All The World Over, Your Stolen I.D. 191
MSNBC is running a story about a massive identity theft which is apparently traceable to people who ordered wireless service from Verizon. If you've gotten service online from Verizon, you might want to check your credit card bill post-haste. And make sure to cancel your Social Security number and date of birth too.
Re:Why it took so long ? (Score:1)
This is what happens when you trust too much of your personal information to a 3rd party. I'm not blaming the user, of course, but the companies that convince the average internet user that is "safe" to trust on them.
As if that weren't bad enough, the article points out that "subagents" are often used to collect the information. So, even if a user trusts Verizon or AT&T (no comment), they are actually dealing with the subagent that they probably wouldn't trust.
And, to make matters worse, sometimes these subagents have subagents! From the article: AT&T Wireless spokesperson Danielle Perry confirmed that in at least two of the cases, the customers had signed up for AT&T Wireless service through Advanced Digital Solutions, which she described as an "unauthorized subagent's subagent that has gone bankrupt." In other words, we aren't responsible for the work we farmed out, it's beyond our control, it's their fault not ours.
What ever happened to SSN "not for identification" (Score:1)
What about intersex? (Score:1)
Bah! What about Feb 30 in Sweeden? (Score:1)
So 1700 (which should have been a leap year in the Julian calendar) was not a leap year in Sweden. However, by mistake 1704 and 1708 became leap years. This left Sweden out of synchronisation with both the Julian and the Gregorian world, so they decided to go *back* to the Julian calendar. In order to do this, they inserted an extra day in 1712, making that year a double leap year! So in 1712, February had 30 days in Sweden.
Later, in 1753, Sweden changed to the Gregorian calendar by dropping 11 days like everyone else.
There was a sweedish king born on Feb 30, 1712. Also known as "the man without a birthday".
Re:brithdate? (Score:2)
When Texas transitioned to it's new license format, they apparantly decided that instead of migrating the database, they'd just have the clerks reenter everyone's information as they came in for renewal, and this time the clerk got it right, and just like that, my manhood was restored.
Weird, huh? I've still got a copy of my old license around here someplace.
Don Negro
I'm glad to see that Corporations (Score:5)
Y'know, America could salvage its image -and- make a real impact on crime, if "System Admining Under The Influence" and "Data Warehousing, Without Due Care And Attention" were hanging offences.
(Brings a whole new meaning to "Blue Screen Of Death".)
Re:Drivers Licenses! (Score:1)
Re:Golly, why are SS#'s everywhere? (Score:1)
License to E-Commerce + SSL Certificates (Score:2)
I've seen many entities out there like "Trust-e" which review privacy practices and policies for e-commerce sites, but I really don't think any of them out there is big on auditing network and systems security practices. Even if they do, those companies are hired at-will by the sites conducting e-business to give themselves more credibility.
Face it people, I really am starting to believe that statements like "This is a secure site because it uses SSL and strong encryption and ... [insert heart-warming buzzwords here]" are nowadays flat out lies for too many e-commerce sites. Those sites are not secure. They store passwords and social security numbers in clear text in databases that reside on the same machine as the web server, which prolly runs way more services than it really needs to because "hey, we can get a pretty fast server up and running in no time and for really cheap, by getting ourselves a cheap pentium and sticking red hat linux on it". "OK, well it looks like the red-hat installation went fine ... let's connect to localhost on port 80 ... ooo see the pretty Apache default page? Great! Well Sir, looks like we're good to go and ready to stick a shopping cart on this puppy!"
The danger doesn't lie in "packet sniffing" anymore. There has been such a hype over the whole "eavesdropping" over a transaction as it is being made, that it looks like this is the only thing irresponsible systems administrators ever worry about: "Well, we need a secure server that does that SSL thing. To do that we need to shell out a couple hundred bucks and apply for a Verisign ID so people don't get nagged by their browser when they hit our site. Verisign will tell people we are who we say we are."
Big deal. Am I supposed to feel good now? In light of what I've been reading for the past few years ... I'll say NO.
The danger truly lies in HOW and WHERE sensitive consumer data is being stored. *This* is what matters and what should get thoroughly audited.
If a site possesses an SSL certificate from Verisign, it should be illegal for the owners of this site to request a consumer's highly-sensitive,permanent and personal data like a Social Security Number (credit card numbers don't apply here as those can easily be changed), unless their SSL certificate also comes with some kind of SEAL of approval from some government-sponsored network and systems security auditing.
I do realize I'm going a little far with government involvment, but we're talking about protecting data issued to every citizen by the government in the first place. You're talking about people's lives: their ability to buy a house, open a 401k account, even get work! I have been victim of identity theft in the past after my mail was stolen, fortunately it didn't go too far as I think they didn't get their hands on my SSN, but it truly poisoned my life for a while. I came back from christmas vacation only to find someone had gone on a shopping spree courtesy of me with several of my credit cards and realized they had applied for and shopped with a couple others in my name! Yes some credit-yielding entities don't even ask for your SSN to open an account.
If government involvment isn't the solution, then users should somehow get educated and notified with a message along the lines of "Although this site encrypts all its transactions, its network and systems security practices have not been audited by [INSERT GLOBAL ENTITY NAME HERE]-approved party and may be exposed to security holes".
Better yet, the W3C [w3.org] could work on amending the HTML specification to define a new type of form input field: INPUT type="secure-ssn" name="userssn", which browsers would ONLY display if a site's SSL Certificate contains information stating that this site's security practices were audited and approved. If that is the case, the browser could 'automagically' display the field as [][][]-[][]-[][][][] with a 'secure key' near it which could be clicked to explain what this all means, and possibly remove that field from any scripting-bound client-side Document Object Model so that data could not be evilly manipulated within sites open to cross-site scripting vulnerabilities. The browser could further insure that the value of this field could only be submitted to a form whose "action" attribute points to a secure protocol. The browser should have built-in validation of this field to compensate for its lack of access thru scripting. Browsers should not allow this field's value to be pre-populated on page load unlike other input fields so users would have to re-enter their SSN every time they see the field.
Now with that standard special-looking "social security" form input field, people could be educated to only enter their social security number in such an input field. If they do enter their SSN on any other type of form input field, then they should know they're further exposing themselves to identity theft.
These are just initial ideas, but further brainstorming should help finding a solution that would work to protect people's privacy on-line.
What do you guys think?
Golly, why are SS#'s everywhere? (Score:3)
That's what we get for giving Big Brother a new toy.
And to top it off, SocSec is a pyramid scheme. [socialsecurity.org]
Re:Bah! What about Feb 30 in Sweeden? (Score:2)
Those things that come around every year are birthdate anniversaries, by the way. You only get one birthday, and you're really too young at the time to properly appreciate it.
But if you pay cash, troubles may get worse (Score:2)
Or as a drug dealer, and since you'll probably be carrying all your available money on you in cash (being afraid of not being able to get it out of a bank), that will be considered as further "evidence" that you're traveling for the purpose of dealing drugs and that the money is intended to be used for drugs, so even if they can't actually haul you in front of a judge and jury on charge of "looking like he was fixin' to go deal drugs", they can arrest your money, and you have to prove that your money is innocent.
Before you can go to court to do that, you have to put up a cash bond of an equal or greater amount, but that doesn't actually bail your money out, so now you've got twice as much money being held hostage.
Domains.. (Score:1)
Heh... (Score:1)
Re:Don't Give Out Your SS # (Score:2)
>would solve this problem once and for all.
Killing yourself during a grandiose delusion?
The real problem is lack of strong authentication. (Score:1)
Now if I sign their application with my 2048-bit private key (public key on file with the CC company and with the credit reporting agencies), that's something different
Robert
Re:WARNING! Gayer than goatse.cx link above (Score:1)
Oh man...you realize you just made that trolls (and many like him/her(s)) day, don't you? One must never acknowledge being caught out by comp-u-geek or its friend goatse.cx.
(-5 Moronic) (Score:1)
Re:(-5 Moronic) (Score:2)
Well, the original problem was stated in the (perhaps implied) context of birthdays excluding the year.
In that context, 367 people guarantees that two of them will share the same birthday, excluding the year.
If we expand this to a human lifespan of 120 years, then you only need on the order of (120 * 366 + 1) = 44,000 to get a birthday collision, including the year of birth.
If you want to count stinking rotting corpses, or the not-yet-born in your million, piss off.
Perfect.. (Score:4)
Now when my RealDoll [realdoll.com] shows up at the house, I can just tell my wife "Damn identity thieves are playing with my Visa card!"
What to do if it happens to you (Score:4)
Re:Assimilation (Score:1)
Re:Too much information (Score:1)
Here's an interesting story on that topic [cjmciver.org] - apparently this man's been mostly successful in his life without an SSN, except for getting a new driver's license.
Remember: it's a "Microsoft virus", not an "email virus",
Re:Too much information (Score:2)
Caution: Now approaching the (technological) singularity.
Importance of the SSN (Score:1)
No one questions it. People just give it out freely. They don't care if someone takes their schedule, grades, or degree audit. Simply amazing, yet sad. --Josh
Too much information (Score:5)
Maybe this is where we need to use the approach of trusted third party authorization. Basically the only person you share this trusted information with is your bank and it is the bank who gives to a unique, time based, validation id to share with the company you are buying the service from. If a bank is incapable of keeping your details secret, then you know that you don't want an account with them.
Re:Golly, why are SS#'s everywhere? (Score:1)
Then again, with an 18 or 19 drinking age, we're a damn sight less paranoid about checking ID. I was in Denver visiting my Dad, went into the liquor store, bought some booze and wasn't carded; we went to a restuarant less than a mile away, I order a drink and get carded! (I'm 30). When I worked for a supermarket in MA that had wine and beer, my boss said "Card anyone who looks under 35."
Pope
What? Bear is driving car? How can that be?!
About damn time (Score:2)
Addendum: And what form is that??? (Score:1)
(http://www.ins.usdoj.gov/graphics/exec/whereis
"form to smuggle illegal immigrants": No documents matched the query.
And what form is that??? (Score:2)
Uhh, what paperwork is necessary to smuggle illegal immigrants? does the government have a form for this?
Birthdate stolen! (Score:5)
--
Re:Happened to me! Lost savings & checking & MORE (Score:2)
Deal with good banks, good credit card companies and good stores and you shouldn't have any problem.
Give up on online banking as well, just isn't worth it. I can't imagine the risk of having fraud and not knowing if it is the online bank problems or simply the fact you don't have anyone to see other then people over the phone if you do have problems!
Happened to me! Lost savings & checking & MORE (Score:5)
It cost me over 5,000 in lost charges, but luckily Visa has a 0 tolerance on fraud charges. For those with "Stolen Identity" change your SSN and DL # NOW because they can effectiley call your bank and change your PIN number or obtain existing PIN #'s and Mac/ATM withdrawals are NOT guranteed nor protected.
Firecash.com is an offshore billing company that does transactions for 3rd party billing companies so this is ONE WEBSITE TO WATCH. I have already filed complaints for both the casino, the casino's processor and firecash.com because they allowed charges with incorrect name, address, phone number AND expiration date to post.
It took over a month to get my money back, every check i wrote bounced, i couldn't pay my mortgage and i didn't get to do shit for my birthday. DON'T LET THIS HAPPEN TO YOU.
Keep 2 seperate banks. Be it as simple as a 2nd savings account or something with your work or local credit union. Don't put all your eggs into one basket. Since i had reported fraud the bank was required to lock ALL MONIES Until the dispute was processed and that alown takes days since they have to file affidavites and work with security departments of visa and such.
This sucks for alot of reasons, and i feel sorry for those who will be screwed for years to come.
Basically cost me my job since my credit cards put me on old because the payments bounced and i traveled 100% of the time.. airlines don't accept cash or promises to pay for tickets. Even my corporate card was locked because i had made a payment with a check that bounced because the account was locked before they deposited it.
So now i have disputes with check authorization companies, letters to my creditors, affidavites to my mortgage company, copies of statements and official letters to my car loan companies and letters to the 3 major credit departments just to fix up MY credit.
Take care of yourself, and don't put all your eggs in one basket. I never used my visa check card online, and now i don't even let my bank link my check card to my savings for rollover protection because that is how i lost every dime i had since the charges kept coming and the bank kept on transfering from savings to pay for them.
scary world we live in when people can generate numbers, steal your identity and post the charges and make out.. if it takes a bank 1 month to investigate that is way to long in the history time since website logs are archived or gone, ip's have long changed (on dhcp or dynamic dialups) and well, you should understand how things work.
Re:Birthdate stolen! (Score:1)
Re:(-5 Moronic) (Score:1)
here's a more in-depth look:
http://forum.swarthmore.edu/dr.math/faq/faq.birth
my stats class lent me an intuition about the subject, but i'm rusty on the mechanics of higher-level probability computation - else i would've provided a proof for my preposterous claim, sorry...
Re:Slashdotters should be overjoyed! (Score:2)
It's the same as releasing an exploit to crash webservers. If script-kiddies take out a bunch of high-profile sites, like amazon or the whitehouse, it'll force people to beef up security. This prevents someone with a more insidious motive from doing the same thing later. (ie bn.com DoSing amazon (or paying kiddies to do it.))
Similarly, if a large number of people get their identity stolen by small-time crooks, it'll force us to fix the system before someone organizaed gets into it and really fucks us up.
Hmmm. Would be an interesting DoS... Automate identity theft, rack up huge charges to overseas companies for non-refundable products. Because the order was with a valid card, Visa/MC wouldn't be able to reverse the charges to the company. Hit them with a few billion in bad charges all in a month.
You know, we're almost at the point where a skilled hacker could wipe out a good chunk of the western economic world. The benefit is that the hardest hit would be those with the least real value, companies whose holdings are mostly stock, or debts, etc.
It won't be all that long...
1 in 5 sounds about right to me (Score:2)
I should know-- I've just had my identity stolen. Somebody opened up a credit account at Gateway (in addition to other places) and bought a computer for himself! All in all there are $2000 worth of fraudulent charges-- fortunately they're not on my credit cards, so I won't have to pay them in order to conduct daily business.
The Credit Bureaus are a PAIN in the butt to deal with-- I've had to re-open the investigations on my accounts several times-- becuase Gateway and others report that the account is "under investigation," the credit bureaus interpret that as saying the account is mine!
The police are even worse-- it's been 6 weeks since I originally filed my complaint, and only this week have I actually recieved a call from a detective! These things just SIT there until they either get lost or fall onto somebody's desk.
I could have been completely screwed over by this if my circumstances were a little different-- I have been looking for a place to live, and almost all landlords in NYC require credit checks on all applications. With those nasty adverse items on my report (even with a victim statement), I would never have stood a chance getting an apartment. I decided to rent a room instead until things settle down a bit with my credit (and my job), so it hasn't kicked me in the ass yet.
Identity theft is REAL! I'm really surprised more testimonials haven't been posted here... I know of three other people off the top of my head who this has happened to.
I still don't know how they got the information-- a security breach, a disgruntled university employee, intercepted mail... no idea. I haven't lost my wallet or anything.
Maybe that detective will be able to tell me something useful... we shall see.
Re:Too much information (Score:2)
The SSN is becoming so close to the mark of the Devil as described in Revelation that it's not funny. Even if you're a non-believer, it's gotta be pretty creepy to think that the U.S. government is acting in a way that was prophesied as a sign of the end times 2000 years ago. Not what the Founding Father's had in mind, I think.
Re:Too much information (Score:2)
A wireless plan that doesn't involve your SSN... (Score:2)
http://www.tracfone.com
You buy the phone outright, with no preset plan (or credit check,
or SSN/bdate divulgences), then pay for minutes as you need them
using your credit card, for which you've already established
respectable credit/identity. There seem to be less points of failure
with such a system.
IANAS - I Am Not A Shareholder; I just like the company...
Re:When will people learn? (Score:5)
To protect yourself:
Never enter nondisposable data. Use a disposable email address. Use a disposable CC number (or at the very least a low-limit creditcard). Never enter Social Security numbers (fake one, or use another option). Avoid using your real name. Avoid entering your real phone nr. Dont enter your age. Dont enter your profession. Make the data worthless and corrupt.
In my opinion the only way to handle this problem is to make it illegal for any company to store any sensitive information at all. They need the information? Fine, they get to have it for the 5 minutes they need it, then it MUST be wiped.
Hackers stealing the data is just one simple way the data gets out. Social engineering to disloyal employees through mergers acquisitions etc etc are other ways.
If you ever give out the information it will be stolen and misused.
Re:Golly, why are SS#'s everywhere? (Score:2)
Re:1 in 5 sounds about right to me (Score:2)
Hey, give the police a break. They've got SERIOUS CRIMES to investigate, like violations on the DMCA.
Drivers Licenses! (Score:2)
Slashdotters should be overjoyed! (Score:2)
Now imagine if identity theft becomes commonplace - this will result in all that "personal info" becoming worthless, and will make demographic profiling useless. Massive identity theft will wind up increasing real anonymity - because anyone could be using "your" ID numbers and passwords.
No longer will you have to worry about someone connecting your nick to your "real name", and fearing repercussions over your "free" (as in speech) speech. "I didn't post that, some stinking pinko identity stealer did!" I'd think the cypherpunks should be breathing hard by this point. Heck, they may try to encourage identity theft!
Doesn't this make you happy? Those big companies won't be able to treat you like a number anymore, because that number could be a bunch of people. We'll finally be able to cast off the oppressive yoke of corporate pigeonholing and catagorization of people!
...and get back to actually going to the store with cash in hand for your CDs, DVDs and blank CD-Rs. Ah well, that's the price you pay for progress, right?
Maybe the thieves WERE spammers! (Score:2)
One victim - $4000 lost - "Most of the charges were at Network Solutions".
Another victim "was called by his bank Monday and told a criminal had charged $1,000 on his card over the weekend at Network Solutions"
Now, I'm just speculating, but what kind of criminal do we Slashdotters know of that has a need to register lots and lots of domains, and has a use for lots and lots of credit card numbers, (that is, has a use for lots of CCs, a few of which would be used to register bogus domains, but the majority of which would be used to sign up for $20/month throwaway dialup accounts that get nuked within hours of signup...)
If my hypothesis is correct, all we need to do is follow the trail from the CCs to the domains to the dialups to the whackamole users.
Y'see, if the $KILOBUCK charges are going to domain registrars, it'd be pretty easy to figure out what domains were registered, and if they were appearing in spams.
And if we find the domains in spams, we can get the spammers' general geographical location by looking at reverse DNS from the throwaway dialups with which he spews. We can also learn from the "Send money to" snail-mail dropboxes (usually a Mail Boxes Etc. type of place) in the spams. Follow the money.
If there's only one or two spammers, I'll bet we also find that he and/or his associates have (in addition to the domain registry carding) been doing credit fraud on lots of cards the $TWENTYBUCK range to sign up throwaway dialup accounts. (Umm, and mailboxes at MBE ;-)
Or maybe our Bad Guy is hiring others to spam on his behalf. In this case, we have 100 "work at home" suckers, most of whom lost money to the ringleader, and we only need one to turn state's evidence.
Of course, all of this is mere speculation. But it would account for much of what's appeared in our inboxes over the past year, wouldn't it? There are probably only a few spammers who would have the capacity to run such an operation, and their real-life identities are known. In my more paranoid fantasies, I imagine that this identity theft might have been done on behalf of one or more of them.
The wheels of justice grind slow. But they grind fine.
Re:Drivers Licenses! (Score:2)
Not a Verizon Wireless issue really.. (Score:3)
Numerous times they mention the AT&T connection, and the URDigital.com connection. In fact, URDigital is the name of a folder specifically listed in the IRC transcript.
This looks to be a multiple vendor issue, not limited to one company.
These views are mine, not my employers.
Obviously someone didn't read the article... (Score:2)
Re:Can ask or should ask? (Score:2)
Re:Can ask or should ask? (Score:2)
Don't pay into SS or give out your SSN (Score:3)
Also, you don't have to pay into it. It's a voluntary program just like over 90% of federal income tax. For more information on the opt in programs the IRS wants you to believe you're required to pay read Title 26 of the United States code. Unless you are a non resident alien, working for a foreign corporation, received a petition from the secretary of the treasurey, or manufacture producst susseptible to excise tax, You aren't required to pay federal income tax.
Request your IMF file from the IRS. Most of the time you'll see yourself classified as 4035, working for a foreign corporation. You don't have to file, you don't have to pay. Any employer that witholds tax is guilty of fraud, and the IRS's notices violate section 9b of RCP US code title 18 so you can refuse them for fraud. The law scares them. Enjoy!
actually.... (Score:2)
http://www.redpolygon.com [redpolygon.com]
http://www.hyperpoem.net
Don't Give Out Your SS # (Score:5)
Giving Your Number To Others
If a business or other enterprise asks you for your Social Security number, you can refuse to give it to them. However, that may mean doing without the purchase or service for which your number was requested. For example, utility companies and other services ask for your Social Security number, but do not need it; they can do a credit check or identify their customers by alternative means.
Giving your number is voluntary even when you are asked for the number directly. If requested, you should ask:
why your number is needed;
how your number will be used;
what happens if you refuse; and
what law requires you to give your number.
The answers to these questions can help you decide if you want to give your Social Security number. The decision is yours.
Our primary message is this--be careful with your Social Security number and your card to prevent their misuse.
If you think someone is misusing your number, ask us for the leaflet, When Someone Misuses Your Number [ssa.gov] (Publication No. 05-10064).
Originally your SS # was never supposed to be given out to anyone! But big business beat up big brother and started using it to profile each and every American. In fact, the business community forced the Government to require *all* citizens to have a SS #. So now from the second you pop out of your mother's private parts, you have to be registered with the SSA.
I personally think the ending to "Fight Club" would solve this problem once and for all.
Re:brithdate? (Score:2)
Yech. Not at all. I was actually thinking of attempting to tamper with the delivery of the baby.
I guess that's only slightly less weird....
-jRe:I am NOT a number. I am a FREE MAN! (Score:2)
Re:brithdate? (Score:2)
Wow. There's a story.
But, you know, if you had a time machine, you could keep all that from happening.
-jRe:brithdate? (Score:2)
Gosh, here in Maryland, it takes the act of a surgeon to change your sex.
...oh. Legal document. 8)
-jbrithdate? (Score:3)
and date of birth too.
Quick! To the time machine!
("no, listen you have to hold on for at least *checks watch* two more hours. no, i can't tell you why. oh, damn. nurse!")
Or something....
-j
basic math... (Score:2)
half of almost nothing is still almost nothing. I haven't been following it all that closely, but didn't George W.'s social security task force say recently that without reforms the social security system was going to start going broke in 15 years or so? And that they'd have to cut "your benefits" to keep the system solevant? Another argument for not "investing" 15% of your yearly wages with "the government". (What's that you say? "it's only 7.5%?" Tell me all employers would keep their matching 7.5% if they didn't have to pay the social insecurity tax, i'll laugh at you).
---
Re:Don't Give Out Your SS # (Score:2)
---
or... (Score:3)
There are some good suggestions under "GENERAL ADVICE ON OPERATING WITHOUT A SSN" towards the bottom of this page [buildfreedom.com]..
---
Spam worse than ID theft? (Score:2)
Something I never knew (Score:5)
No can do, Michael (Score:2)
From the linked article:
Experts say the victims could be dealing with the potential identity theft for years; unlike credit card numbers, Social Security numbers and date of birth information cannot be canceled and reissued.
So much for that idea...
--
Social Secuirty # and you (Score:2)
I think the first thing that should be done here is that the requirement of a SSN on any application for a credit card or phone number, etc should be out right banned.
Second, these phone companies should run a two week advertisement announcing the thief of this data and that all people should check with their credit card companies and credit rating companies. The hacked companies should also report this to the credit reporting companies!
I also think the companies should be libel for a million dollars of damage per incident (person).
Finally a quick google search on legal uses of social security numbers turns up quite a few things worth reading: SSN FAQ [networkusa.org]
Interesting banner ad... (Score:5)
-----
its not just Verizon Wireless (Score:2)
Okay, let's see them get around this! (Score:4)
I'll just encrypt my social security number using the strong ROT13 encryption that Adobe uses.
Er, I may have to put more thought into this. Let me get back to you on that.
Re:About damn time (Score:2)
Re:brithdate? (Score:2)
Geeze - not to be rude or anything but I pictured you sitting with your parents trying to stop them from gettin' it on for another couple of hours. *shudder*
Re:Too much information (Score:3)
And what is special about a bank? Since the banking industry was deregulated a couple of years ago, your bank is also (check all that apply):
- an insurance company
- a stock broker
- a "financial supermarket"
- a real-estate broker
- a mortgage broker
- a credit-card issuer
- a venture capital firm
- a bond underwriter
- a market maker (nasdaq) or market specialist (nyse)
Your bank not only isn't capable of keeping your details secret, it doesn't want to. Your personal information is a MONEY MAKER!And don't trust the government either: the state of South Carolina (I think it was SC, I may be a little off) was selling drivers' license photos for drivers licenses to private companies!
Re:Can ask or should ask? (Score:2)
If there aren't, a company can say 'no account for you' for not wanting to provide any information they want.
And why exactly is that a problem? How does that violate your rights? Or mine? If a company won't give you service without an SSN, then go somewhere that will. Or buy one of those "prepaid" phones. Pay with cash instead of credit cards. Buy in person instead of over the phone. But don't get the government involved in telling me who I can and can't give information to. If I want to give my SSN to a company for a discount or for a higher class of service, why shouldn't I be allowed to do that. Telling companies what they can and can't ask for is ultimately a restriction of MY rights to "life, liberty, and the pursuit of happiness"; it isn't your place to decide for me what I can and can't give away.
Re:Importance of the SSN (Score:3)
There ARE other options.
Re:I'm glad to see that Corporations (Score:4)
On a side note, out school e-mail system uses the last 4 digits of your social security number in your e-mail address. The last 4 digits are the ones that are hardest to find. I was told (please confirm) that the first 3 are derived from the state you were born in and the year. The next two identify the county (or hospital?) of your birth. I asked to have my e-mail changed.
Andrew
Re:brithdate? (Score:2)
When I called the SSA to discuss this, they tried to act like they really hadn't made a mistake, and get this: it was now illegal (and they tried to shift the blame to President Clinton for signing the law) to change that part of my record without my filing a certified copy of my birth certificate and a request form. Yes. Your government has outlawed the practice of correcting its own mistakes.
And we're worried about corporations? At least most companies don't have standing armies and navies and immense stockpiles of nuclear weapons.
Re:When will people learn? (Score:3)
Agreed, but what good does that do when a company chooses to move ALL its customer data gathering applications to the web? Would anyone like to comment on this scenario?
The result, it seems to me, is that the user is less and less able to protect themselves from personal data being stolen. Maybe I'm being paranoid, but I'd expect that SSL and the like was being used for the Verizon (and AT&T) web applications, too, yet this theft has occurred nonetheless. Could it be that we are once again running into the dangers of monocultures (put it all on the web) and the prolifieration of diseases (hacking web sites with larger and larger stores of data)? What can the average user do to protect themselves in such situations?
Fraud Alert Consumer Statements (Score:2)
Social Security Number structure (Score:5)
http://www.cpsr.org/cpsr/privacy/ssn/ssn.structure .html [cpsr.org]
Re: (Score:2)
Wrong about Passport (Score:2)
Passport's just integrated, so if I *wanted* all of MS's shiney new toys (MSN Messenger,
I am NOT a number. I am a FREE MAN! (Score:2)
I will not be pushed, filed, stamped, indexed, briefed, debriefed, or numbered! My life is my own! [ridiculopathy.com]
Re:Golly, why are SS#'s everywhere? (Score:2)
In fact, in an economics course I took freshman year, the staff kept track of students' grades in a big database, using the students' ID numbers as the keys (minus the last 2 or 3 digits, if I recall correctly). Occasionally, individual grade updates would be sent to each student enrolled in the course, along with all their other info from the database (ID, total points, etc.).
You can almost imagine what happened next: there was a mistake, and the course staff accidentally (!) sent out an email to all students in the course containing grades and ID information for all the students. Oops.
This debacle finally got the administration to at least consider the implications of using the SSN as a form of ID. Of course, being a bureaucracy, nothing concrete has been done yet...oh well. This seems to demonstrate the abject stupidity of using this kind of ID - I mean, thank God the items in the database were only released to a small group of college students - the consequences could have been much worse than they were.
It's about time. (Score:3)
*checking statement* "What the hell is this monthly charge from Verizon? They've been doing this monthly, like clockwork! Someone has to put a stop to this.
Can ask or should ask? (Score:2)
---
Can you imagine.. (Score:3)
THink about the hell you'd go through changing SS#'s the next time someone asks for it! :) I used to be more laid back aout it - but am quickly starting to challenge companies that want my SS# - too bad - get another ID to use.
I'd have to rate changing SS3's above the nightmare of getting a new checkin gaccount or switching to a new health plan!
But beyond that - I'm a Cingular customer - so I'll have ot wait my turn to have my info sold er stolen.
No wonder... (Score:5)
Whatever... he's spending money like water and treating everybody at happy hour, so it's all good...
God bless those Albino Ninjas...
Assimilation (Score:3)
Behold! Witness the founding of the Borg collective!
I knew my privacy was worth the effort! (Score:2)
A few months ago, the company I work for made me switch my mobile service to Verizon. I insisted on doing all business at one of their stores, paid cash for the phone and setup fees, and absolutely refused to give them my social security number. In addition to all this self inflicted inconvenience, Verizon went to great efforts to make the whole process more of a huge pain in the ass because I refused to give them my SSN. It took two weeks, three visits to their store, one letter, and a lot of grief from my boss (only some of which was directed at Verizon) before my phone was finally turned on. Moreover, getting warranty service from them without giving them my SSN was also quite annoying and tedious.
Now, after reading this article, I'm damn glad I went to all that trouble, and I'll definately do exactly the same in the future.
Never give the bastards any more information than they absolutely need. And they never need your Social Security Number. If Verizon spent as much effort protecting the personal information of their customers as they did trying to get the same information out of me, they might not have had this problem. They say they need your SSN to make sure they can trust you, but the real question any time someone wants your SSN is whether or not you can trust them.
Re:actually.... (Score:2)
To protect yourself.... (Score:5)
Link here [cpsr.org].
this
thats a lot of domains.... (Score:2)
Thats a lot of #####sucks.com's to be registered. I wonder how many it takes to rack up $4000. It has to be a few.
DocWatson
Re:How do we know if we were revealed????!! (Score:2)
Of course, the story is about details being posted to a chat room so this might not help in this case...
Re:Golly, why are SS#'s everywhere? (Score:2)
It's not just corporations that overuse the SSN as a form of ID - universities are guilty of this practice. I go to Carnegie Mellon, where the primary form of student ID is - you guessed it - the student's SSN. International students get (psuedo)random numbers, but we American citizens are not so lucky.
Yeah, I made the same mistake. The university I went to would've let me change my ID number if I had been thinking of it, but I was just a freshman and filled out the form anyway. I don't think they actually use your SSN for anything other than their internal records, so you could probably make one up and get away with it. In retrospect I wince at all the places I unknowingly gave my SSN to...
Re:Spam worse than ID theft? (Score:5)
--
Forget the Credit Card Statements... (Score:4)
Most people will quickly notice additional charges on the credit cards... the more important thing is getting a Credit Report. Having gone though this several years ago... You need to get a credit report from each of the 3 Credit Agencies, look for both new accounts and new Inquiries into your credit report. It takes a while before a new account shows up, but as soon as credit is applied for, an inquiry is added.
Contact each company that has requested a report. Try to determine if an account was created(can be tough for some of the major companies that have alot of different types of credit accounts, to determine with line of business an account was applied for.
Get them to fix any other problems on the credit report and send you a new copy... this should all be free.
They will refuse to remove the inquiries even though they are frauduelent, but if anything is else is wrong (address, employer, etc) that was place on the report from the credit applications the thief use can be removed. Sometimes it will take several cycles to get everything fixed up, but this can work to your benefit. One of the inquiries, claimed no account was open... after getting the third report an account for that company showed up. Now with an account number it was easy to track down and contact the proper people to get it removed.
If accounts where opened and used, you will likely be required to sign Noterized letters saying you did not open or authorize these accounts.
Also be sure to add a statement to all three of the credit agencies reports. It should contain that you have been a victim of identity theft, and if they've acquired the report to grant credit, contact me a home xxx-xxx-xxxx, or work xxx-xxx-xxxx, to verify that I have request it before opening any credit. This will prevent the instant credit at some of the stores, but it is much safer.
New, From Verizon Wireless: Person Forwarding (Score:5)
Now, from Verizon Wireless: We know you're busy. Sometimes you don't have time to enjoy the money you're making. That's why we at Verizon have come up with PERSON-FORWARDING. We forward your identity to a less busy person who can spend your money on your behalf. Just another service to make your life easier from Verizon Wireless.
</James Earl Jones voice>
Hey wait a minute. Bell Atlantic became Verizon. I used to have them. Crap.
Re:Happened to me! Lost savings & checking & MORE (Score:2)
Keep 2 seperate banks. Be it as simple as a 2nd savings account or something with your work or local credit union. Don't put all your eggs into one basket.
For added security, open the separate bank account using somebody else's name, birthdate and SSN.
Online privacy and Microsoft Passport (Score:2)
With the release of Windows XP, you will *REQUIRE* a passport to get any meanigful work done
Now I know that passport does not require your social security number
If Microsoft Passport ever takes off, it could be a huge target for Identity thieves and given Microsoft's track record at security one can only wonder how long it will be before *YOUR* identity is stolen.
Some privacy groups are going after XP and trying to stop this massive hole from being created. One can only pray that they succeed. Read this [yahoo.com] article.
Just the tip of the iceberg (Score:3)
That's Mr. Eradicator to you.