ChoicePoint Data Stolen By Imposters 381
swight1701 writes "Criminals posing as legitimate businesses have accessed critical personal data stored by ChoicePoint Inc., a firm that maintains databases of background information on virtually every U.S. citizen. The incident involves a wide swath of consumer data, including names, addresses, Social Security numbers, credit reports and other information. ChoicePoint notified between 30,000 and 35,000 consumers in California that their personal data may have been accessed by "unauthorized third parties." No obvious notice appears to be on their website."
Excellent! (Score:4, Informative)
No Place To Hide [publicradio.org]
It was truely disturbing. Now that we're permanently at war with the Forces Of Evil (terrorists, for now) people should get used to not having any privacy. Sigh.
Re:Ineptness to the point of being evil (Score:3, Informative)
No Place to Hide: Behind the Scenes of Our Emerging Surveillance Society [democracynow.org]
More of ChoicePoint's greatest misses (Score:3, Informative)
*This is not an endorsement of the linked site or the opinions expressed there. I just recall these claims from a Slashdot submission I made a couple years ago related to this.
Remember the Florida election of 2000 ? (Score:4, Informative)
When is Joe Six pack going to wake up to the fact that in secret the government has conspired to create a dossier on every citzen in this country and this is who they hired to do it:
Hank Asher then creates the MATRIX as a state level network version of the TIA office. Essentially continuing the TIA office, but freeing it from congressional oversight and federal whistleblower protections. He admits smuggling millions of dollars worth of cocaine in 1981 and 1982. Coincidentally at the time when the Iran-Contra dealings were in full swing.
But this is only speculation. Could there be more of a link between illegal dealings between Hank Asher and the republican party? OF COURSE THERE IS!
In 1992, Asher founded Database Technologies, which later merged with ChoicePoint. In 1999, he founded Seisint Inc. by merging two companies. He is still on Seisint's board of directors, and continues to play an active role in the company.During the 2000 presidential election ChoicePoint, gave Florida officials a list with the names of 8,000 ex-felons to "scrub" from their list of voters. But it turns out none on the list were guilty of felonies, only misdemeanors.
So there we have it. We went from having a domestic spying agency run by a five time felon to having the same domestic spying program sans congressional oversight and whistle blower protections run by a convicted drug smuggler who has proven that he'll break the law to further the republican agenda.
http://www.oldamericancentury.org/oh_republican
A Florida law enforcement data-sharing network is about to go national. In the name of counterterrorism, the Departments of Justice and Homeland Security are pouring millions of dollars into the system to expand it to local law enforcement agencies across the nation. It's called Matrix, which stands for Multistate Anti-Terrorism Information Exchange. According to the Washington Post, the computer network accesses information that has always been available to investigators but brings it together and enables police to access it with extraordinary speed. Civil liberties and privacy groups say the Matrix system dramatically increases the ability of local police to snoop on individuals.
http://www.democracynow.org/article.pl?sid=03/0
The Florida company that built the database was founded by the man behind ChoicePoint and Database Technologies. The companies administered the contract that stripped thousands of African Americans from the Florida voter roles before the 2000 election.
Although narrower in scope than John Poindexter's controversial Terrorist Global Information Awareness program, Matrix may serve a similar purpose because it provides unprecedented access to US residents regardless of their criminal background. And states are eager to participate in the new program. On Tuesday, the Department of Homeland Security announced plans to launch a pilot program in state law enforcement data-sharing among Virginia, Maryland, Pennsylvania and New York.
Re:Ineptness to the point of being evil (Score:3, Informative)
Re:So who ELSE is affected!? (Score:3, Informative)
Re:Ineptness to the point of being evil (Score:5, Informative)
Re:Legal question (Score:5, Informative)
Ordinarily in a case like this a class action would be brought against the company. The "Class Action Fairness Act" will shift class actions from state to federal court. Ostensibly this was done to prevent venue shopping- where you look for the state with the most favorable laws for your class action suit- but it also has the nice property that federal courts rarely agree to hear class action lawsuits, citing differences in state law. The Act effectively puts an end to all class action suits without explicitly banning them.
If you're a victim of identity theft because your Social Security number was compromised by ChoicePoint, you'll have to hire a lawyer yourself, prove that the identity theft was a result of ChoicePoint's negligence, and your case will be heard separately from those filed by any other plantiffs.
Re:No Changes Forthcoming (Score:2, Informative)
However, there is some data they possess which isn't public records (DMV records mostly) which require special privledges to access. I would hope that they actually review who has access to that information, and not give it out to persons without legitimate needs.
I think the main concern is that fact that this data is aggregated for use, without any sort of controls on who can see it, and for what reason.
Re:So who ELSE is affected!? (Score:3, Informative)
Well, from a legal standpoint, it certainly does. If there is no law in your state requiring them to do so, then legally they don't have that obligation to you. Morally, I believe they are obligated to, but morality isn't the same as legality now is it?
Data ownership (Score:5, Informative)
When they lose the data, as far as they are concerned they have lost some of their business information (ie. someone accessed their data without paying).
That the data is about you, and could be damaging to you is incosequential to them. Anyone could have bought the data from them anyway.
Re:Where's the Upside? (Score:2, Informative)
Re:Ineptness to the point of being evil (Score:4, Informative)
Also, there are lots of foreign people in the U.S. and elsewhere who have U.S. bank accounts but no SS #. I suspect that banks assign these people arbitrary generated numbers. Perhaps you can go to a bank, tell them you're from Scotland or Uruguay or the South Pole and just open an account without the damn SS number. Of course they may demand a passport.
Now here's an interesting bit of trivia. You can change [ssa.gov] your social security number. It's free and you have to apply, with proof of identity, and also supply a reason why the change is needed. It can be a change of name, threat of domestic violence, identity theft, or even because the numbers are offensive to your religious beliefs. I suppose the latter reason is the best way to change your SS # arbitrarily. However, they say they keep your old number on file and cross referenced, so it may be that someone with your old number could still cause you grief.
Re:Do a little quick math (Score:5, Informative)
The databases basically involve public records from every county in a state describing ownership, professional licenses, et cetera. They often include every piece of information involved in submitting a request for some type of certification. Land deeds, for example, are in there, as well as contractor's licenses. A lot of that information is public record, but the stuff that isn't is the address (that's sometimes but very rarely public) and sometimes social security number. If you can establish that someone was at a certain address, and get a social from that address, hopefully correlating it with another address and matching (or near-matching) social security number, then you can look that ssn up in connection with all kinds of other items. This can connect them to any number of other people who you can bother for their phone number.
Eventually, you can find property, and depending on what state it's in you can sometimes take it away. California makes it pretty hard to do that kind of stuff to someone; you can't take away a home which is also a business, for example, and you can't take away someone's primary automobile -- unless you're the lien holder, that is. Or, well, the federal government.
Notice above I said something about a near-matching SSN? All of this stuff is near-matching. The problem is that someone might write their name (or other information) carefully in one place and illegibly in another. They might of course also forget or "forget" the number and misenter it. Finally, let us not forget the wonders of data entry and the errors therein. Some forms are OCR'd (anything typed) and some were probably hand entered. The record only goes back so far as well, but it's generally pretty far.
Anyway, anyone with a business that has a reason to need to do that kind of thing can get access to those databases. They can tell what you were doing with it, so if you do something naughty, they could tell.
Re:Remember the Florida election of 2000 ? (Score:2, Informative)
During the 2000 presidential election ChoicePoint, gave Florida officials a list with the names of 8,000 ex-felons to "scrub" from their list of voters. But it turns out none on the list were guilty of felonies, only misdemeanors.
I don't believe that this is entirely correct. According to Palast's book there were many scrubbed felons that had their voting rights reinstated either by Florida or another state where they committed their felony. This fact was conveniently ignored when the scrub list was created.
I'd love to see some citations concerning some of the other allegations, but this post, modded informative, is nothing more than cut [democracynow.org]-n-paste [whoseflorida.com] .
Please cite your sources if you would like to maintain any respectability.
Re:Ineptness to the point of being evil (Score:2, Informative)
It's not that these data should be legally kept private to prevent fraud, though there's an argument that they should on privacy grounds.
Rather, it's the fact that the US financial system is so lax on security in general. Australia is a good example of how this sort of thing is handled elsewhere. If you want a credit card or bank account, you need to provide 100 points of identification, which can be made up of a variety of ID items. Here's an example:
http://www.national.com.au/Business_Solutions/0,,
It's not a foolproof system, but it means that identity theft happens a lot less often in Australia than it does in the US.
Re:Ineptness to the point of being evil (Score:5, Informative)
as a holder of a merchant account, I can say that you're full of shit. WE bear the brunt of fraud (a.k.a. "Chargebacks")... not only do we lose the money, but we get charged a nice little fee along with it. (usually around $30-40).
oh yeah, and get more than $x percent chargebacks in a year, your account goes *poof*
Re:Ineptness to the point of being evil (Score:5, Informative)
The IRS is way ahead of you, that's what ITINs and ATINs [irs.gov] are for.
Re:Ineptness to the point of being evil (Score:1, Informative)
There are a lot of websites about living without an SSN (or just without revealing yours), and while it isn't easy, it isn't impossible either. Frankly, you don't need banks anymore these days. It may have its problems, but PayPal makes a very decent bank if you are forced to use it as such. The real problem is with employment: it can be very hard to get some jobs without an SSN.
Living off the grid, however, is a real option if you aren't using a bank account. If you do local work for cash and freelance work online (less than $600 per employer per year), you already have a 25%-30% head start over everyone else, who pays 15.3% in SS/Medicare and 10%-15% in income taxes. That means you can work 3/4 as hard as everyone else and enjoy the same lifestyle, all while doing less paperwork. Not everyone's cup of tea, but the chances of ever having a problem with the IRS are nil. They would far rather nail people that are on the grid AND not paying taxes, because it's a heck of a lot easier. Plus, they tend to know beforehand how much $$ they can recover.
The EU example (Score:2, Informative)
Basically, you don't own the actual © to the information being stored, but you own all rights to it, except what I'll call "commercial exploitation."
In other words, any company requiring you to hand over personal data (even just name and DoB) must publish a notice in which it officially states it complies with current law, and a legally-binding policy of use of the data (this is similar to the US, AFAIK.) Such policy, here, must include a document which specifies the security measures the company has taken to protect the data, down to a description of their IT systems and "practices," and/or a list of people entitled to access and use these data.
However, the difference is you may officially ask for removal or change of the information from any form of database the company may have, at any time. They have a limited time to comply, and you only need to send snail mail to exercise your rights.
For credit information, AFAIK Italy has a centralized, governmental database for those with officially bad credit (sorry, don't know the legal English term.) Not sure if you have the same rights over it. However, if any bank or commercial institution keeps a copy of the database (possibly with additional information), it must ask for the individuals' permission, and its database must comply with the above legislation.
This doesn't solve the problem of what happens if your data is stolen. However, it gives you the right to withdraw any and all information from a company if it doesn't meet your requirements for trust. Or again, it allows you to erase any and all information from the databases when you're no longer interested in the company's services.
Of course, the fact it requires you to send official snail mail discourages most laypersons from a thorough "personal data management." However, the possibility is there.
Choicepoint/DBT have had many PR problems before.. (Score:4, Informative)
The Joys of the DPA (Score:3, Informative)
Experian (in UK) also screws you : my experience (Score:5, Informative)
A few years ago I applied for a mortgage, and got refused because the bank did a credit check with Experian, Experian told them I wasn't on the electoral register, so the bank turned me down. I knew I was on the electoral register, and had been for years. I went to the local council for my previous residence, and the helpful council officer checked my record, and even let me come round the desk and look at her screen to see my record. I phoned Experian "I know I am on the electoral register for this address" (Experian) "no, sorry sir, this isn't on your record" (me) "I'm looking at my name on the electoral register, I'm just handing you over to the council officer who will confirm" (nice govt. officer): "yes, he is" (Experian "ahh... we'll look into that" (me): "cheers, I've been turned down already for a mortgage, are there any other parts of my credit records you should be checking?".
I really recommend that anybody in the UK who is about to buy a house/car/other significant credit transaction to ask for their records first. Which of course costs you money that goes into the credit agencies pockets. It's a corrupt system, and there's nothing we can do about it. Private companies running (ruining?) peoples' lives. "Sue the company" might be ok for you big shots but I was on low wages then and I'm a student now. One day I'll be working again and the first thing I got to do is use *my time* and *my money* to unpick *their mistakes*. Experian's mistake f*cked up my life, be wary people.
This is why... (Score:3, Informative)
Compare with Belgium (Score:1, Informative)
The interesting point is: We don't have this problem: All the points mentioned about the electronic ID, or about the fact we have to have an ID, are THEORETICAL. In practice, this doesn't happen. As I read again and again on slashdot, in the country of the theoretically free people, lots of really ugly stuff happens again and again.
Maybe you should all come and live here, as we have some interesting laws and habits that protect humans:
* Every company, shop,
*Almost nobody is allowed to even ask for my ID card. The police can (they do when they check if you drive drunk, but i saw on TV how USA police asked for a SSN or drivers licence, so it is not really different there). Some high-ranked people on the trains are allowed to check it to see if you are e.g. not to old to get a ticket for young people. They are not allowed to write anuthing down about it. These are the only people that ever requested my ID,and in both circumstances, it is quite rare.
* It is not possible to steal money from my bank card by knowing it's number, as it is protected by a secret code. This is not perfect, but it works quite well and misuses are never so big as to have 30.000 victims)
So i would ask all the USA-inhabitants to stop whining about ID cards until you know what you are talking about. Your governement brainwashes you to believe you are free by pointing to facts like 'you have no ID - please forget about the SSN', but stories like this prove you wrong. Belgium is by no means perfect, but I'd much rather have my ID card than come over to the USA and suffer under your 'freedom'.
Re:Put the slashdot effect to good use (Score:2, Informative)
I just read the MSNBC article, http://www.msnbc.msn.com/id/6969799/, about how large quantities of personal information were stolen from your databases and became concerned. Therefore, as I am not a resident of California, and thus you will not voluntarily be informing me of whether I am affected, I would like to request that you provide me with assurances that my information was not compromised.
If I do not receive a response from you within a week I will be contacting my lawyer and asking him to pursue this matter further.
Thank you in advance for your cooperation