Forgot your password?
typodupeerror
Privacy

Experian, Ford, and Identity Theft 193

Posted by michael
from the run-over-by-the-canyonero dept.
corebreech writes "The mighty New York Times (I think they might want you to register) is reporting that hackers posing as Ford employees have managed to pilfer some 13,000 credit reports (Quality is Job 1.) Supposedly the info isn't restricted to merely credit card numbers, but rather includes such delectable delights as address, SSN, bank account info and creditworthiness. Glad I take the subway." The original story was from the Boston Globe.
This discussion has been archived. No new comments can be posted.

Experian, Ford, and Identity Theft

Comments Filter:
  • I'd be happy... (Score:4, Insightful)

    by jedrek (79264) on Friday May 17, 2002 @08:10AM (#3536184) Homepage
    In the land of the great lawsuit, which is America at the turn of the millenium, I'd be more than happy to have Ford leak my info. In a flash I'd have a family member sell of my identity to someone (or have a good friend assume my identity) and rock my credit record for all it's worth.

    Then I'd just sue Ford for lossing my info. They've already admited to doing it, so there's pretty much no burden of proof. Corporate neglegence should be pretty easy to prove.

    That sound you hear is lawyers sharpening their claws.
  • He got it wrong (Score:5, Insightful)

    by tshoppa (513863) on Friday May 17, 2002 @08:20AM (#3536221)
    From the NYT:
    It just shows that today, even big companies can be victimized
    No, it shows that every once in a while that the big companies will publicize that their security has been compromised. Of course, we all know that for every such case that makes the New York Times, there are thousands where they don't. And for every one of those, there are ten where the news of the security breach never leaves the company. And for every one of those there are probably a hundred where nobody at the company knows that they have gaping security holes.
  • by awharnly (183017) on Friday May 17, 2002 @08:23AM (#3536233)

    Read the article again. They didn't just steal the personal financial information of Ford owners.

    Only 400 of the 13,000 victims were customers of Ford Credit, he said.

    They just pretended to be Ford so that they could access the credit reports of thousands of people. Subway-riders included.

  • by mister sticky (301125) on Friday May 17, 2002 @08:36AM (#3536299)
    Van Leeuwen of Ford said he thought the company had done everything it could to help the individuals affected by the security breach, and didn't plan to offer them any financial assistance.

    Clearing up the mess created by identity theft can take significant time and money. Victims often lose access to credit. Some end up in jail. Several insurance companies now sell coverage offering financial and legal protection in such cases.

    It seems to make sense (well, to me at least) that the corporations charged with the information of your identity should be forced to have this identity insurance. Sure people could get it, so if they gave up their identities by accident (people going through their trash) they would be covered.
    However, corporations like Ford saying "oops, sorry! but i'm not paying for our mistake" is unacceptable. They should be required by law to have identity theft insurance, and reimburse those who's identity has been stolen through the identity insurance.
  • by w.p.richardson (218394) on Friday May 17, 2002 @08:39AM (#3536306) Homepage
    If you can't document that you have been a victim of identity theft (or a similar type of crime), then you have to shell out about $10 per report. Thats $30 per year, simply to make sure someone isn't screwing you over. This seems ridiculous to me.

    These credit bureaus have too much centralized data on citizens. They are a one stop shop for crooks, be they crackers or whatever.

  • no SSN (Score:2, Insightful)

    by RealisticWeb.com (557454) on Friday May 17, 2002 @08:41AM (#3536317) Homepage
    This is exactly why I hate the way so many companies require you give them so much personal info. I can understand why a car dealer would need it, but what about Blockbuster who wants you to give your SSN to some pimple faced teenager behind the counter. I don't think so.
  • Re:Best Quote (Score:2, Insightful)

    by Steve Franklin (142698) on Friday May 17, 2002 @08:54AM (#3536378) Homepage Journal
    You might want to start with the fact that it took these guys 10 months just to figure out they had a problem and another 2 months to get around to telling anybody about it. Then you might go on to point out that anybody who lets anyone automatically deduct money from their credit account needs to have their head examined. And you might conclude with a suggestion that companies that put their customers at risk shouldn't have to be sued by those customers to receive satisfaction. They should automatically be held responsible for their lapses.

    This all comes down to something I've been painfully aware of for most of my life, though it doesn't seem to be terribly obvious to those who need to recognize it. Which is the very essence of the problem itself: The guys at the top don't know what's going on at the bottom. They have their little meetings where they talk to the guys just under them in the corporate hierachy who in turn have had their little meetings with the folks under them and so on and so forth until you get to the bottom where the first line supervisors are more concerned with protecting their own butts than communicating anything of importance to their own supervisors. The former head of the company where I work once called this an "inversion layer," implying that there was some particular point where communications break down. This is how it looks, but it's not how it is. The lack of communications results from the fact that each individual level of organization in a company is not totally transparent to the level above it. It is simply the accumulation of many layers of less than complete transparency that results in the appearance of this mythical inversion layer. The real problem is too many levels of management and more precisely the whole multi-layered managerial system itself, where the guys at the top really don't won't to "dirty their hands" looking at anything more than one level below them. Not only is it impossible for them to know what's happening using the current organizational model, they don't really want to do anything that would allow them to know.

    If they did know, they would have to take responsibility. And nobody sitting behind an expensive desk making obscene amounts of money for having little meetings about his "vision" of the future wants to have to worry about being responsible.
  • by jbroon (147984) on Friday May 17, 2002 @09:01AM (#3536410)
    While I agree with the idea that Ford should be held accountable (or at least an audit of their security), I think the phrase "did nothing more than use a leaked password" is a bit of an understatement.
  • by sphealey (2855) on Friday May 17, 2002 @09:08AM (#3536446)
    Oh, and one last thing - never give anyone your social security number. Or your mother's maiden name.
    Social Security Numbers are public records. They are not, and never were intended to be, secret. If any organization builds a system which depends on keeping the SSN "secret" for security, it is incompetent (and possibly criminally neglegant), but if you depend on your SSN being secret for anything you are being foolish.

    Mother's maiden names are similarly public records. In practice they have been harder to track down in the past, but wiht various records including those of the Mormon church coming on-line that information is not fully accessible as well. See first paragraph for implications.

    sPh

  • by Waffle Iron (339739) on Friday May 17, 2002 @10:27AM (#3536851)
    If everyone calls it hacking, it's hacking by definition. Just like the vast majority of commonly used words, this word has multiple definitions. Deal with it.
  • by Anonymous Coward on Friday May 17, 2002 @10:28AM (#3536862)
    How do I know this is not a social engeneering trick ?

    :)
  • protect yourself.. (Score:2, Insightful)

    by phaserx (574470) on Friday May 17, 2002 @12:32PM (#3537805)
    I had my wallet with my life in it stolen about 7 months ago.. my health insurance company is brilliant enough to assign us ID's that are our social security numbers.. I was so paranoid about identity theft, but after talking to a lot of people, I found it's very easy to make it much more difficult for someone to steal your identity. The best thing to do is call all the major credit beareaus, such as Experian, Equifax and there are a few others, and tell them to "red flag" your account. When you "red flag" your account, then any place opening a new account that effects your credit will have to speak personally with you and verify that your account is flagged for whatever reason you specified when you flagged the account. Since I did this, I have received 3 phone calls from major credit card companies asking me to verify my recent credit card application. I don't think this will totally protect you, but it will definatley make it much harder for someone to steal your life.

It is impossible to travel faster than light, and certainly not desirable, as one's hat keeps blowing off. -- Woody Allen

Working...