Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Experian, Ford, and Identity Theft

michael posted more than 12 years ago | from the run-over-by-the-canyonero dept.

Privacy 193

corebreech writes "The mighty New York Times (I think they might want you to register) is reporting that hackers posing as Ford employees have managed to pilfer some 13,000 credit reports (Quality is Job 1.) Supposedly the info isn't restricted to merely credit card numbers, but rather includes such delectable delights as address, SSN, bank account info and creditworthiness. Glad I take the subway." The original story was from the Boston Globe.

cancel ×

193 comments

Sorry! There are no comments related to the filter you selected.

Experian this bitches (-1)

Strom Thurmond (R-SC (310866) | more than 12 years ago | (#3536163)

First FIST!


For great CLIT!

Re:Experian this bitches (-1)

TrollBridge (550878) | more than 12 years ago | (#3536333)

A fine FP sir! Though I don't know how good for the CLIT that fisting is.

fp beeyatch (-1, Troll)

Anonymous Coward | more than 12 years ago | (#3536167)

fp beeeeeeyotch!

Re:fp beeyatch (-1)

Yr0 (224662) | more than 12 years ago | (#3536196)

you. lose.
ha ha ha

Re:fp beeyatch (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3536210)

Wokka chikka Spang beeeyotch! [slashdot.org]

WINNER!

uhoh (1, Offtopic)

Graspee_Leemoor (302316) | more than 12 years ago | (#3536169)

I suppose there will be many flames pointing out that the word "crackers" should have been used instead- damn Jargon File noobs.

graspee

Sucky post (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3536226)

this post [slashdot.org] sucks. Hurry up and write it.

Cripes! (1)

FatAlb3rt (533682) | more than 12 years ago | (#3536176)

My payment is due tomorrow and I was planning on enrolling for electronic payment. Hmm, how much is next day air?

Re:Cripes! (1)

Exedore (223159) | more than 12 years ago | (#3536604)

Bah. Just mail it it in. Most creditors give you a few days grace period and/or require the envelope be postmarked on or before the due date

Even if they charge you a small late fee, it's likely to be less than next day air shipping charges

Login for NTY (2, Troll)

Anonymous Coward | more than 12 years ago | (#3536180)

Login to the New York Times website as:
billclinton

likescigars

No need to give them your email address!

I'd be happy... (4, Insightful)

jedrek (79264) | more than 12 years ago | (#3536184)

In the land of the great lawsuit, which is America at the turn of the millenium, I'd be more than happy to have Ford leak my info. In a flash I'd have a family member sell of my identity to someone (or have a good friend assume my identity) and rock my credit record for all it's worth.

Then I'd just sue Ford for lossing my info. They've already admited to doing it, so there's pretty much no burden of proof. Corporate neglegence should be pretty easy to prove.

That sound you hear is lawyers sharpening their claws.

Re:I'd be happy... (-1)

Yr0 (224662) | more than 12 years ago | (#3536360)

sploink.

Re:I'd be happy... (4, Interesting)

berzerke (319205) | more than 12 years ago | (#3536960)

Burden of proof isn't the problem. Damages are. In my case, Experian (gee, the same company mentioned in the article), has royally screwed up my report with incorrect info. I did everything proper to try and get them to correct it. They flattly refused. I went to a lawyer specializing in these matters. He told that while I did have a strong case, suing would be a bad idea. Unless I could prove damages, I wouldn't even recover my attorney fees, let alone be compensated. You have to sue in federal court BTW. Expensive.

Best Quote (1)

YanceyAI (192279) | more than 12 years ago | (#3536186)

From Mr. Girard, Experian spokesman: "It just shows that today, even big companies can be victimized," he said. "it's a never-ending struggle against the bad guys."

I don't even know where to begin with that one.

Re:Best Quote (1)

chrisos (186835) | more than 12 years ago | (#3536244)

As someone who has been credit black listed in the UK (for the offence of letting a mobile phone company know that someone was using my address to sucker them, i.e. I was being the good guy).

And then having to fire fight the unholy amount of shit that Experian et al caused me, over a period of months I have to wonder, what their definition of a bad guy is.

As businesses go, these guys are really (, really, really) one sided, they sell information electronically about me for sod all to all and sundry (in the blink of an eye), but when they get it wrong, I can only contact them by snail mail, they take an age to fix the problem, and the problem is expected to "percolate" to their customers as they get their monthly/quarterly/half-goddam-yearly updates. They keep no record of who has the latest version of your information and see no obligation upon themselves to supply corrections to those that have bad data.

In effect they wipe their hands of all responsibility, for propagating a lie about you!

Sorry, rant over :)

Does my anger come through here?

Re:Best Quote (1)

YanceyAI (192279) | more than 12 years ago | (#3536336)

Yes. I guess my point is that consumer rating companies are pointing the finger, but it's their system that allows consumers to be exploited. They are casting Ford as a victim here, and Ford had the insecure information. Not to mention Ford's host of other general business practices that make me queasy. Let's not forget the tires on those SUV's that killed hundreds. This guy has a really twisted idea of victimization.

Re:Best Quote (0)

Anonymous Coward | more than 12 years ago | (#3536721)

While we are on the subject of evil practices, what about the general trend of lobbying the US goverment to hold off on emmission / efficiency regulation so they can make bigger, smellier, more environment-theatening vehicles. Kyoto be damnned!

Might be nice if faulty tires destroyed all SUVs in one fell swoop, leaving the world a cleaner, more efficient place!

Re:Best Quote (2, Insightful)

Steve Franklin (142698) | more than 12 years ago | (#3536378)

You might want to start with the fact that it took these guys 10 months just to figure out they had a problem and another 2 months to get around to telling anybody about it. Then you might go on to point out that anybody who lets anyone automatically deduct money from their credit account needs to have their head examined. And you might conclude with a suggestion that companies that put their customers at risk shouldn't have to be sued by those customers to receive satisfaction. They should automatically be held responsible for their lapses.

This all comes down to something I've been painfully aware of for most of my life, though it doesn't seem to be terribly obvious to those who need to recognize it. Which is the very essence of the problem itself: The guys at the top don't know what's going on at the bottom. They have their little meetings where they talk to the guys just under them in the corporate hierachy who in turn have had their little meetings with the folks under them and so on and so forth until you get to the bottom where the first line supervisors are more concerned with protecting their own butts than communicating anything of importance to their own supervisors. The former head of the company where I work once called this an "inversion layer," implying that there was some particular point where communications break down. This is how it looks, but it's not how it is. The lack of communications results from the fact that each individual level of organization in a company is not totally transparent to the level above it. It is simply the accumulation of many layers of less than complete transparency that results in the appearance of this mythical inversion layer. The real problem is too many levels of management and more precisely the whole multi-layered managerial system itself, where the guys at the top really don't won't to "dirty their hands" looking at anything more than one level below them. Not only is it impossible for them to know what's happening using the current organizational model, they don't really want to do anything that would allow them to know.

If they did know, they would have to take responsibility. And nobody sitting behind an expensive desk making obscene amounts of money for having little meetings about his "vision" of the future wants to have to worry about being responsible.

Re:Best Quote (1)

doctrbl (306815) | more than 12 years ago | (#3536735)

What model do you suggest to replace the "multi-layered managerial system"? At large companies like Ford, I think that it's not a question of not wanting to dirty one's hands, but how does a CEO run a company with a few hundred thousand employees in a flat managerial hierarchy? Those management levels are in place not because he doesn't want to get in the "trenches", but because there aren't enough hours in the day.

A CEO (or whatever you call the top person) must trust the lower level managers; the alternatives are micromanagement of each tier, or fire all managers and have EVERYONE report directly to the top person.

Now, highly paid executives probably DON'T want to get their hands dirty, but that doesn't mean they are shirking responsibility. Again, flatter hierarchies can work, depending on the size of the corporation, but what do you do for the really huge ones?

quick fix for Ford (0)

trollercoaster (250101) | more than 12 years ago | (#3536206)


Use Linux!

-1 Redundant (1)

gazbo (517111) | more than 12 years ago | (#3536384)

-1 Redundant

Next time make it more original in some way. I suggest adding an hilarious joke about Microsoft (I mean Micro$oft w00t! ROFLOLOLOL).

so... they should learn from motorola (1)

tcmardoc (556771) | more than 12 years ago | (#3536208)

ahhhh... kevin.

What? (1, Funny)

Arminius (84868) | more than 12 years ago | (#3536220)

Ford do something wrong?

BTW, i have a nice set of Firestone tires that came new on my Explorer to sell.

He got it wrong (5, Insightful)

tshoppa (513863) | more than 12 years ago | (#3536221)

From the NYT:
It just shows that today, even big companies can be victimized
No, it shows that every once in a while that the big companies will publicize that their security has been compromised. Of course, we all know that for every such case that makes the New York Times, there are thousands where they don't. And for every one of those, there are ten where the news of the security breach never leaves the company. And for every one of those there are probably a hundred where nobody at the company knows that they have gaping security holes.

Re:He got it wrong (2, Funny)

bob_jordan (39836) | more than 12 years ago | (#3537019)

Mr. Girard, the Experian spokesman, said ... "It just shows that today, even big companies can be victimized," he said. "it's a never-ending struggle against the bad guys."
___

A never-ending struggle? Think about it. It seems that Ford and Experian have an agreement so that Ford can get credit information from Experian. The only thing needed is this security ID. A "never-ending struggle" seems to suggest it took them some time for Experian to come up with this system. How did it used to work?

Ring Ring.

Experian: "Hello Experian Credit Inquiry Line, whose personal details would you like?"

Caller: "Err, I didn't say who I worked for yet."

Experian: "Sorry what company are you calling from?"

Caller: "Ford"

Experian: "Whose personal details would you like?"

Caller "Err, don't you want me to prove I work for Ford?"

Experian: "Who would pretend they worked for Ford?"

The mind boggles!!!

Bob.

Re:He got it wrong (2, Funny)

Flarg! (265195) | more than 12 years ago | (#3537023)

Hey... Are you talking about Microsoft? No discussing the security holes, dammit! We'll be secure if nobody finds out about them!

Just In Case... (5, Informative)

LISNews (150412) | more than 12 years ago | (#3536227)

www.ftc.gov/bcp/conline/pubs/credit/fcra.htm [ftc.gov] here's an FTC FAQ on credit reports.
Experian [experian.com] , Transunion [transunion.com] and Equifax [equifax.com] are the big 3 for reports.

Re:Just In Case... (0)

Anonymous Coward | more than 12 years ago | (#3536422)


Hi Blake, congratulations on not double-posting this information like you did here [metafilter.com] .

Now that's customer service N O T (4, Informative)

maharg (182366) | more than 12 years ago | (#3536228)

From the original Boston Globe story (couldn't be bothered to register at NYT) :

Van Leeuwen of Ford said he thought the company had done everything it could to help the individuals affected by the security breach, and didn't plan to offer them any financial assistance.

Surely Ford have broken some law here ? In the U.K. there is something called the Data Protection Act, c'mon the U.S. has got to have some equivalent legislation.. They're not blaming it on hackers, they admit they don't know how the access code or whatever was taken !

Law?? *WHAT* law? (3, Interesting)

darkonc (47285) | more than 12 years ago | (#3536522)

I don't think that Ford did anything illegal. If anybody did anything illegal it would be the credit reporting companies that allow any company or group with enough money to generate identity theft kits with just a victim^w customer's home address.

Re:Now that's customer service N O T (1)

Xugumad (39311) | more than 12 years ago | (#3536594)

Nope, the data protection act has no US equivalent. Are you feeling ressured?



Basically, for those of you in the US, the data protection act, amongst other things, means you have to be careful with people's data. If you're not, they can revoke your license to hold personal data on people, very effectively killing off most
businesses.

Re:Now that's customer service N O T (1)

tburkhol (121842) | more than 12 years ago | (#3536651)

Surely Ford have broken some law here?

Well, it's not clearn that it's Ford's problem. Sounds like some group managed essentially to get hold of Ford's password to the Experian database.

They didn't just crack Ford owners (5, Insightful)

awharnly (183017) | more than 12 years ago | (#3536233)

Read the article again. They didn't just steal the personal financial information of Ford owners.

Only 400 of the 13,000 victims were customers of Ford Credit, he said.

They just pretended to be Ford so that they could access the credit reports of thousands of people. Subway-riders included.

Re:They didn't just crack Ford owners (2)

GMontag (42283) | more than 12 years ago | (#3536307)

Glad someone go to that distinction before I popped off. FMC lends to almost anybody.

Glad I drive a hydrogen powered Jeep ;-) and loan was through Chrysler Credit.

Oh wait! They probably had the same breach but did not report it! Crap! Third thought, good thing my credit is already worthless and nobody would get very far stealing it!

Re:They didn't just crack Ford owners (0)

Anonymous Coward | more than 12 years ago | (#3536338)

Experian has credit data on damn near everyone who's ever bought anything on credit, regardless of who gave them that credit. Nobody is safe. But, like you, bad credit is my best defense.

Re:They didn't just crack Ford owners (2)

kzinti (9651) | more than 12 years ago | (#3536416)

Glad someone go to that distinction before I popped off. FMC lends to almost anybody.

Even if they did make loans just for Ford cars and trucks, you wouldn't have to be a Ford customer, just a potential customer, for the inquiry to appear valid. Taking the subway doesn't shield you from this kind of fraud.

--Jim

Thank god i dont have credit (0)

Anonymous Coward | more than 12 years ago | (#3536625)

They can steal all my student loans. That will be -40,000 dollars sir.

Ford (The Associates) Security (4, Informative)

z_gringo (452163) | more than 12 years ago | (#3536238)

The group that handles most of the credit processing for Ford Motor Company is The Associates [theassociates.com] . At least it was a few years ago. They were recently purchased by Citigroup. They also do home loans etc, and incidentally, are having some controversy regarding discrimination in loan practices (redlining). At any rate, security there was never what it should have been. There were quite a few systems around the various building where anyone could just walk up and access that kind of information. You could cross-reference by address also, or last name. What was worse, you didn't need a password, because it was embedded in the software. Some of my co-workers would occasionally run reports for their family and friends. All in all, I can't say I'm too surprised by this.

Come on, Where's my no-login link, Karma Whores? (1)

rschwa (89030) | more than 12 years ago | (#3536256)

Come on, Where's my no-login link, Karma Whores?

Re:Come on, Where's my no-login link, Karma Whores (1, Informative)

Anonymous Coward | more than 12 years ago | (#3536274)

I got your link, right HERE! [majcher.com]

Re:Come on, Where's my no-login link, Karma Whores (0)

Anonymous Coward | more than 12 years ago | (#3536790)

You didn't really help him out, because you aren't karma whoring if you're an AC.

Guarding / checking against Identity Theft (5, Informative)

Seth Finkelstein (90154) | more than 12 years ago | (#3536264)

This isn't in the NYT or Boston Globe articles, but it's good info from another story on the theft [yahoo.com] :

Experts urge consumers to check their credit file once a year. Call Experian at (888) 397-3742 for a credit report, and review it for an unauthorized inquiries.

Also, contact the remaining two credit bureaus, Equifax at (800) 685-1111 and Trans Union at (800) 916-8800.

Ford Credit said that it has reinforced the security of their credit inquiry access process to prevent future occurrences.

To contact Ford Credit with questions, call (888) 838-8176 between the hours of 7 a.m. and 8 p.m. CDT, Monday through Saturday.

Sig: What Happened To The Censorware Project (censorware.org) [sethf.com]

The bad news though, (5, Insightful)

w.p.richardson (218394) | more than 12 years ago | (#3536306)

If you can't document that you have been a victim of identity theft (or a similar type of crime), then you have to shell out about $10 per report. Thats $30 per year, simply to make sure someone isn't screwing you over. This seems ridiculous to me.

These credit bureaus have too much centralized data on citizens. They are a one stop shop for crooks, be they crackers or whatever.

Re:The bad news though, (4, Informative)

tweek (18111) | more than 12 years ago | (#3536403)

Actually some states have laws requiring the credit report companies to give out a certain number of free reports a year. In Georgia (where I live) I get up to two free reports a year. Also, if you've been denied credit or employment based on information from your credit report, you are entitled to a free copy of the report from the reporting company the card provider/employer used.

As to your second point, I agree completely. At one point, Equifax was trying to gain control of medical records for people to link with the existing stuff. I'm not a fan of big government but Equifax,Transunion and Experian need to have STRICT government regulation because of the impact the information they carry can have on an individuals life. Forget that stupid cracker shit in "The Net". All it takes is a fucked up keystroke and you can't even rent an apartment.

The biggest piece of legislation I would love to see is this: Private companies are forbidden to use SSN's as customer identifiers. How fucking hard is it for a company to generate a random account number?

Re:The bad news though, (2)

hymie3 (187934) | more than 12 years ago | (#3536695)

The biggest piece of legislation I would love to see is this: Private companies are forbidden to use SSN's as customer identifiers. How fucking hard is it for a company to generate a random account number?

You do have a choice: don't provide the SSN. Businesses are free to ask for you SSN. Unless there is a compelling reason (financial transaction with a bank, safety of the President is at stake, or access to government confidential information), you don't have to provide it.

Granted, the business can say "sorry, we don't want to do business with you" but I've only had two places (an apartment complex, and Verizon, when I tried to cancel my service with them after they bought Powertel even though I had a document which said that would not be considered a valid form of identification. Bastards.) absolutely refuse to do business with me.

If you have alternate forms of identification, they're almost always more than willing to do business with you.

Don't give out your SSN? What planet are you on? (0)

Anonymous Coward | more than 12 years ago | (#3536867)

You do have a choice: don't provide the SSN

What planet are you on?

Re:The bad news though, (1)

tweek (18111) | more than 12 years ago | (#3537020)

Oh I'm perfectly aware of that I don't have to provide an SSN. It comes down to, as you said, not doing business with them. Financial institutions and the government are the only people who can require it from what I understand.

There are some really interesting stories online about people getting by without an SSN.

The most famous of which is Neil McIver's story [cjmciver.org] . I think Neil does it for more religious reasons. Mine are purely privacy related. The funny thing is that on the back of your SS card it says that you are responsible for any usage of your SSN. It's hard to be responsible when it's required by everyone under the sun. That's really why I want a definate law on the whole thing. If we are expected and held liable for what happens to our card and number, then we need to be able to do business and function without it.

As a side note, it was voicestream that bought PowerTel. I know because they fucked up the transfer of my powertel account over to VoiceStream. ;)

As to everyone who says you can't get anything without giving out your number, give it a shot sometime. If you are applying for utilities or whatnot, ask to tell the person you are speaking with if it's required. When they tell you it is, ask to speak to a manager. The typical customer (no)service people won't know any better since they work from a computer screen and script but a manager can settle the matter once and for all.

Whatever... (0)

Anonymous Coward | more than 12 years ago | (#3536352)

Ford doesn't even know how it happened, so forgive me if I have little faith in their "reinforced security."

national ID card (5, Funny)

kipple (244681) | more than 12 years ago | (#3536275)

I'm sure that if there was a national ID card system they would have been caught immediately.

Identity theft insurance (3, Insightful)

mister sticky (301125) | more than 12 years ago | (#3536299)

Van Leeuwen of Ford said he thought the company had done everything it could to help the individuals affected by the security breach, and didn't plan to offer them any financial assistance.

Clearing up the mess created by identity theft can take significant time and money. Victims often lose access to credit. Some end up in jail. Several insurance companies now sell coverage offering financial and legal protection in such cases.

It seems to make sense (well, to me at least) that the corporations charged with the information of your identity should be forced to have this identity insurance. Sure people could get it, so if they gave up their identities by accident (people going through their trash) they would be covered.
However, corporations like Ford saying "oops, sorry! but i'm not paying for our mistake" is unacceptable. They should be required by law to have identity theft insurance, and reimburse those who's identity has been stolen through the identity insurance.

we knew this already, but... (2, Offtopic)

warpSpeed (67927) | more than 12 years ago | (#3536302)

Ford Really Sucks [fordreallysucks.com]

Ford = (0)

Anonymous Coward | more than 12 years ago | (#3536303)

Ford = Found on Road Dead, or, Fix or Repair Daily...

i sure am glad i drive a Chevrolet...

Re:Ford = (0)

ogar572 (531320) | more than 12 years ago | (#3536754)

Actually its a F*cked Over Rebuilt Dodge

Ford's Fault? (2)

blazerw11 (68928) | more than 12 years ago | (#3536314)

Blaming Ford is like being accused of murder when somebody steals your credit card, buys a gun with it and kills somebody else.

Re:Ford's Fault? (1)

div_2n (525075) | more than 12 years ago | (#3536612)

Bad association.

If you want to use a gun analogy, it is more like storing your gun in a bank vault and the bank allowing somone posing as an employee to steal the gun, shooting someone and framing your for the crime.

Ford had information that was their duty to protect. They failed to protect it. Not really that complicated of an issue.

Re:Ford's Fault? (1)

teamhasnoi (554944) | more than 12 years ago | (#3536627)

Blaming Ford is like being accused of murder when somebody steals your credit card and your credit card is in this room that is locked with a combination lock and your mom posts the combo on the fridge, and the cable guy comes over and sees it , buys a gun with it and all the bullets from the gun have your name, address, phone number, social security number, date of birth, current pay rate, address of workplace, present and past debts, spouse's name, number of kids, and length of your johnson engraved on every single one. and kills somebody else. And even when the cable guy is caught, the gun is never recovered, since unlimited copies of this gun are floating around waiting to be used by any other cable guy.

So I can see how you wouldn't want to blame Ford. It can't be their fault. This must have happened when they were making exploding cars, or covering up a tire saftey issue on the Ford Exploder. Sure.

Re:Ford's Fault? (0)

Ramuh (153125) | more than 12 years ago | (#3537014)

I disagree. The critical difference being that, when you give Ford your personal information "all information you provide is used to improve the services offered by Ford Motor Company" [ford.com] (though, I might add, their privacy statement doesn't really say much of anything). It was Ford's responsability to protect their customer's private information, and they failed. They are every bit to blame for their lack of security.

no SSN (2, Insightful)

RealisticWeb.com (557454) | more than 12 years ago | (#3536317)

This is exactly why I hate the way so many companies require you give them so much personal info. I can understand why a car dealer would need it, but what about Blockbuster who wants you to give your SSN to some pimple faced teenager behind the counter. I don't think so.

Re:no SSN (1)

Hector (3031) | more than 12 years ago | (#3536583)

This is waaay off topic, but just so you know. You do not have to give blockbuster your social security number. They ask for it but you don't have to give it to them and they will still give you a card. I know because I asked. A lot of places are like this, they may ask for ss# but your not required to give it to them

Re:no SSN (1)

RealisticWeb.com (557454) | more than 12 years ago | (#3536730)

Unfortunatly that may be the company policy, but it seems like either many of the pimple faced video lackys don't know about this, or they are too lazy to do it another way. I have a friend who spent a consideralble amount of time in Blockbuster arguing about the SSN thing, and they refused to give him one with out it. The same thing happenes at the University that I went to. They used SSN numbers as student ID's and default passwords. You would always hear that you didn't have to, and that they would take another 9 digit number, but when I asked the minimum wage help desk lady, she was adament about how there isn't any other way. Does this happen to anyone else? Is this out of ignorance or lazyness?

Credit card (0)

Anonymous Coward | more than 12 years ago | (#3536831)

Credit card: a piece of plastic for which you can substitute for money you don't have.

Just goes to show (1, Redundant)

gillbates (106458) | more than 12 years ago | (#3536325)

That it is dangerous to give any personal information to a company, regardless of their privacy policy...

The unfortunate reality of the information age is that information is power - though you may not realize it, giving out personal information, no matter how well-intentioned the recipient is, can have adverse side effects. Systems get hacked; judges can order spyware to track users; businesses can be bought and sold. Worse, we live in a society in which someone's creditworthiness, that is, their ability to get loans, and even find work, is very much dependent on the accuracy of a credit reporting company's data; a simple keystroke error or a bug in a computer program could literally put an otherwise good employee out on the street.

Oh, and one last thing - never give anyone your social security number. Or your mother's maiden name.

Re:Just goes to show (3, Funny)

peddrenth (575761) | more than 12 years ago | (#3536388)

"Oh, and one last thing - never give anyone your social security number. Or your mother's maiden name
"


Are they not necessary to open a bank account in america? or to get a credit card? or a hotel room or a train ticket? or to file a tax return on the internet?

I can't wait to see the governments' look of surprise when people start using cash again for serious things. "Airline ticket by cash? Right, bodily-search for you, boy. We'll not have anyone who doesn't trust the Credit Corporation"

Re:Just goes to show (1)

eric6 (126341) | more than 12 years ago | (#3536398)

do you mean don't give your SSN to anybody/company/form/request, etc, or to people on the street? Mother's maiden name doesn't get asked as often, but as a college student, my Student ID (=SSN for most) is my only tie to the entire system (Registrar, Bursar, Financial Aid, every facility, etc.).


Not giving out personal info is great, and should be done when possible (I should have asked for a unique Student ID, like i did for my driver's license), but very often it's highly, highly inconvenient, and a person would miss out on things by sticking to it. For the vast majority of people, the [fairly] small risk of identity theft is worth the convenience (which sounds like the way the gen public feel about most security issues).

Re:Just goes to show (4, Insightful)

sphealey (2855) | more than 12 years ago | (#3536446)

Oh, and one last thing - never give anyone your social security number. Or your mother's maiden name.
Social Security Numbers are public records. They are not, and never were intended to be, secret. If any organization builds a system which depends on keeping the SSN "secret" for security, it is incompetent (and possibly criminally neglegant), but if you depend on your SSN being secret for anything you are being foolish.

Mother's maiden names are similarly public records. In practice they have been harder to track down in the past, but wiht various records including those of the Mormon church coming on-line that information is not fully accessible as well. See first paragraph for implications.

sPh

SSN intentions and uses (2)

Blue23 (197186) | more than 12 years ago | (#3536663)

Social Security Numbers are public records. They are not, and never were intended to be, secret.

What they may have been intended for, and what innumerable private companies use them for, may not be the same thing.

SSNs seem to be the stock in trade as unique IDs. I know my old bank's automated phone service would ID you with a) your account number (found on any check you've every given out), your SSN, and a private pin which defaulted to the last four of your SSN. With that you could do just about anything, including transfer funds.

Did I mention that is was my OLD bank. 8) It also took them about a year and a half to catch on that someone else was writing and signing my checks, but that's wandering off topic. (It was my wife, so I knew about it, otherwise I would of caught it.)

Because it's a ready made unique identifier, that people will most likely remember, businesses love to use it. I think that you don't have to give it our if it doesn't involves taxes (like interest bearing accounts, jobs, etc), but that doesn't stop companies from asking you - you need to police it, they will try and get away with as much as they can.

It seems pitifully simple to steal an identity today.

=Blue (23)

Re:Just goes to show (1)

great throwdini (118430) | more than 12 years ago | (#3536460)

Oh, and one last thing - never give anyone your social security number.

Guess it's too late for me, then. A number of emplyers have had possession of my social security number at one point or another, as have any number of lenders (student loans). It's a little difficult to keep your SSN from everyone. There's no reason to consider HR-types or loan processors beyond the likelihood of turning to the dark side and misusing the data to which they have access. Not as a rule, just possibly, mind you. So, what, I'm screwed for participating in payroll taxes and funding my education? :P

The FBI wants to prosecute the wrong people! (3, Interesting)

newerbob (577746) | more than 12 years ago | (#3536326)

Mr. Girard, the Experian spokesman, said the company would work with the F.B.I. to catch and prosecute the intruders

While the "crackers" (who did nothing more than use a leaked password), should be held accountable, so should FORD and its executives

I hope each and every victim files a separate multi-million dollar lawsuit. I'd bet that juries would be very sympathetic to these cases.

Re:The FBI wants to prosecute the wrong people! (2, Insightful)

jbroon (147984) | more than 12 years ago | (#3536410)

While I agree with the idea that Ford should be held accountable (or at least an audit of their security), I think the phrase "did nothing more than use a leaked password" is a bit of an understatement.

he takes the subway (-1, Flamebait)

Anonymous Coward | more than 12 years ago | (#3536349)

No michael, you take the subway cuz you can masturbate under yer newspaper and also cuz yer scummy ass can't afford a car :D

Ford credit report (1, Interesting)

Anonymous Coward | more than 12 years ago | (#3536358)

FYI,
Ford uses employees social security number as employee numbers. This means every time I go visit any type of doctor. get prescription drugs, register for classes, etc. I have to give out my social security number.

With that said, I do not believe Ford is very concern about giving out peoples
social security number.

Gotta think up a new acronym (4, Funny)

dscottj (115643) | more than 12 years ago | (#3536376)

It used to be:

Found On Roadside, Dead

Now I guess it has to be:

Fumble Our Records, Daily
Freak Out, Records Damaged!
Find Our Reports, Dammit!
Faked Our Reliability Data

Ah well. Never reply when hungover.

Re:Gotta think up a new acronym (1)

tweek (18111) | more than 12 years ago | (#3536413)

My favorite was:

Fix or repair daily

hehehe

(disclaimer: proud owner of a 2001 Ford Focus)

Re:Gotta think up a new acronym (0)

Anonymous Coward | more than 12 years ago | (#3536783)

Iewwwww you own a Focus?

identity theft" ? (0)

cockroach2 (117475) | more than 12 years ago | (#3536383)

as non-us citizen i wonder how anyone can steal your identity. is this another symptom of not having a national id card? i mean, over here you need your id card whenever you open a bank account, when you get your drivers licence (or any other legal document) and, well, actually whenever you do ANYTHING 'critical'... inform me, please! is it enough to know someone's personal details to steal his identity in the u.s.?

Re:identity theft" ? (-1)

l33t j03 (222209) | more than 12 years ago | (#3536395)

I don't see what prevents someone from stealing your National ID Card and thus your entire identity. If anything, your card makes it easier for identity theft to occur.

This is why I have always lobbied that we use some kind of biometric signature, like an eye scan, or a thumbprint, or a voice map, or something. Even a tattoo would work fine, a bar code or something.

Re:identity theft" ? (0)

cockroach2 (117475) | more than 12 years ago | (#3536464)

you're sort of right (that thought just passed my mind after posting). biometric information on the card would be good idea, especially eye scans which are rather tough to fake. the current "you should look sort of like the photograph on your card" method isn't really great, but it might prevent the 2 meter 150 kg guy from stealing your identity. this is probably why my banks usually want both, my id card AND personal information whenever i don't have my customer card handy.

however, every kind of id card has one BIG benefit - you'll notice when they get stolen and you can inform the police and your banks, so, i think, when something 'happens' you should be more or less out of responsibility.

Re:identity theft" ? (-1)

l33t j03 (222209) | more than 12 years ago | (#3536761)

Now that I think about it, I'd rather have a tattoo. A bar code on my arm or somewhere else out of sight, but could be displayed whenever it was necessary.

Text of Article (-5, Redundant) (3, Informative)

erpbridge (64037) | more than 12 years ago | (#3536399)

Text of Article below, for those without accounts:

Hackers posing as employees of the Ford Motor Credit Company have in recent months harvested a trove of 13,000 credit reports -- a virtual one-stop shop for fraud and identity theft -- with data on consumers in affluent neighborhoods across the country.

The company said in a letter to the victims that computer intruders used an authorization code from Ford Credit to get the credit reports from Experian, one of three major reporting agencies.

Advertisement

"I've never seen anything of this size," a spokesman for Experian, Donald Girard, said. "Privacy is the hallmark of our business. We're extraordinarily concerned about the privacy issue here, and the trust factor."

The inquiries gave the intruders access to each victim's personal and financial information, including address, Social Security number, bank and credit card accounts and ratings of creditworthiness, which can be used to identify the best targets.

"This is not just a credit card number; this is the whole kazoo," said Richard Power, the editorial director for the Computer Security Institute, an industry trade group. A criminal could use the data to make credit card charges or even open bank and credit card accounts in the victim's name.

Thefts of credit records, Mr. Power said, are far more common than is reported. "The unique thing about this one," he said, "is that it has surfaced." The theft was first reported yesterday by The Boston Globe and The Detroit News.

Statistics on identity theft are hard to come by, with estimates ranging as high as 700,000 cases a year. Betsy Broder, the assistant director for planning and information of the Federal Trade Commission, said the commission received 86,000 complaints of identity theft last year.

Representatives of Ford Credit said they did not know how the hackers acquired the code, which was used by the company's office in Grand Rapids, Mich. The intruders focused on addresses in affluent neighborhoods, often in numeric sequence, said Rich Van Leeuwen, executive vice president at Ford Credit.

The company said it had sent letters via certified mail to all 13,000 people, urging them to contact Experian and the two other credit reporting giants, Equifax and TransUnion, and to report any evidence of abuse to the F.B.I.

The company has also worked with Experian to set up a phone line to let victims get their credit reports and help them resolve discrepancies.

Neither Ford Credit nor Experian has determined how many people have reported fraudulent charges or other problems. Mr. Girard said that Experian had received 2,700 calls since the letters started going out this month. Although the unauthorized inquiries began in April 2001, Ford first heard about the problem in February, Mr. Van Leeuwen said. Only 400 of the 13,000 victims were customers of Ford Credit, he said.

Dawn M. Clenney, a special agent at the F.B.I. office in Detroit, said that she could not comment, except to say, "We're on the case."

Mr. Girard, the Experian spokesman, said the company would work with the F.B.I. to catch and prosecute the intruders. "It just shows that today, even big companies can be victimized," he said. "it's a never-ending struggle against the bad guys."

Why is this -5? Some asshole modgeek strikes again (0)

Anonymous Coward | more than 12 years ago | (#3536671)

Miracles will never cease.

Trash Talk (2, Redundant)

CaptainZapp (182233) | more than 12 years ago | (#3536456)

Gawd, how I really hat those smooth corporate jaspers, talking in press releases. Now this one is really a gem:

Mr. Girard, the Experian spokesman, said the company would work with the F.B.I. to catch and prosecute the intruders. "It just shows that today, even big companies can be victimized," he said. "it's a never-ending struggle against the bad guys."

Look mate, if anybody is victimized here it's those 13000 er! customers while you guys obviously didn't protect their data adequately.

No need to thank me

corporate identity theft (4, Informative)

darkonc (47285) | more than 12 years ago | (#3536493)

When these people got Ford's 'access codes' they essentially got their ID within the credit bureau. The credit bureaus trusted that Ford was 'honest' with their credit requests -- not asking for any sort of proof that the people for whom the credit reports were being requested had given their assent to have that data released.

As a result. these script kiddies^w^w^w Ford was able to get identity theft kits on a truckload of (mostly) rich people just based on their home addresses.

If anything is going to put a big "oomph" behind online privacy initiatives in the states, I think that this may be it.

these are NOT hackers! (3, Informative)

Quixote (154172) | more than 12 years ago | (#3536584)

is reporting that hackers posing as Ford employees

Repeat after me: this is not hacking.
Repeat after me: this is not hacking.
Repeat after me: this is not hacking.

This kind of activity is cracking, theft, robbery, a crime; but it is most definitely not hacking.

Re:these are NOT hackers! (2, Insightful)

Waffle Iron (339739) | more than 12 years ago | (#3536851)

If everyone calls it hacking, it's hacking by definition. Just like the vast majority of commonly used words, this word has multiple definitions. Deal with it.

Re:these are NOT hackers! (0)

Anonymous Coward | more than 12 years ago | (#3536880)

Shut the hell up!
we already knew that you whiney bitch!

Quality (2, Funny)

auroran (10711) | more than 12 years ago | (#3536600)

Looks like although quality is job 1, Security is job 3.74rc3 :)

Seriously though a big company has more to worry about from people you thought were employees than from any computer system breach.

Full Text for those that don't want to register (1)

stalbott972 (569919) | more than 12 years ago | (#3536613)

13,000 Credit Reports Stolen by Hackers By JOHN SCHWARTZ ackers posing as employees of the Ford Motor Credit Company have in recent months harvested a trove of 13,000 credit reports -- a virtual one-stop shop for fraud and identity theft -- with data on consumers in affluent neighborhoods across the country. The company said in a letter to the victims that computer intruders used an authorization code from Ford Credit to get the credit reports from Experian, one of three major reporting agencies. "I've never seen anything of this size," a spokesman for Experian, Donald Girard, said. "Privacy is the hallmark of our business. We're extraordinarily concerned about the privacy issue here, and the trust factor." The inquiries gave the intruders access to each victim's personal and financial information, including address, Social Security number, bank and credit card accounts and ratings of creditworthiness, which can be used to identify the best targets. "This is not just a credit card number; this is the whole kazoo," said Richard Power, the editorial director for the Computer Security Institute, an industry trade group. A criminal could use the data to make credit card charges or even open bank and credit card accounts in the victim's name. Thefts of credit records, Mr. Power said, are far more common than is reported. "The unique thing about this one," he said, "is that it has surfaced." The theft was first reported yesterday by The Boston Globe and The Detroit News. Statistics on identity theft are hard to come by, with estimates ranging as high as 700,000 cases a year. Betsy Broder, the assistant director for planning and information of the Federal Trade Commission, said the commission received 86,000 complaints of identity theft last year. Representatives of Ford Credit said they did not know how the hackers acquired the code, which was used by the company's office in Grand Rapids, Mich. The intruders focused on addresses in affluent neighborhoods, often in numeric sequence, said Rich Van Leeuwen, executive vice president at Ford Credit. The company said it had sent letters via certified mail to all 13,000 people, urging them to contact Experian and the two other credit reporting giants, Equifax and TransUnion, and to report any evidence of abuse to the F.B.I. The company has also worked with Experian to set up a phone line to let victims get their credit reports and help them resolve discrepancies. Neither Ford Credit nor Experian has determined how many people have reported fraudulent charges or other problems. Mr. Girard said that Experian had received 2,700 calls since the letters started going out this month. Although the unauthorized inquiries began in April 2001, Ford first heard about the problem in February, Mr. Van Leeuwen said. Only 400 of the 13,000 victims were customers of Ford Credit, he said. Dawn M. Clenney, a special agent at the F.B.I. office in Detroit, said that she could not comment, except to say, "We're on the case." Mr. Girard, the Experian spokesman, said the company would work with the F.B.I. to catch and prosecute the intruders. "It just shows that today, even big companies can be victimized," he said. "it's a never-ending struggle against the bad guys."

It's CRACKERS, shit for brains (0)

Anonymous Coward | more than 12 years ago | (#3536657)

Hackers build. Crackers destroy.

Hackers (1)

3ryon (415000) | more than 12 years ago | (#3536660)

The mighty New York Times (I think they might want you to register) is reporting that hackers posing as Ford employees...

Some people will argue loudly that the press should understand the difference between Hackers and Crackers. Be careful of these people, as they are the worst Crackers of them all. :>

pgp and plain ftp (0)

Anonymous Coward | more than 12 years ago | (#3536673)

Experian's method for companies to send in credit report applications is to mearly do a PGP encryption of the credit report and then ftp it to their servers. They then ftp a file back to your servers with the report.

Talk about high security.

I've been waiting to hear about them being hacked ever since I found out how they handle running credit reports for other companies

big deal (2)

Lumpy (12016) | more than 12 years ago | (#3536691)

ANYONE can get a credit report on anyone else. you just have to pay for it... Credit reporting companies are not secure by any means and their database is regulary full of gross inaccuracies. On average your credit report is only 50% accurate.. this is figured from across the board and figured by the number of errors on people's credit reports.

It blows my mind that any company would take a credit report as anything but mild information that is suspect. It is really easy to wipe your credit report clean, and to seed it with "good credit reporting"... hell there are companies that will for $9.95 a month post a good payment history every month to your credit report (They report that they lent you $1000.00 and you are paying it on time and are a perfect client.... after 6 months pay them $19.95 to close the account and they report you paid it off and you are A+)

Credit reports are wildly inaccurate.. other than the SSN (of which I have 2 credit reports I found out.. they mis-typed my SSN once and attached it to my Drivers License number.. Again that entire credit history was deleted because the SSN was not mine.)

It happened to me (4, Informative)

angryrobot (223166) | more than 12 years ago | (#3536700)

I was the victim of ID theft. You do not want this to happen to you. Ever. It involves filing police reports, calling every company that showed up on your credit reports and providing all kinds of info to their fraud departments. It took me over a year and a half of phone calls, faxes and emails to straighten everything out. I'm still getting calls from creditors about unpaid credit cards and such that clearly aren't mine.

I think it's obvious that if the only thing between theives and your identity is your mom's maiden name, your address, and your SS number, that it's been made pretty freakin' easy for them.(Granted it's not quite that simple, but it's damn close)

One thing that struck me throughout the entire process of cleaning up my credit reports was that I was doing the cleaning up. Here are 3 companies that basically control whether you can ever buy a house, and when they screw up and allow someone to assume your identity using their services, it's the victim that's left picking up the pieces.

IMPORTANT - Opt out (5, Informative)

Permission Denied (551645) | more than 12 years ago | (#3536706)

(888) 567-8688

Call this telephone number. This number is maintained by the three credit reporting agencies and it allows you to "opt-out" of certain marketing games; basically, this means the three credit reporting agencies will no longer be allowed to give your credit report to marketers, but only to people with whom you actually have business.

Ford is a legitimate business; if you don't "opt-out," they can get a credit report on you. I opted out and I've never done business with Ford, so this story doesn't affect me.

Another nice thing about using this number to "opt-out": I no longer receive any junk mail. No more pre-approved credit cards, no more free offers, no more anything. I now look forward to checking my mail every day, as it only contains only bills and personal correspondence. I also say "put me on your do-not-call list" to telemarketers and I don't watch TV, so live in an almost completely ad-free world. It's a very nice world and I invite you in.

Re:IMPORTANT - Opt out (1)

teamhasnoi (554944) | more than 12 years ago | (#3536741)

...an almost completely ad-free world. It's a very nice world and I invite you in.

I think I'm going to have to Opt-out. Thanks though.

Re:IMPORTANT - Opt out (1, Insightful)

Anonymous Coward | more than 12 years ago | (#3536862)

How do I know this is not a social engeneering trick ?

:)

Can Open Source Help? (0)

Anonymous Coward | more than 12 years ago | (#3536734)

Two questions:

Are these private credit reporting firms subject to any regulatory strictures?

Can the open source community do anything to improve the security of *our* credit records?

Turnabout is fair play? (2, Funny)

mwood (25379) | more than 12 years ago | (#3536804)

"A criminal could use the data to ... open bank ... accounts in the victim's name."

Really? So, if I could find the account with my name on it, I could close it out and take the cash? Sounds like an item for News of the Weird's Least Competent Criminals category. :-)

Today on Slashdot... (1, Offtopic)

Grape Shasta (176655) | more than 12 years ago | (#3536916)

"Hackers stealing personal information from the databases of large companies! Read all about it at the web site of a large company (which first requires your personal information.)"

Anyone else think this is dumb? Please stop linking to NYTimes already! There's plenty of other places out there also carrying these stories.

Revised Ford Slogan (0)

Anonymous Coward | more than 12 years ago | (#3536972)

Quality is job 1.0!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?