Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Experian Sold Social Security Numbers To ID Theft Service

Unknown Lamer posted 1 year,1 day | from the you-can-totally-trust-us dept.

Security 390

realized writes "Experian — one of the three national U.S. credit bureaus — reportedly sold SSNs through its subsidiary, Court Ventures, to the operators of SuperGet.info who then offered all of the information online for a price. The website would advertise having '99% to 100% of all USA' in their database on websites frequented by carders. Hieu Minh Ngo, the website owner, was recently been indicted for 15-counts filed under seal in November 2012, charging him with conspiracy to commit wire fraud, substantive wire fraud, conspiracy to commit identity fraud, substantive identity fraud, aggravated identity theft, conspiracy to commit access device fraud, and substantive access device fraud."

Sorry! There are no comments related to the filter you selected.

And, who has the Obamacare ID validation contract? (-1, Troll)

GodfatherofSoul (174979) | 1 year,1 day | (#45189995)

n/t

Re:And, who has the Obamacare ID validation contra (5, Insightful)

Anonymous Coward | 1 year,1 day | (#45190109)

Oh god, is Slashdot now The Blaze, where everyone has Obama Derangement Syndrome and every single comment has to tie to Obama, no matter how loosely related they are?

Re:And, who has the Obamacare ID validation contra (2, Informative)

cyberjock1980 (1131059) | 1 year,1 day | (#45190187)

No, but he does make an interesting comparison. It is worth at least mentioning. Is it not? Last I read the contract was a no-bid(aka no competition) contract. Usually those are given to companies that are getting "special privledges" from those high in the political ranks.

Re:And, who has the Obamacare ID validation contra (1)

Anonymous Coward | 1 year,1 day | (#45190539)

No. It does not. It only feeds the paranoid fuckoffs that post it

Re:And, who has the Obamacare ID validation contra (3, Insightful)

EMG at MU (1194965) | 1 year,1 day | (#45190631)

Brining Obama into it frames the discussion on partisan politics. The discussion becomes "Obama and the democrats are corrupt, look at this no bid contract" instead of "The entire goverment, regardless of political party, is corrupt; no bid contracts have been part of the goverment bidding process for years and we need to reform it now".

We get nowhere when we fight about one party over another. But thats how all the debates are framed, and partisan drones are programmed to jump all over the opportunity to blame opposing party while ignoring the same transgressions when it is their party being bad.

Re:And, who has the Obamacare ID validation contra (0)

Anonymous Coward | 1 year,1 day | (#45190213)

Thanks Obama.

Re:And, who has the Obamacare ID validation contra (-1)

Anonymous Coward | 1 year,1 day | (#45190579)

Oh god, is Slashdot now The Blaze, where everyone has Obama Derangement Syndrome and every single comment has to tie to Obama, no matter how loosely related they are?

As long as us trolls have quality unaffordable healthcare, are well fed and live a long counterproductive life you bet. Thanks for feeding me comrade. My fat diabetes encrusted belly attracts all the female trolls who inevitably desire to make baby trolls with me paid for by your contribution to Obamacare.

Re:And, who has the Obamacare ID validation contra (0)

Anonymous Coward | 1 year,1 day | (#45190201)

You realize the government already has all of our social security numbers, right?

Re:And, who has the Obamacare ID validation contra (2)

MacColossus (932054) | 1 year,1 day | (#45190367)

Which makes you wonder why they are using Experian for validation.

Re:And, who has the Obamacare ID validation contra (1)

Anonymous Coward | 1 year,1 day | (#45190565)

Because years and years ago people said the government can't possibly do anything right so now everything is done on a cost-plus basis (read: whatever it would cost the government to do it themselves, plus a hefty bonus for the CEO with the expectation that it would be paid back to the election coffers of whoever swung the contract).

Because the Private Sector is The Awesomes and the very pinnacle of competency and effeciency.

Re:And, who has the Obamacare ID validation contra (0)

Anonymous Coward | 1 year,1 day | (#45190203)

Kinda makes one wonder if the "BOOOOSH IS TEH EVUL!!!!!" fools were just projecting, doesn't it?

Re:And, who has the Obamacare ID validation contra (5, Insightful)

mcgrew (92797) | 1 year,1 day | (#45190391)

For fuck's sake, it has nothing to do with obamacare. Stay on topic and stop trolling.

OK, so they put the ID theft guy in prison, how about having Experian's CEO in an adjoining cell? Why is it legal for Experian to sell my SS#??? I never gave them permission for that.

Probably a downmod coming but.. (5, Insightful)

Anonymous Coward | 1 year,1 day | (#45190035)

WHAT THE FUCK!!!?!!!?

Re:Probably a downmod coming but.. (5, Funny)

Anonymous Coward | 1 year,1 day | (#45190173)

A very articulate and insightful comment. No sarcasm intended

Re:Probably a downmod coming but.. (0)

Anonymous Coward | 1 year,1 day | (#45190245)

Insightful.

Re:Probably a downmod coming but.. (5, Interesting)

binarylarry (1338699) | 1 year,1 day | (#45190275)

Agreed. I'd vote for hanging some of the Experian exec responsible for this.

Re:Probably a downmod coming but.. (1)

Bob the Super Hamste (1152367) | 1 year,1 day | (#45190329)

That seems far to kind of a punishment for them. Having them drawn and quartered would be closer but still falls woefully short.

Re:Probably a downmod coming but.. (1)

NeverVotedBush (1041088) | 1 year,1 day | (#45190673)

Makes one wonder what would happen to crime rates and bad executive behavior is drawing and quartering was to be returned as a valid form of punishment for the most heinous crimes.

Bet it would go down...

Re:Probably a downmod coming but.. (5, Informative)

lymond01 (314120) | 1 year,1 day | (#45190291)

WHAT THE FUCK!!!?!!!?

According to TFA, basically the company that Experian purchased had already been selling information to the notorious 24-year old cyber criminal. Once the company was purchased, Experian didn't review its own transactions closely enough and inadvertently sold our SSNs to the guy too. Monthly. The Secret Service found out, captured the 24-year old, and it's unknown if Experian, credit watchdog, will suffer for sleeping on the job.

I'm not sure who appointed Experian watchdog (though I'm certain someone on Slashdot will point out how ignorant I am for not knowing), but for a company with so much power over your own life in terms of credit, it would be nice if, with the power came some sort of responsibility -- and accountability. I suppose we'll need to off Experian's Uncle Ben to get our point across...

Since you mentioned Experian (4, Insightful)

Anonymous Coward | 1 year,1 day | (#45190043)

These are the same people who offer to counsel you for $15, with a made-up number (even more made up than FICO) with fine print like this: "your Experian Credit Score indicates your relative credit risk level for educational purposes and is not the score used by lenders". Yep, super class act all the way. Even among credit rating scams, er "agencies", they are the worst.

Re:Since you mentioned Experian (1, Informative)

afidel (530433) | 1 year,1 day | (#45190613)

They can't use FICO because it's owned by a third party (Fair Isaac), what they CAN do is use a similar algorithm on the data they hold (FICO includes inputs from all 3 major credit bureaus).

And when will Experian be charged? (5, Insightful)

Anonymous Coward | 1 year,1 day | (#45190055)

The US Credit system is a racket designed to screw people. I have been fighting a bogus charge on my credit report for years and I would love to see the power that these behemoths lowered.

Granted, I do not know of a superior way to track people, but the amount of destruction caused by identity theft or improper billing is insane.

Re:And when will Experian be charged? (4, Informative)

Solarhands (1279802) | 1 year,1 day | (#45190225)

Move to California. In California the burden of proof is on them if you dispute something.

Re:And when will Experian be charged? (0)

Lab Rat Jason (2495638) | 1 year,1 day | (#45190417)

But then you'd be living under the burden of the People's Republik of Kalifornia.

Re:And when will Experian be charged? (5, Funny)

Anonymous Coward | 1 year,1 day | (#45190459)

The first good reason I've heard to move to California. It's like saying "move to North Korea, Experian doesn't operate in North Korea."

Re:And when will Experian be charged? (0)

Anonymous Coward | 1 year,1 day | (#45190261)

You have the right to add a comment (limited number of words or something like that) to your credit reports. You should consider doing this.

The Credit Reporting Agencies pay retailers, landlords, etc. to add information to the credit report. This creates a credit that can be used when the reporter requests a credit check. That is, the deck is stacked against the consumer/customer.

Re:And when will Experian be charged? (4, Insightful)

bradley13 (1118935) | 1 year,1 day | (#45190385)

"Granted, I do not know of a superior way to track people"

How about this for an idea: don't track them.

Let's be real: These credit reporting agencies bring zero added value to the system. If you want a loan, go to the bank, show them certified copies of your pay statements, sign a legal document listing your other debts (or whatever other information the bank needs for a decision), and that ought to be it. There is zero need for anyone to know that you were three days late on a credit card payment in March of 2007.

These agencies are a blight. They are in the same category as Facebook: you are not the customer, your personal data is a product that they sell to anyone that will pay for it.

Who watches the watchers? (5, Insightful)

gstoddart (321705) | 1 year,1 day | (#45190069)

So if the credit bureau is selling all of the information to the identify thieves you're pretty much fucked.

Sounds like this company is playing both ends against the middle and needs to be shutdown.

Pathetic.

Re:Who watches the watchers? (0)

Anonymous Coward | 1 year,1 day | (#45190131)

There must be a better system to protect private information, and better private information that cannot be copied, and distributed.

I'll never cease to be amazed... (0)

Anonymous Coward | 1 year,1 day | (#45190377)

That more protection is afforded run of themill forum accounts than bank accounts.

Sure, financial institutions spend a boatload more on enforcement, but the premise of simplistic account numbers that must be shared in order to make purchases is insane. Where's the public/private key cryptography allowing me to keep things meaningfully private and secured against theft in the first place?

Re:Who watches the watchers? (5, Insightful)

Bob the Super Hamste (1152367) | 1 year,1 day | (#45190381)

Wasn't there some law that stated that when data breaches like this happen the company has to pay for credit monitoring for those affected. Given that it sounds like they may have distributed all US citizens' info it might be enough to sink their company. Then again I may only be remembering some proposed law that died a quiet death in some committee.

FREE AS IN BEER MARKET !! (1)

Anonymous Coward | 1 year,1 day | (#45190071)

1. Information wants to be FREE !!

2. FREE the identies of millions !!

3. PROFIT !!

Re:FREE AS IN BEER MARKET !! (3, Interesting)

Anonymous Coward | 1 year,1 day | (#45190277)

4. Get one rifle shot shot at long range from a citizen who got screwed in the bargain. Make it a .50 caliber.

I've been saying since Enron we should add more FEAR to the "greed and fear run Wall St." aphorism...

captcha: brooms (which sweep clean)

And no one at experian will ever be charged. (5, Insightful)

Anonymous Coward | 1 year,1 day | (#45190081)

Even though Experian was selling the info, only the people who bought it will get punished.

Re:And no one at experian will ever be charged. (1)

mark-t (151149) | 1 year,1 day | (#45190263)

I think, presumably, that an argument exists that Experian would not have had any way of realizing the nature of who they were selling it to, and that presumably, there is a separate argument to be made for Experian having the right to ever sell the information at all.

Re:And no one at experian will ever be charged. (2)

mcgrew (92797) | 1 year,1 day | (#45190439)

and that presumably, there is a separate argument to be made for Experian having the right to ever sell the information at all.

And what, pray tell, would that argument be? I can see nothing whatever society gains by letting Experian sell what they do not own.

Re:And no one at experian will ever be charged. (1)

sjames (1099) | 1 year,1 day | (#45190473)

And since they cannot possibly not know about 'identity theft' (that is, bank fraud where the cost is pushed off onto a third party to the fraudulent transaction), they will require proof that the adverse information reported is actually about you before it affects anything.

HAHAHAHAHAHAHAHAHAHAHAHAHAHAHA I crack me up. That's a knee slapper!

Their 'credit reporting' will continue to be based on gossip and innuendo such that the National Enquirer looks like the New York Times in comparison.

Re:And no one at experian will ever be charged. (5, Informative)

Jason Levine (196982) | 1 year,1 day | (#45190449)

Sadly, the people whose identity was stolen will also be punished by having to spend time, energy, and money restoring their credit files and getting the bogus accounts removed. In some cases they will have to prove that they really didn't open the lines of credit to Experian - the very company who is responsible for the mess they are in. They will also need to watch their credit closely for the rest of their lives wondering when the next line of credit will open up or deal with the hassle of freezing their credit and not being able to open new lines of credit when they want. (Though, as an ID theft victim who did the latter, it's really not that much of a pain. Just stinks that it is necessary.)

Experian, on the other hand, will face a vicious finger wagging by Congress. At the very worst. Maybe a token fine that they can make back in 2.3 seconds of doing their normal business.

Re:And no one at experian will ever be charged. (2, Informative)

Anonymous Coward | 1 year,1 day | (#45190489)

Read the article - it wasn't Experian selling the info.

As stated also in the summary, it was a company called Court Ventures, although what the summary doesn't say is that although Court Ventures is currently a subsidiary of Experian, it was already illegally selling this information before it was aquired by Experian, and also that the Secret Service contacted Experian about it after the aquisition.

It also should be noted that the information itself did not originate from Experian, but from US Info Search, and that the information is apparently aggregated from public sources (i.e. court records, driver records etc)

They were allowed to sell the information to US companies for ID checking and theft prevention, just not to foreign companies, and not to companies using it for other purposes.

I don't entirely like what Experian do, but I don't really think they're the bad guys here.

Start the bombing now! (5, Funny)

Theophile (535535) | 1 year,1 day | (#45190091)

I'm an American, so I'll admit that I couldn't find Experia on a map if I tried, but this is an outrage and I say we start bombing the Experians back to the stone age right now!

Re:Start the bombing now! (1)

WillgasM (1646719) | 1 year,1 day | (#45190475)

why do i never have mod points when i need them?

Re:Start the bombing now! (2)

UnknowingFool (672806) | 1 year,1 day | (#45190519)

What's sad that this is true most of the time. My friend was interviewing someone (college graduate education) for her company. My friend mentioned that she was in New Zealand earlier this year. The interviewee asked where in Europe New Zealand was located.

Oh Yea? (0)

Anonymous Coward | 1 year,1 day | (#45190099)

Here's the important take away...

They'll do it again and there is fuck all you can do about it!

What now, bitches?

Re:Oh Yea? (0)

Anonymous Coward | 1 year,1 day | (#45190303)

>What now, bitches?

What now? Legalize marijuana, then all we'll need is more Doritos.

15 counts of wire fraud explained. (3, Insightful)

nimbius (983462) | 1 year,1 day | (#45190105)

If convicted in an american court those 15 counts amount to:
10 years in prison, appealed to 7
parole after 4

and experian leaving the room without ever having admitted any wrongdoing. Visa and Mastercard dont care, because the amount of credit as a balance reflected on a card is imaginary anyhow and doesnt correlate to any real value. They simply issue chargebacks against the vendors affected by fraudulent purchases.
the vendors in turn get a strike against them for accepting fraudulent transactions. cardholders get a new card, and the game resets. Consumer capitalism cannot be permitted to short-circuit at the expense of the consumer.

The cards are commonly used to purchase web hosting or secure free trials to distribute malware as a means of garnering more legitimate cards and absolving their dependence on lucky ducks like the Experian guy. The wheel is still turning.

Re:15 counts of wire fraud explained. (1)

Nemesisghost (1720424) | 1 year,1 day | (#45190533)

You realize this only works for cards consumers know about. Given that the average person only gets a new loan every few years, and hence only worries about their credit report at that frequency, they might not even know that someone has stolen their identity & now have fraudulent credit cards open in their name for years. And my understanding is that once the card is opened, it's now on the consumer to dispute everything about the card, which is no easy task. It's not like charges from 1/2 across the world suddenly appearing on a card only used at your local supermarket. The entire history of the card is fraudulent, which is immensely harder to prove. Now throw in the fact that the card has since gone into default, and you are screwed.

Why is SSN secret? (4, Interesting)

bigwheel (2238516) | 1 year,1 day | (#45190111)

I never understood why social security numbers have become secret. It was my student ID both in undergrad and grad school. Available to everyone. Once upon a time, you were even supposed to keep your social security card in your wallet. Now it needs to be kept secret, along with my mother's maiden name.

It is just a has code -- not a password.

Re:Why is SSN secret? (5, Interesting)

ComfortablyAmbiguous (1740854) | 1 year,1 day | (#45190165)

Besides that, it's a horrible, horrible secret. Until just a few years ago the first five digits could be easily determined from your birthday and location of birth, leaving only 4 digits of somewhat randomness, and even that went in sequential order, giving you a pretty good guess at a much small range. To add insult to injury, whenever a company thinks they are helping you keep it secret they will ask you for the last four digits of the number, the only four digits that actually matter.

Re:Why is SSN secret? (0)

mcgrew (92797) | 1 year,1 day | (#45190551)

I got mine in 1968, and it said in large caps FOR TAX PURPOSES ONLY. It would be damned hard to write a book without a credit card now -- copyright, ISBN, web site, printer... pretty hard to do any commerce online without a card.

I've spent over $300 on Nobots, all of it on the card. (OT but it might be available as early as next week, I'll let you guys know).

Re:Why is SSN secret? (3, Interesting)

thaylin (555395) | 1 year,1 day | (#45190179)

because with your SSN now you have access to EVERY other piece of information. Forget your password with any company that has your SSN and they will use your SSN as the ultimate password.

Re:Why is SSN secret? (5, Insightful)

Anonymous Coward | 1 year,1 day | (#45190283)

And how do you keep your mothers maiden name a secret?
Do you kill her and her parents and wipe out all traces of them?
Why do they use stupid shit like this to identify someone.

Re:Why is SSN secret? (0)

Anonymous Coward | 1 year,1 day | (#45190457)

Because authentication systems don't need to be bulletproof. They only need to reduce the cost of fraud below the benefit gained from simpler and more convenient customer service.

And as long as the banks bare the majority of the cost, then they'll act more-or-less rationally. But they also tirelessly lobby their Congress Critters, especially GOP Critters, to shift the burdens. Once that happens... it's game over.

Re:Why is SSN secret? (1)

jeffmeden (135043) | 1 year,1 day | (#45190399)

I never understood why social security numbers have become secret. It was my student ID both in undergrad and grad school. Available to everyone. Once upon a time, you were even supposed to keep your social security card in your wallet. Now it needs to be kept secret, along with my mother's maiden name.

It is just a has code -- not a password.

Until the grand abstractor that is the Internet came along, exploiting the system usually meant being in a position of some power at one of those institutions, or digging through lots of garbage to find discarded records. In the realm of things that make you unique and are both quantifiable and indelible, SSN is at the top of the list. It became the de facto "identity password" since about 50 years ago when national, impersonal, remote services like credit cards took off and the creditors (banks), instead of coming up with a better system, left well enough alone.

Think about it, how would you _indelibly_ tell two people apart on paper, both named John Charles Doe and both born on 6/7/89? Record who their parents were? Record where or maybe exactly when they were born? Record some assigned nonce that was issued at birth by some all-knowing entity? Oops, that's what a SSN is!

A world without secret SSNs requires much more diligence on the part of the _customer_ because they are burdened with extra identification elements (public ones and private ones, a username and password of sorts) for each service unless a national or international effort to standardize comes about.

Re:Why is SSN secret? (3, Informative)

Jason Levine (196982) | 1 year,1 day | (#45190491)

Not that mother's maiden name is any protection. When someone opened a credit card in my name, they had my name, address, social security number, and date of birth. They got the mother's maiden name wrong, though. It wasn't even close. Didn't stop Capital One from approving the card application, though, and almost giving the people a line of credit in my name. (The only thing that stopped them was a fluke where they paid for rush delivery of the card and immediately changed the address from mine to theirs. The two processes crossed paths and the card arrived on my doorstep. Had it worked as intended, they would have gotten the card and run up a huge bill under my name.)

Re:Why is SSN secret? (0)

Anonymous Coward | 1 year,1 day | (#45190495)

It's likely because some companies decided it was a good way to track individuals. "You say you are Phineas Gage? What is your SSN so I can verify that you are Phineas P. Gage and not Phineas G. Gage." Do a search of public records and there are still hundreds of documents with SSNs all over the place (check your property documents). And then some bright folks decided that the last four digits were a good password to use for all manner of things.

What's funny is that with the SSN (available for a good number of people) and their name, address, and some information on their social network pages, it's easy enough to to figure out. (Your uncle on Facebook may have your mother's maiden name, your work street address and cell phone number is publicly available, how much you paid for your house is public).

So say that I wanted to steal someone's identity.. I may simply make a note of all the cars in his driveway (so I can answer that question about which cars have I owned), search the public databases for SSN, approximate salary, etc.. I may start by setting up a new phone number, paying the bill normally for a few months, then using that as the verification number.

But we all know this...and still continue to provide it because it's ridiculous that anyone would think it was secure..

Can I form a subsidiary too? (1)

digitalhermit (113459) | 1 year,1 day | (#45190115)

Oh, wow. TFA looks more than just noise, but we don't know how true it is yet. That said, I've seen so many articles about companies disclaiming liability because the crimes were committed by a partner or subsidiary. I want to do that too. After all, if companies get the benefits of personhood, I think people should get the benefits that corporations do too. I'll spin off a subsidiary person. He'll do all the crimes (cutting off mattress tags, walking on the "Don't Walk", eating oatmeal without a spoon) and I can benefit. When someone bothers to check, I can raise up the mini-me and have them throw him in jail. I'll keep the profits.

Re:Can I form a subsidiary too? (2, Insightful)

Anonymous Coward | 1 year,1 day | (#45190515)

Always go check for an apposite Will Rogers quotation:

"A holding company is a thing where you hand an accomplice the goods while the policeman searches you." - Will Rogers

Why do SSNs persist? (5, Insightful)

necro81 (917438) | 1 year,1 day | (#45190125)

I have a general question: why does the Social Security Number endure as the primary key of, well, every kind of financial account or transaction in the United States. The SSN - how it's assigned, how it's revoked, the regulations regarding who can use it and for what, what necessary safeguards are in place to prevent theft or misuse, its anonymity or lack thereof - was never intended for the tasks that it is now burdened with. It's broken in so many ways that it would be hilarious - if the consequences were not so dire.

Is it just that this is the system that we in the US are stuck with, and that's that? How do other countries handle this? What are the potential alternatives? What are the true requirements for a "master identifier key", and how can they be realized in a way accessible to all people? How can we convince the business and banking community to stop using the SSN - not because they're forced to, but because it's such an awful liability?

Which politicians' identities need to be stolen in order to put such a system in place?

Re:Why do SSNs persist? (1)

CodeReign (2426810) | 1 year,1 day | (#45190281)

should use a sha1 hash of you birth details for a ssn

Re:Why do SSNs persist? (0)

Anonymous Coward | 1 year,1 day | (#45190509)

Blame the idiots in the 1930s for this. Why they didn't use strong cryptographic techniques is beyond me.

Why don't they switch over today to something better, as they did in Europe? Blame the tinfoil hat crowd who prefer a less secure system with plausible deniability built into it, and the ability for your average Joe to fall under the radar with a fake SS# if he desired. I kinda-sorta fall into this camp, myself--not actually using a fake #, but it's kind of comforting in a weird way that I could if I wanted to.

Re:Why do SSNs persist? (1)

necro81 (917438) | 1 year,1 day | (#45190671)

Blame the idiots in the 1930s for this. Why they didn't use strong cryptographic techniques is beyond me.

I don't blame the creators of the Social Security Administration for this; they provided a simple solution for what was a simple task. Strong cryptographic techniques - as we might understand them today - were either pretty obscure or hadn't been invented yet.

No, I blame every idiot that came afterwards and grafted new uses and requirements to the SSN - without updating or replacing the SSN to keep pace.

Re:Why do SSNs persist? (2)

Culture20 (968837) | 1 year,1 day | (#45190663)

That's essentially what a SSN is, just using a weaker algorithm. Using sha1 won't make it any more secure since most people's birth details are public record. Then once the hash is created, it suffers from the same problem that SSNs have: being passed around in plain text as the same password for every company.

Re:Why do SSNs persist? (1)

twotacocombo (1529393) | 1 year,1 day | (#45190359)

I have a general question: why does the Social Security Number endure as the primary key of, well, every kind of financial account or transaction in the United States.

Because it's the only common identifier assigned to all US citizens. Not everybody has a drivers license, passport, address or phone number.. but almost everybody born within the confines of society has a SSN. There really isn't any better or more consistent means of identifying an individual on a national scale. We're well beyond the days of opening a line of credit at the general store based on personal relationships and a handshake.

Re:Why do SSNs persist? (1)

necro81 (917438) | 1 year,1 day | (#45190597)

Oh, I can understand how it came about. But, really, there are any number of intelligent people - security analysts, IT professionals, bankers, human factors specialists, and armchair thinkers - that could probably craft the outlines of a better, more secure system with an afternoon's effort. Why hasn't such a system come around yet?

They say, "if it ain't broke, don't fix it." But the way we use SSNs as a catch-all identifier has been broken at least since the introduction of online commerce - why hasn't anyone even proposed fixing it yet?

Re:Why do SSNs persist? (1)

Anonymous Coward | 1 year,1 day | (#45190411)

According to the article, they didn't just sell SS info, but rather bank account info and credit card info as well. The SS numbers are just a part of it all.

To sum up the article:
Some company evidently sold this information to other companies in order for those companies to use it to combat ID theft. Then one of those other companies then sold it to the black market.

What I want to know is, why didn't the NSA catch this? Why haven't I heard from my bank about this? Should we all change our accounts? WTF?

Re:Why do SSNs persist? (0)

Anonymous Coward | 1 year,1 day | (#45190461)

SSN is the only federal ID tag that every American is guaranteed to have. Only other national one is a passport and not everyone has that.

Everything else is handled by the states and each has their own policies.

There are attempts to force a standard but they get resistance on privacy aspects. I'd expect in another generation those concerns will be gone and something like a national ID (see Real ID) could be rolled out.

Question though, how would you make a database of ID that is not as easily fooled/stolen/corrupted? Do we require some biometric or password to verity yourself?

Re:Why do SSNs persist? (0)

Anonymous Coward | 1 year,1 day | (#45190557)

Well, in the UK we have a 'National Insurance Number', which is similar in original intended purpose, but in use is only used for things directly associated with taxation and benefits/welfare payments. (i.e. Generally your employer and the government have it/use it, and no one else uses it or cares).

Re:Why do SSNs persist? (1)

jeffmeden (135043) | 1 year,1 day | (#45190601)

I have a general question: why does the Social Security Number endure as the primary key of, well, every kind of financial account or transaction in the United States. The SSN - how it's assigned, how it's revoked, the regulations regarding who can use it and for what, what necessary safeguards are in place to prevent theft or misuse, its anonymity or lack thereof - was never intended for the tasks that it is now burdened with. It's broken in so many ways that it would be hilarious - if the consequences were not so dire.
 

The answer to your question is easy: consumers demand easier interactions with banks and other orgs, and the orgs know that the harder they are to deal with the less likely the are to attract customers.

Instead of enrolling a new user by gathering all of their NPPI and then insisting on some extra public key verification (home mailing, notarized document, etc) before creating a private key (a password) they simply take you at your word that if you know all this NPPI, you must be _that_ John C Doe and not a different one, or not some identity thief. Add to that the use case of "i lost my keys", wherein the org needs to be able to quickly assess the identity of someone who has forgotten/lost/destroyed their "password", and doing it the "right way" starts to carry more of a burden than just doing it the same ol' way, and maintaining a staff of fraud investigators. The system hasn't changed because customers could care less as long as it doesn't hurt them, and fraud detection/remediation is effective "enough" to keep almost everyone happy. Those that have trouble are in a world of shit, though.

Re:Why do SSNs persist? (1)

TheCarp (96830) | 1 year,1 day | (#45190609)

Easy, mostly it crept in with a lot of "Monkey See, monkey do".

It used to be there were no real central DBs of people's info. You don't have to go back far before the best records of who lived in a community were church baptismal records, and then Birth certificates. SS was really one of the first things where you could say just about every person here is enrolled and has a unique number.

Back then, SSN was pretty useless. Sure you could always try to commit SS fraud, but, since most people apply, and the money comes as checks, its not something you should expect to get away with for long and without consequence.... not to mention its not like you can just go in and drain someones SS, as its a time based benefit (unless they are already dead of course).

So as different orgs, states with drivers licenses (when i applied for my license in the mid 90s you still had the option of using your SSN, and some people CHOSE to!) decided to use it as an identifier, it made perfect sense, at the time.

The problem isn't so much that people use SSN. Its really almost more of a tragedy of the commons: Because what is a small concern when one group uses it, becomes a huge concern when every group uses it.

Not only that, but add a little circular logic.... SSN is good because your SSN is secret, nobody else knows it. Therefore if we use it as your ID we know its unique and we know its you. Makes perfect sense....until everyone else does it and the idea that your SSN is secret totally breaks down as everybody expects you to just give it to them to identify yourself.

Re:Why do SSNs persist? (0)

Anonymous Coward | 1 year,1 day | (#45190625)

It's the master identifier exactly because it was promised that it would never be used as such. The Social Security Act would never have been passed if a crystal ball had existed. And because the notion of a national ID number would be DOA, even if it would be used to replace SSN. (And, since it is near universal in the US, why would you want to replace it?)

Watch! (0)

Anonymous Coward | 1 year,1 day | (#45190147)

We'll pass some laws that never get enforced.

This why all personal info should belong to us (0)

Anonymous Coward | 1 year,1 day | (#45190161)

They should have to receive explicit permission to divulge the info to 3rd parties. If anyone should profit from my info, it should be me.

This is also a problem for Brazil (0)

Anonymous Coward | 1 year,1 day | (#45190169)

Experian Serasa has 100% of the credit tracking information in Brazil, and full details on just about everyone who has a bank account and even of those who applied for store credit...

Why the hell did our government allow this, I have no idea. Who the hell needs to fear the NSA when things are this screwed up...

Anything for a Buck (1)

Rob Riggs (6418) | 1 year,1 day | (#45190175)

Who here thinks Experian will be held accountable? Anyone?

Re:Anything for a Buck (0)

Anonymous Coward | 1 year,1 day | (#45190371)

As long as Experian continues to give total and complete access to the NSA, for every shred of information they possess, then they will have a get-out-of-jail card.

Re:Anything for a Buck (1)

Ambassador Kosh (18352) | 1 year,1 day | (#45190405)

They will be held accountable to shareholders where they will be given a huge bonus for doing this. :(

As for being accountable to us or to the laws they broke? Not a chance. I give better odds on Santa Claus existing than these guys being actually held accountable to a court.

Re:Anything for a Buck (1)

Jason Levine (196982) | 1 year,1 day | (#45190541)

They will get a vicious finger wagging by the federal government perhaps with a "big fine" (that they pay with the money they make during 2.3 seconds of normal business operations). They will hang their heads in shame until the news cycle about this is over (a day or two), promising to completely revamp how they operate.... and then they'll go back to normal business operations until they are caught doing this again. (At which point, start reading from the beginning of my comment again.)

What about Experian? (5, Insightful)

gr8_phk (621180) | 1 year,1 day | (#45190193)

Hieu Minh Ngo, the website owner, was recently been indicted for 15-counts filed under seal in November 2012, charging him with conspiracy to commit wire fraud, substantive wire fraud, conspiracy to commit identity fraud, substantive identity fraud, aggravated identity theft, conspiracy to commit access device fraud, and substantive access device fraud.

Why does someone at one level of the crime get charged but not the one at the top. Remember:

Experian — one of the three national U.S. credit bureaus — reportedly sold SSNs through its subsidiary, Court Ventures, to the operators of SuperGet.info

Why are they not being charged? Using SSNs for certain things is illegal, and selling them probably is too - otherwise what did the other guy do wrong?

Re:What about Experian? (1)

Anonymous Coward | 1 year,1 day | (#45190363)

Bribes, kickbacks, no bid contracts, worry about embarrassment of government officials who got campaign money from Experian. The CEOs most likely will still get their bonuses. As general corruption builds up, tolerance of new forms will grow until it hits an unacceptable point.

Re:What about Experian? (2, Interesting)

Anonymous Coward | 1 year,1 day | (#45190621)

Because criminal culpability usually requires intent. This would require the prosecutor to show that Experian executives either knew about it or suspected it, or should have known about it but were too wreckless in their supervisory duties. Obviously the latter is more likely, but that can be tough to prove. Experian would bring in an army of experts to explain to the jury why the executives lived up to every reasonable standard, and that these mistakes happen every once in awhile, etc.

In many other countries criminal culpability doesn't require such a high standard of intent, and in some cases none at all. These also tend to be poor and underdeveloped countries, where moral outrage tends to drown out reasonable business expectations. These are countries where philosophy students write the laws.

There's a reason why America is the richest country in the world. We have one of the best environments for business in the world. We just have a really fscked-up wealth distribution problem, and also a drastically underfunded investigative apparatus to enforce our existing white collar crime laws.

What about the other two (1)

imatter (2749965) | 1 year,1 day | (#45190251)

I have to imagine that Experian is not alone here. They just got caught.

obDilbert (2, Funny)

Anonymous Coward | 1 year,1 day | (#45190269)

http://dilbert.com/strips/comic/2010-10-14/

US credit reporting violates privacy of millions (5, Insightful)

bradley13 (1118935) | 1 year,1 day | (#45190305)

Credit reporting ought to have everyone up in arms anyway. Every company an American does business with sends personal, financial details to these agencies. No permission required. The agencies themselves have a shared monopoly, but the size of their market is static. So they are always looking for quasi-legal ways to make even more money by selling your personal data. Sometimes quasi-illegal.

The whole system stinks. Americans need to get themselves some privacy rights...

Experian one of the worst (4, Informative)

Lysol (11150) | 1 year,1 day | (#45190317)

My family and I were looking to move recently. Of course, we have to print out our credit reports. It used to be nice years ago when Yahoo had a service where you could easily get all 3 in just a few mins. But I'm sure since that was actually useful in real life, someone had to end it. So now, you have to log into the big 3 separately and request your 'free' report.

Of course, it's not 'free' since there's quite a bit of time involved in just getting it. You have a right by law to get this information once a year, but in order to do so, you have to put in your credit card. Red flag right there. This 'entitles' you to a free month of credit 'protection'.

After your done with your 'free' month, you have to call and cancel or else they'll charge you. Yup, you're right, no easy way to do that, no cancel account link or button to click - you gotta get on a phone and do an old school call. To keep the good times rolling, once you're actually off hold and connected to someone, it's some call center in another country. Mine happened to be India. What ensued next was back and forth on just getting the fucking thing canceled. There were many "just a moment" pauses and even a few upsells. I had to tell the guy 3 times I want to cancel. Just click the cancel button in your crappy web app.

30 mins later, I was off the phone. This company and the people that work for it are trash, plain and simple. They are a scourge on society and a drain on humanity. And along with banking (and warring I guess), credit 'scoring' and manipulation has to be one of the worst human endeavors ever. I don't understand how these people sleep at night and I'm not surprised they're selling people's info to whomever will pay.

Re:Experian one of the worst (2, Insightful)

sconeu (64226) | 1 year,1 day | (#45190469)

I've *NEVER* had to enter a credit card to get my free credit report. Where the hell are you going to get it?

Re:Experian one of the worst (1)

sandytaru (1158959) | 1 year,1 day | (#45190497)

I use Quizzle instead. I've never been upsold that way.

Re:Experian one of the worst (3, Informative)

Anonymous Coward | 1 year,1 day | (#45190559)

Stop spreading FUD. No credit card info is required to get your free annual credit report.
You don't have to agree to upsell features like FAKO credit score and credit monitoring.

Re:Experian one of the worst (4, Informative)

HeavyD14 (898751) | 1 year,1 day | (#45190573)

Next time, go to http://annualcreditreport.com/ [annualcreditreport.com] for your free report. No credit card or trial required. Takes care of all three agencies at once.

Re:Experian one of the worst (0)

Anonymous Coward | 1 year,1 day | (#45190575)

you gotta get on a phone and do an old school call

Good god - I haven't made one of those in about 5 minutes

Re:Experian one of the worst (1)

bob_super (3391281) | 1 year,1 day | (#45190661)

But you don't understand, it's charity.

If these kinds of inefficiencies didn't exist, the rest of the world would have a really hard time catching up to the US.
Charity is why went inventing boundless outsourcing, tax loopholes, credit scores, SUVs, TSA...

Correct Website (0)

Anonymous Coward | 1 year,1 day | (#45190677)

The correct website set up by law is annualcreditreport.com

I think most people mix up freecreditreport.com (and its crummy commercials back in the day) for the real thing. It's not free.

There is no charge, you get a free report from each agency once a year. It will bounce you to the three websites to identify you but never asks for credit card. Just name and SSN and some questions to verify you.

#irc.trolltalk.3om (-1)

Anonymous Coward | 1 year,1 day | (#45190325)

Usenet is 8oUghly They're gone Came show that FreeBSD

I'm Dead (3, Interesting)

Princeofcups (150855) | 1 year,1 day | (#45190453)

These are the same fuckers who insisted that I was dead because someone had mistyped a social security number. Therefore they rejected all credit requests (I was trying to get financing on a car) until I could prove that I was still alive. That's right. If they make a mistake, the victim, errr, customer, has to correct it.

We Need to move away from paper-based identity (0)

madhatter256 (443326) | 1 year,1 day | (#45190455)

WE need to switch to DNA-based identification, where computers can lift your DNA sample on the fly to confirm your identity rather than rely on a number and piece of paper that can be easily duplicated.

Re:We Need to move away from paper-based identity (0)

Anonymous Coward | 1 year,1 day | (#45190589)

Can't they just receive your DNA code and then sell it to Vietnamese hackers who will use your DNA to access all your accounts? You can't easily change your DNA if it is compromised.

Re:We Need to move away from paper-based identity (0)

Anonymous Coward | 1 year,1 day | (#45190659)

Because there are obviously no flaws in that. Such as identical twins, our inability to instantly and thoroughly sequence DNA, mosaicism (if the same isn't always from the same spot)...

And of course the immense privacy concerns of everyone having your DNA.

please sign this petition (0)

Anonymous Coward | 1 year,1 day | (#45190599)

This petition is to get the U.S. Consumer Financial Protection Bureau to bring criminal charges against Experian.

https://www.change.org/petitions/the-consumer-financial-protection-bureau-cfpb-bring-criminal-charges-against-experian

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?