively reduced, disappear completely as a consumer problem and the criminals trying it would be pursued to the ends of the earth.

Re:Really now? (3, Informative)

iamweasel (1217570) | more than 3 years ago | (#32358402)

That's what we have in Finland at least. First you have to physically go to the bank to identify yourself and then you get a login/password and a physical list of key-value pairs for online banking. When you start to run out of said keys you go get another list from the bank or order one through mail. Then you change the list using a value from the previous list and input the number of the new key list.

In order to compromise in this system someone would have to have access both to my specific key list and my login/password combination.

Of course that doesn't help at all if someone compromises the bank's systems, but in that case it wouldn't make a difference whether I used online banking or not.

It baffles me that something as simple as (or similar to) this is not being used as I do believe it makes online banking a whole lot more secure.

Re:Really now? (2, Interesting)

mlts (1038732) | more than 3 years ago | (#32358880)

Most of Europe has something like this, either a keyfob, or a TAN list.

However, it a rare sight for an American bank to offer much if anything more than username/password protection. You might find a bank that asks a question from your challenge/response list, or asks you to select the answer on a random list, where the text is a bitmap (to help foil malware that doesn't have an OCR engine.) Anything more than that, good luck.

What is ironic is that Blizzard offers a keyfob and/or an app for the iPhone and Android. Why can't banks here in the US protect their customers more than a game company protects theirs?

Re:Really now? (2, Interesting)

Ford Prefect (8777) | more than 3 years ago | (#32358530)

What I have for my British Nationwide [nationwide.co.uk] account (a building society rather than a bank, but that's mainly semantics) is a small, calculator-lookalike card-reader that takes my ATM card and PIN and is used to sign any transactions or other significant operations involving money.

Say I want to transfer money to a non-Nationwide account, I have to:

Login by entering my customer number, passphrase and three randomly selected digits of a secret six-digit code,
Set up the transfer, put my ATM card (with chip) into the card-reader and enter my PIN.
Press 'Sign', enter the reference (typically the account number), press OK, enter the amount of money being transferred, press OK and then type the eight-digit code it gives me into the online banking service to authorise the transfer.

It's still vulnerable to man-in-the-middle attacks, but someone would have to be a bit thick to wonder why what appears to be their online banking service suddenly wants them to transfer lots of money somewhere.

Also, yes, it takes forever to do anything.

Re:Really now? (4, Insightful)

NotQuiteReal (608241) | more than 3 years ago | (#32357848)

Yup - I've been anonymous on the Internet, since, well, since it was Darpanet, or uucp, or whatever it was. Call me paranoid, but even way back in the day, I always wondered, "why would I want anyone to know X, about me?"

If you are writing me a check, I'll give you enough info so I can cash it, otherwise, meh. Even my cable bill has a misspelling in my name I have not corrected in 14 years.

P.S. NotQuiteReal, is not my real name... Proud alias-using "lurker" on the Internet/Usenet since 1982 (or before...)

Re:Really now? (0)

Anonymous Coward | more than 3 years ago | (#32358718)

I'll up you one further - even my driver's license has a misspelling - and I did try to correct it, but after they did nothing the first time, I stopped trying.
Even my auto insurance agent hasn't noticed, despite me paying with checks with the correct spelling but all their files have the wrong spelling.

Here's something else you can do to screw with the system. Make yourself a fake-id with all your real information except your age.
I did that for a girl who looks young and didn't want people to find out her real age if they saw her id.
Since she used it everywhere, she's 'in the system' twice now - all those websites where you can find out people's addresses and relatives and such have two entries for her, 15 years apart with differing addresses (since she moved around).

Re:Really now? (1)

KDR_11k (778916) | more than 3 years ago | (#32358874)

I don't know about where you live but in my country creating a fake ID is a serious crime.

Re:Really now? (0)

Anonymous Coward | more than 3 years ago | (#32358756)

Yup - I've been anonymous on the Internet, since, well, since it was Darpanet, or uucp, or whatever it was.

Actually, I am anonymous, you insensitive clod!

Re:Really now? (0)

Anonymous Coward | more than 3 years ago | (#32357882)

To put it another way: Even in homes where the owners are heavily armed, someone still usually closes the front door if a departing guest left it open.

Re: Really now? (1)

MoeDumb (1108389) | more than 3 years ago | (#32358288)

And yet 100% is what they claim - or they will cover your losses up to a million dollars. If there weren't enormous escape hatches in their customer contract they'd be out of business by now.

Re:Really now? (1)

lymond01 (314120) | more than 3 years ago | (#32358680)

I assumed it wasn't about protecting yourself but the ability to pay someone to do it and get paid by them if they don't. Paying someone to be responsible for you, with the expectation of getting reimbursed and then some if they don't. Liability.

Re:Really now? (1)

oreaq (817314) | more than 3 years ago | (#32360556)

Anyone who expects a service to 100% protect them from identity theft is an idiot.

Identity Theft does not exist. No one can steal an identity. At least not with today's technology. Some bank gets scammed by somebody. The bank then recovers its loss by defrauding one of their customers. The solution to this "problem" is obvious.

Re:Really now? (1)

SkyDude (919251) | more than 3 years ago | (#32360650)

Anyone who expects a service to 100% protect them from identity theft is an idiot. Its just like a virus scanner, it might be helpful but its no substitute for common sense.

Sometimes they're not idiots. Some are just too trusting or are just plain unaware.

My company often receives mail orders containing personal checks. Every year we see several who continue to allow their SSN to be printed on the check, along with the name, address and phone number. These folks are seniors (+70) and don't understand that the SSN is the key to the castle.

In a few cases, I've sent a short letter explaining why they shouldn't do that, and a few have called and thanked me for the information. Often, the reason they give for using the checks is they have a ton of printed checks and don't want to throw them out. Of course, if they did, that could be even worse than continuing to use them because you know they don't own a shredder.

worthless (1)

Anonymous Coward | more than 3 years ago | (#32357386)

need I say more?

how is this a sign of potential problems? (4, Insightful)

Michael Kristopeit (1751814) | more than 3 years ago | (#32357408)

In an interview, Stein said that the fact that LifeLock had to call and ask for the document to be removed reflected badly on Lifelock's service. 'I think this shows clearly that they know that it's got potential problems.'"

so a service designed to protect your privacy is broken if it actively attempts to protect your privacy? I think this shows clearly that they got a proactive strategy to protect personal information.

just because the CEO is willing to stick his chin out doesn't mean i trust him to stick MY chin out.

Re:how is this a sign of potential problems? (5, Insightful)

thedohman (932417) | more than 3 years ago | (#32357746)

You are absolutely correct! They are doing exactly as I would expect the service to do. She got her info on a police report. The police department gave a media outlet the report in such a way that her personal information was exposed. LifeLock called the media outlet and asked to remove her data. There is no way anybody could have prevented the info from getting there in the first place... except maybe not giving the police department your SSN when reporting a crime happening to someone else.

If I was a customer of theirs, and a police department did the same to me, then LifeLock is doing exactly as I would expect them to do, if they wanted to continue getting my monthly fee.

However, Tamika is one of their own, and the police report was published in an article about them. I don't think they would even notice if it had happened to a regular customer and/or if it had not been an article concerning LifeLock.

Re:how is this a sign of potential problems? (0)

Anonymous Coward | more than 3 years ago | (#32357876)

why don't you think they would have noticed if it had happened to a regular customer?

Re:how is this a sign of potential problems? (1)

Z8 (1602647) | more than 3 years ago | (#32360792)

Because it's cool to be cynical and against the "system".

Fraud Alert != Fraud Immunity (5, Informative)

mysidia (191772) | more than 3 years ago | (#32357410)

Not everyone reviews a credit report before issuing any type of credit.

ID thieves can potentially abuse personal information, no matter how many types of fraud alerts you put, there is no guarantee that it will be seen by every third party.

Or the ID thief may employee social engineering and even defeat the 'fraud alert'

Todd Davis' publishing his social security number is a gimmick, and he should understand the risks, and chose to do so anyway, clearly as a publicity stunt.

As CEO and well-known media figure he can probably more easily deal with any ills that result than the average joe, and rely on his company to pay all the money and take all the hassle haggling with creditors of ID thief.

Minor cost well worth the publicity.

His SSN is also more likely to be recognized by banks, and (I suspect) he has little need to himself apply for credit, personally, otherwise he would not do it.

As for other employees of the company.... they have not agreed to this, not agreed to the hassle, and are in a much poorer position to defend themselves against ID theft. They have every right to their privacy, and to not have media organizations publish redacted/legally sealed or legally witheld info.

Re:Fraud Alert != Fraud Immunity (5, Informative)

Shakrai (717556) | more than 3 years ago | (#32357472)

no matter how many types of fraud alerts you put

Better than a fraud alert is the security freeze [experian.com]. They won't open a new account if they can't see your credit report. The security freeze shouldn't even be a major inconvenience, unless you are one of the champs that applies for every new credit and store card under the sun.

Re:Fraud Alert != Fraud Immunity (2, Informative)

mysidia (191772) | more than 3 years ago | (#32357900)

I'll agree a security freeze is better.

But a Credit card or Loan isn't the only type of account an ID thief can try to open fraudulently in a victim's name.

They might try to open a checking account instead, which does not involve a CRA inquiry. Instead, the inquiry would go to CheXsystems or similar, which do not provide a 'security freeze' option

The ID thief may also create a bogus instrument, such as a 'checkbook' of fake checks in victim's name.

If the ID thief is up to title fraud, they also may be able to take out certain type of mortgages on the victim's property, without a credit check.

Or "rent" out certain items in their name and not return them. In any case the bad checks /non-returned items will result in probably nastygrams for the victim, telephone calls, threats, possibly attempts at legal action.

Re:Fraud Alert != Fraud Immunity (1)

Jason Levine (196982) | more than 3 years ago | (#32358058)

That's what my wife and I did to our credit after my identity was stolen. It was a slight hassle when I needed to buy a new car. I had to thaw our credit for a small time frame. Still, that slight hassle is nothing compared with the hassle of repairing a stolen identity. Of course, the credit agencies don't like security freezes. They make their money off of selling your data to other companies and they can't sell frozen accounts. They'd much rather you put a next-to-useless fraud alert on your account so they could continue to profit off of your information (and so you could still open up accounts spur of the moment).

Re:Fraud Alert != Fraud Immunity (1)

hedwards (940851) | more than 3 years ago | (#32360144)

Why it is that we allow them to think that they own that information is beyond me. The information belongs to the person to which it applies. I should have complete control over how it's used and who gets to see it. There certainly shouldn't be anybody looking at it without my requesting a product or service which requires a credit check. But I'm sure the ZOMG corporations being held accountable people will tell me that it's completely my fault if they lose my personal information like TD Ameritrade did. Because obviously I should've known that they'd buy out my brokerage firm and fail to properly secure my contact information.

Cringely... (4, Informative)

Anonymous Coward | more than 3 years ago | (#32357480)

http://www.cringely.com/2010/05/lifeblocked/

So that's how it works (1)

T Murphy (1054674) | more than 3 years ago | (#32357490)

Their service must not actually be trying to prevent identity theft, but trying to keep you from knowing when it happens.

Re:So that's how it works (1)

fluffy99 (870997) | more than 3 years ago | (#32357894)

Their service must not actually be trying to prevent identity theft, but trying to keep you from knowing when it happens.

Close. When they see something they clean it up and then tell the customer they blocked the attempt, so the customer thinks they got their money's worth.

Ya, You Betcha (2, Interesting)

MightyMartian (840721) | more than 3 years ago | (#32357492)

... 'I think this shows clearly that they know that it's got potential problems.'

What it shows clearly is that Lifelock is worthless, except at taking money from morons.

Re:Ya, You Betcha (3, Funny)

DrugCheese (266151) | more than 3 years ago | (#32357554)

What it shows clearly is that Lifelock is worthless, except at taking money from morons.

Exactly. I've been waiting for this story ever since I laughed at their first commercial.

what a gross thing to do (0)

Anonymous Coward | more than 3 years ago | (#32357532)

Journalism seems to attract more than its share of cloddish type people who enjoy spouting self justifying remarks redirecting criticism of their stories ("I wasn't the one who made those claims. Livelock Corporation was the one...."). Usually fortified by frequent trips to the bar.

If you really want protection (5, Interesting)

ksemlerK (610016) | more than 3 years ago | (#32357586)

...Freeze your credit reports.

EQUIFAX Online Help: How to place a security freeze [equifax.com]

Experian Online Help: Security Freeze [experian.com]

TransUnion Personal: Security Freeze [transunion.com]

Problem solved, and you're not paying $9.95 a month for a service you can easily perform yourself that is far more effective then what any of these supposed "Identity protection" companies offer.

Re:If you really want protection (4, Informative)

Ron Bennett (14590) | more than 3 years ago | (#32357694)

Freezing often costs money. And each of those credit bureau charges separately. Could cost one upwards of $30 to place a freeze at all three.

The hassles of "freezing" along with the fees to do so, is another illustration of the financial system being crooked; not designed to protect people, but rather to make credit as easy to obtain as possible with little regard to security.

Ron

Re:If you really want protection (1)

ksemlerK (610016) | more than 3 years ago | (#32357828)

That's $30 for a protection for life, (until you lift the freeze), versus $120/yr for nothing then a company placing fraud alerts on your credit report for you. I know which one I choose.

Re:If you really want protection (4, Insightful)

AK Marc (707885) | more than 3 years ago | (#32357950)

That's $30 for a protection for life,

Protection from what? Banks that blame a 3rd party every time they get robbed? This is no different than if a robber walks into a bank with a deposit slip from your account, writes "give me $10,000" on it, and robs the bank at gun point. Then, when the bank notices that it has your name on the deposit slip, they take it out of your account without your knowledge or permission, even when they know for sure you weren't the robber.

Banks are stealing from their customers when they are robbed. When "identity theft" is treated as it really is, simple fraud, then the world will be a better place. If Congress had balls (and they don't have balls, just pockets with checks in them from the banks), they'd pass a law where every contact with a customer because of a fraudulent account opened by a 3rd party earned them a $100 fine to be paid to the customer, they'd figure out security pretty damn quick. Instead, it's cheaper to screw the lives of their customers (or often, even non customers) because they are too cheap and lazy to have actual security.

"Identity theft" is where the bank performs legalized fraud to harm people because the bank got robbed due to their own negligence.

Re:If you really want protection (1)

jittles (1613415) | more than 3 years ago | (#32360646)

If Congress had balls (and they don't have balls, just pockets with checks in them from the banks)...

The beauty of it all is that the bank wrote that check on your account!

Re:If you really want protection (1)

Ron Bennett (14590) | more than 3 years ago | (#32357958)

$30 for life? Not exactly, because "until you lift the freeze" often involves a fee too (and possibly an additional fee to put the freeze back on), which too can be upwards of $10 for each credit bureau.

Still, even with the added "lift freeze" fees, for most people, you're right that it's cheaper to skip LifeLock and do-it-yourself.

Ron

Re:If you really want protection (2, Informative)

ksemlerK (610016) | more than 3 years ago | (#32358312)

Unless it is a mortgage, or another purchase in excess of $50000, the credit granter will typically only check with one bureau. Inquire about which bureau they are checking with, so you don't end up spending unnecessary money. It usually only takes 15 minutes to unfreeze a credit line, so place the call, and go have a cigarette. By the time that you come back in, it will be open, and they can run the credit score. After you are approved for the loan, place another call, and freeze your credit score again.

Smoking something? (1)

LuckyJ (56389) | more than 3 years ago | (#32357600)

If it sounds to good to be true...

Who honestly thought that with this service they were "untouchable"? Seriously....

Re:Smoking something? (1)

hedwards (940851) | more than 3 years ago | (#32360160)

Sigh, I'm not sure where that rumor got started. They don't claim to be untouchable otherwise why would they be advertising an insurance policy included with service? They pay the first I think it's 2 million of fraudulent activities if they're unable to get it fixed so that you aren't charged for them. I doubt very much that they'd include that if they were really untouchable. Not saying that I trust them or use them, but we should at least be telling the truth about it.

POTENTIAL problems? (3, Insightful)

Chas (5144) | more than 3 years ago | (#32357654)

No. At this point, potential has surpassed threshold and achieved REAL problem status.

Anyhoo, Lifelock is a scam. Plain and simple.
They'll take your money right enough, but they really can't deliver on their promises to protect you and your information.
They're like insurance salesmen. They're simply trying for quantity and trying to live on margins, hoping that they don't get hit big by some massive info theft that they can't cover up or make disappear.
Once they get a breach of a truly significant portion of their customer's data, expect to see them fold up shop like all the old fly-by-night insurance salesmen in the Depression.

Re:POTENTIAL problems? (3, Insightful)

SlappyBastard (961143) | more than 3 years ago | (#32357728)

In fairness, whole industries are built around telling customers the exact lie they want to hear.

Re:POTENTIAL problems? (0, Redundant)

logjon (1411219) | more than 3 years ago | (#32357862)

Police fucked up redacting a public record when they made it public. Lifelock moved to correct. If anything, this speaks well of lifelock, they did what they were supposed to. Nothing to see here, move along.

Re:POTENTIAL problems? (0)

Anonymous Coward | more than 3 years ago | (#32358140)

No.... actually it went more like this:

Police fucked up redacting a public record when they made it public. The Lifelock employee was made aware of the screw up via a web site which reported the fuck up (and NOT by Lifelock), otherwise, the employee would still be clueless as to why she was getting her identity anally raped hundreds of times a day, despite the (hopefully free) Lifelock "protection" she has signed up for. The Lifelock employee made her superiors aware of this, and probably asked what they could do to have the document removed. The situation was sent up the chain, probably all the way to the CEO, who then sent their corporate lawyers after the web site in question.

Now, had this been a regular customer of Lifelock and not an employee, does anyone REALLY believe Lifelock would have lifted a finger to help this person? There is nothing in the Lifelock service agreement that states they have to scan the web for PDF files which might have accidentally revealing information about their customers. The services that Livelock offer are clearly spelled out, and do not include actively scanning the internet for all possible customer identity leak occurring in any possible web site or downloadable document.

Here is my guess as to the though processes of the higher-up's at Lifelock: "Oh shit, one of our own employees has their personal info being broadcasted world wide! When (not if) they get their identity stolen it will make all the headlines. Quick, lets call the lawyers and try to get this under control before we have suffer yet another PR black eye."

Lifelock is pure snake oil. It sounds great, till you drink it, then you suddenly realize it doesn't work, and you are worse off for having tried it, and not only did you lose the money you spent on the snake oil, but now you also have to pay for a doctor to cure you of the poison you just drank.

Re:POTENTIAL problems? (0, Redundant)

logjon (1411219) | more than 3 years ago | (#32358154)

Nice straw man. The real story is that the police are releasing this data and that lifelock can't be expected to watch the entire internet 24/7 but they're catching blame from this anyway somehow.

Re:POTENTIAL problems? (0)

Anonymous Coward | more than 3 years ago | (#32358240)

There was no straw man in that reply. Actually, your reply has the straw man. No one is blaming Life Lock for the leak of the personal data. That was clearly not their fault, not in this instance, anyway. It clearly was the fault of a clueless police department. But to assume that Life Lock is just routinely "doing their job protecting their customers" is grossly overstating what they will actually do for their customers. They are only protecting this woman because she is an employee, and they probably won't be able to prevent her from identity theft, no more than they could for their CEO Todd Davis. Whats his tally up to now? Thirteen times so far, and counting?

Nice "protection" there.

Re:POTENTIAL problems? (1)

logjon (1411219) | more than 3 years ago | (#32357886)

Police fucked up redacting a public record when they made it public. Lifelock moved to correct. If anything, this speaks well of lifelock, they did what they were supposed to. Nothing to see here, move along. Posted again.

Re:POTENTIAL problems? (1)

biryokumaru (822262) | more than 3 years ago | (#32357992)

It's so annoying when people double post and the same comment shows up twice in a row. I hate it!

Re:POTENTIAL problems? (-1, Flamebait)

logjon (1411219) | more than 3 years ago | (#32357996)

It's more annoying when dumb fucking people make dumb fucking opinions based on dumb fucking 'news' tidbits.

Bullshit sensationalism (1, Redundant)

logjon (1411219) | more than 3 years ago | (#32357926)

Police fucked up. Let's get with the /. flaming the private sector.

Re:Bullshit sensationalism (0)

Anonymous Coward | more than 3 years ago | (#32358326)

Let's get with the /. flaming the private sector.

Oh noes, one company gets flamed and now the whole private sector is under rhetorical attack! Is nothing sacred in this godless commie nation anymore?

Re:Bullshit sensationalism (0)

Anonymous Coward | more than 3 years ago | (#32358698)

Police fucked up. Let's get with the /. flaming the private sector.

Everybody knows cops are incompetent. Plus they are untouchable, no matter how big they screw up. That's not really news-worthy or else you'd drown in stories about police fuck-ups.

The only real interesting thing is that this CEO published his SSN in a publicity stunt and apparently it got abused. At least that's mildly funny.

Re:Bullshit sensationalism (1)

ArsenneLupin (766289) | more than 3 years ago | (#32360102)

Why is parent Interesting? Even for those without access to the IP log, Redundant would be more appropriate, given the number of time this same comment has been splattered all over Slashdot.

Police fail to properly redact data (5, Informative)

logjon (1411219) | more than 3 years ago | (#32358006)

Where is that story? Oh, lifelock is an easier target. I understand.

Re:Police fail to properly redact data (1)

ArsenneLupin (766289) | more than 3 years ago | (#32360092)

When astroturfing, at least do it from home, so that people don't see your account attached to a Livelock IP address. Moron.

The report was redacted just fine (image editing, rather than just "covering up" the redacted info using a different layer)

doesn't it make you feel better? (0, Offtopic)

logjon (1411219) | more than 3 years ago | (#32358030)

the pigs have won tonight. they can all sleep soundly. and everything is alright.

Identity Theft Victim How To (0)

Anonymous Coward | more than 3 years ago | (#32358624)

I have no faith in these so-called lifelock solutions for ID theft. I have twice been the victim of ID theft. The only way to protect yourself is to notify the three credit bureaus and CHEX systems that you are a victim of ID theft. Every month I notified the financial institutions that falsely issued credit in my name by US mail that the information they had in my credit report and the account they opened in my name for another person was not opened or used by me and disputed the records they maintained on me. What that does is it requires the financial institutions to remove the account from your credit reports and investigate. The only costs for you is the stamp, envelope and changing the date on your letter every month. I had to keep this up for 7 years, 5 yrs. for CHEX Systems, since one time I received a letter from the President of financial institute that they would no longer report my account to credit agencies and 60 days later they did report the falsified account to Equifax again. It may seem like a pain, but if you send out the letters every time you pay your monthly bills it just becomes a habit. BT,DT
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...