Personal Info of 3.5 Million Texans Was Publicly Accessible 146
SpaceGhost writes "The Houston Chronicle reports, 'Personal information of about 3.5 million Texans — including names, mailing addresses and Social Security numbers — was posted on a publicly accessible server at the state comptroller's office, much of it for more than a year.' Many of the records were for retired teachers and the unemployed, and they sometimes included DOB and drivers license numbers."
So? (Score:4, Funny)
Names and addresses I can get from a phone book. SSNs are "not to be used for identification purposes." Thus, BFD.
Place blame squarely where it belongs: lending providers and others who use the SSN as some sort of magic key to an individual's identity. All it takes is a simple law and this shit could stop next week.
Re:So? (Score:5, Insightful)
All it takes is a simple law and this shit could stop next week.
Yep, because laws stop people from doing stupid and illegal things.
Re:So? (Score:5, Interesting)
If you make the collection of social security numbers a felony I guarantee you the banks would stop doing it. To make doubly sure, make it a civil tort so that the individual who was asked for their SSN can sue the bank. Let everyone know they can do this. It would stop instantly.
Re:So? (Score:5, Insightful)
Forbidding the collection of SSNs isn't really the answer. The banking industry will just devise some other unique key that people will need to provide so that credit checks and such can be run, and then that key will become the center of risk.
The real answer is to make this information worthless by requiring banks to actually follow up and ensure that a new credit line requestor is the person they claim to be before opening the new credit line. Currently, the banks do everything they can to prevent themselves from eating the loss, but they don't do much to prevent the loss in the first place. They push as much as possible onto merchants and individual consumers. It's worth more to them to open instant credit lines virtually anonymously than to eat the occasional loss, and until that changes, the rest of us will continue to suffer from financial predation by third-world organized criminals.
Re: (Score:3)
They can use MD5 hashes of SSNs instead! Yeah!
For the security-conscious, all bank forms will now include a ten-page instructional booklet on how to perform an MD5 hash by hand. This will be superseded by a number of handy and free online tools provided by the Russian Business Network.
Re:So? (Score:4, Insightful)
The banking industry will just devise some other unique key...
Yeah... That's the idea. The bank, insurance, and other industries and departments are supposed to use their own unique to them ID system. Now a thief would need to break into all those different databases. IT is up to all of us to resist allowing them to use the SSN. Just say no.. The law doesn't prohibit that.
Re: (Score:2)
Re: (Score:3)
Re: (Score:1)
They cannot legally require you give up your SSN. They can only ask. The law is already on our side. Public acquiescence is the real problem.
Re: (Score:2)
Re: (Score:1)
Whatever you say..
So you have bank accounts, credit cards, a mortgage, a car...
Short answer: No.
Ah, one question.. Where did I mention anything about the IRS? Who doesn't already understand they can do what they damn well please? Sorry, two questions..
Re: (Score:2)
Re: (Score:1)
...but who would choose that for themselves?
Me.. If you prefer to live neck deep in red tape, by all means...
I think it's probably safe to say...
However, you can redeem yourself if you can call a triple crown winner this year. Place yer bets. Cash only
Re: (Score:2)
Well, you're most likely either
(1)dependent on someone else for your survival, or
(2) totally down-and-out (lots of people are, it's nothing to be ashamed of), or
(3)you're a redneck hillbilly whose been training for the breakdown of society sonce the civil rights movement began.
How close am I?
Re: (Score:1)
Triple Crown - usually associated with thoroughbred horse racing. Google knows all..
Man, you are ice cold.
Re: (Score:2)
Re: (Score:2)
My point was that it doesn't do any good for the unique key to be different for each financial organization, because the key is supposed to uniquely specify the individual customer in a way that works across all financial organizations. The industry as a whole has to be able to specify the individual in order to keep track of the risk associated with that individual (e.g., credit checks). SSNs are used because they're convenient, and that's because the government issues SSNs with the intention of uniquene
Re: (Score:1)
I'm not really concerned with the problems of the industry or any difficulty they might have devising a secure system. Only that it remains their problem, not ours. If the house becomes uninhabitable, tear it down. Legally we are not required to give them our SSN, and we shouldn't. Only certain departments of the federal government is entitled to use it. We can keep it off limits to anybody else, but we have to do it. If we back down, we only have ourselves to blame.
Re: (Score:2)
It won't be unique to each bank though. They will simply require you to provide the ID# assigned to you by Experian.
This ID# will effectively become the new SSN, and the problems will continue.
Until you make data security a legal requirement punishable by prison, you are going to see leak after leak. Making the leak of personal data a criminal offence is the only way to make it cost effective to have decent security procedures in place.
Re: (Score:1)
Re:So? (Score:5, Insightful)
The only predation by third-world organized criminals that occurs directly against the end user consists of 419 scams. The rest of it consists of various sorts of bank fraud that the banks aren't sufficiently motivated to take measures against; but are willing to put those whose names are used through the wringer.
It's very clever, really: "Identity theft" makes it your problem. Admitting that it is "bank fraud" would make it their problem.
Hanlon's Razor (Score:2)
Re: (Score:2)
It's so cute how you think law makers would make laws against the interest of bankers.
Re: (Score:2)
It's so cute how you think law makers would make laws against the interest of bankers.
The complete failure of our system of government is an orthogonal problem to what we're discussing here.
If you compare the United States government to a computer program, it's basically a pile of hacks upon hacks sitting on top of a shitty core library. The hacks are there because the core is all fucked up, but just because you can make it work by adding even more hacks doesn't mean the whole thing won't fall down and co
Re: (Score:1)
Re: (Score:2)
Sure, there's the second system effect to contend with, where you try to cram in all the crap you wish you'd had in version 1.0 and end up making an even bigger mess in version 2.0, but that's just an observation, not a law of nature.
Also, by "written from the ground up" I do not mean tossing out the Constitution and starting completely from scratch. To continue the computer analogy, let's treat the Constitution like the hardware. We know it works, it's just the pile of shit built on top of it that's wrong.
Re: (Score:2)
Re: (Score:2)
I'm not sure we know the constitution works correctly. Totally failing to take political parties into account was a miss. Not enough was done to ensure free trade though it was clearly intended. The interstate commerce clause is entirely open-ended. I'm not saying I'd have seen this stuff if I had been there, but let's not pretend there are not real fundamental problems with the constitution. A few more rights need to have been enumerated, at least. The founders considered that a futile exercise but given r
Re: (Score:2)
We've had our differences in the past, but I wanted to go on record as saying I agree with all of the points you've raised in this post.
Re: (Score:2)
We've had our differences in the past, but I wanted to go on record as saying I agree with all of the points you've raised in this post.
I like to think my heart is in the right place even if my head is totally up my ass sometimes.
Re:Felony (Score:2)
What if Social Security Numbers + the Person's name were a Copyrighted Work? That would be the legal protection that would scare snarks!
Re: (Score:3)
Re: (Score:2)
If you make the collection of social security numbers a felony I guarantee you the banks would stop doing it.
No, they wouldn't.
Banks are REQUIRED [helpwithmybank.gov] to have an ssn on file these days.
Re: (Score:2)
Re: (Score:2)
And yet we'll just need another ID code. Registered with the IRS, because financial institutions report such incomes to the IRS. Which then becomes the de-facto ID code that the entire industry uses for credit reports and other stu
Re: (Score:2)
They stop most people for situations like that. In fact I suspect the only people they wouldn't stop are those ignorant of the law in question.
Example law:
* Using a SSN for *anything* except other than the adminstration of social security and the collection of taxes shall be punishable by a $42 billion fine.
You really a bank is going to use your SSN for anything when that is law? OK then, do you really think after all the banks that did so have filed for bankruptcy due to a trillions of dollars in liability
Re: (Score:2)
Re: (Score:2)
All it takes is a simple law and this shit could stop next week.
Yep, because laws stop people from doing stupid and illegal things.
This is Texas. Laws don't stop people from doing stupid and illegal things, guns do. ergo:
"All it takes is a simple six shooter and this shit could stop next week."
Re: (Score:2)
All it takes is a simple law and this shit could stop next week.
From your comment I can assume that you have never actually spoken with the average state employee?
Re: (Score:2)
Now that you mention it, why don't we use some sort of web-of-trust/public key infrastructure/certificate authority-based system for establishing identity and trust?
Or would that just have the same inconvenience and fraud that an SSN-based system has?
Re:So? really? (Score:1)
That is just what we need.
Joe Public: What do you mean I have to pay verisign a $100 a year just to file my taxes?
IRS Operative: You have to have your signature signed to prove who you are to us.
JP: You don't know who I am? Can you tax me if you can't identify me?
IRS: We can not tax you but you will be charged with tax evasion.
JP: How can you charge me if you don't know who I am?
IRS: Well first you will have to have your signature signed by verisign.
JP: Where did you get such a messed up idea like t
I call your bluff... (Score:3)
Re: (Score:2)
SSNs are "not to be used for identification purposes."
You actually believe that is still the case?
Re: (Score:2)
No it won't. Like it or not, there's a need for a unique individual identifier in the credit industry. If you can prove you pay your bills, you're less of a risk, and can get lower rates from them. A lender does not need a SSN to lend you money. It's just that all of them choose to require it and a cre
Re: (Score:2)
No it won't. Like it or not, there's a need for a unique individual identifier in the credit industry. If you can prove you pay your bills, you're less of a risk, and can get lower rates from them. A lender does not need a SSN to lend you money. It's just that all of them choose to require it and a credit check to minimize their risk. If you feel this is wrong, feel free to start your own lending company which does not require SSNs nor credit checks, and tell us how that works out for you.
"Being a lender
Re: (Score:1)
Boo hoo, cry me a river. There's enough profit incentive in lending that they'll figure something out.
That was the next paragraph.
If it became illegal to use SSNs for this purpose, then everyone would get lumped in the same risk pool. People who are good about paying their bills on time would see their rates and fees go up. People who are deadbeats and delinquents would see their rates and fees go down. Pretty obviously, that'd be bad for the economy as a whole.
I agree with what he said, and really REALLY don't want to be an anonymous lender (lendee?).
"Not for ID" meant the card, not the number (Score:3)
The "not for identification" on the Social Security Card didn't mean "You may not use the Social Security Number for Identification" - it wasn't a pro-privacy imperative.
It was simply a disclaimer that the Social Security Administration was making no promises that the card they'd handed out was of any use for identifying the person now holding it. It was a card providing information, not identification.
Everything is bigger in texas.... (Score:2)
....even their screw ups.
How could that mistake have gone on for a year without somebody seeing it?
Re: (Score:2)
Re: (Score:2, Flamebait)
Comptroller Susan Combs was too busy massaging reports about the financial state of Texas to help re-elect republicans based on "The Texas Miracle" (the supposed superiority of Texas financial management). Now that the election is over and the reality of a $27 billion shortfall for the next budget sinks in, I guess her office has time to look into these basic things.
Texas: where 12 years of absolute republican rule is propelling us into Mississippi territory in state rankings for services, health care, educ
duck and cover (Score:1, Funny)
Re: (Score:3)
Re: (Score:1)
Re: (Score:2)
You just need to stop inviting Vice Presidents to Texas to shoot, sometimes their aim isn't as good...
Were Bush or Cheney on the website? (Score:2)
Inquiring minds want to know....
Re: (Score:3)
Wait... Texans ask questions?
Sure. Questions like, "What the fuck are you lookin' at"
I forsee a large increase in junk mail (Score:1)
Makes it easier (Score:2)
to get the info for illegal immigration.
Texans (Score:1)
This's what happens when politicians keep promises (Score:3)
Dang. They *are* running the government like a business down there.
In Texas it's a mistake, at UCLA its policy (Score:1)
Re: (Score:2)
FTFA/Translation (Score:2)
"I deeply regret the exposure of the personal information that occurred and am angry that it happened," [State Comptroller] Combs said in a statement.
[Translation] Let me put out this public statement saying absolutely nothing, but serving to CMA.
"I want to reassure people that the information was sealed off from any public access immediately after the mistake was discovered and was then moved to a secure location."
[Translation] I soiled myself, and berated my minions.
"We take information security very se
This just in (Score:2)
As the AG and the FBI are looking into matters: "Combs has endorsed legislation enhancing information security, including a proposal that each agency designate a chief privacy officer and another to create a state Information Security Council."
Gee Susan [state.tx.us], I think the horse has left this burning barn...unless you're looking for ways to spread the blame the next time this happens?
Yep, _everything_ is bigger in Texas! (Score:3)
Public info in Sweden (Score:2)
In Sweden all this information is public for all citizens. Private organizations do however need a permit to keep a registry with personal information.
unemployed (Score:3, Funny)
Fortunately the unemployed are less desirable than average for identity theft, so that will limit the losses a little bit.
Re: (Score:2)
Nah, they're equally desirable because they're less likely to be tech savvy so they won't notice suble abuses as fast.
Re: (Score:2)
So your thesis would be that the unemployed have equal or higher credit scores compared to the employed?
Re: (Score:3)
My wife was unemployed during that time, in Texas, and has a maximum credit rating. She didn't apply for unemployment though so she shouldn't be on any lists.
Re: (Score:2, Insightful)
Why the distinction? Because there are millions of "not working" people who the government chooses to exclude from the unemployment lists to help keep the appearance of unemployment low.
Re: (Score:2)
Your training is complete.
Re: (Score:2)
To an identity thief, the credit status of an individual is arguably irrelevant. All that matters is whether a line of credit or a loan can be opened in that person's name. Details such as the interest rate, credit limit, etc. don't matter at all. If the difference between someone with a subprime score and someone with a good or excellent score is merely the type of account the thief can open, and a thief can easily open an account under a subprime identity with a credit shop that has ridic
Re: (Score:2)
Re: (Score:3)
Then I saw who was affected and said "Phew! This is only the unproductive people!"
I love it when jackasses speak from their rear.
You oughta meet my wife. She took unemployment for two months while she was looking for a job. Other than that, she's had a steady job since before I knew her, 7 years ago... and outperforms kids half her age.
Unproductive, my foot.
Let me guess: you're a conservative.
Re: (Score:1)
Wow, and she didn't find it shameful at all to go on unemployment just for a two month gap?
Gosh, I wish my morals let me quit my job to take a two month vacation while drawing unemployment to supplement my savings. (Of course, I'd probably have to engineer my firing from the job the way UI works.)
Re: (Score:2)
Wow, and she didn't find it shameful at all to go on unemployment just for a two month gap?
Actually, she was fired for something she didn't do, and the state of Texas backed her on it when her former employer decided to appeal.
Anything else you'd like to be wrong about?
Re: (Score:2)
Then that's not "taking unemployment", that's "taking payments from a court victory/legal settlement", and thus loses its objectionability.
Re: (Score:2)
Then that's not "taking unemployment", that's "taking payments from a court victory/legal settlement", and thus loses its objectionability.
You really have NO idea how unemployment claims work, do you?
They canned her, saying money was missing, even though the manager that was in charge of the cash at that time was later let go due to embezzlement. They had no proof, no documentation, etc., and I can guarantee you that she'd not taken a dime. Y'know, that whole "moral structure" riff. She decided to get unemployment and started looking for a job. She found one in short order and IMMEDIATELY dropped the UI.
About a week later, we get a letter that
Re: (Score:2)
So y'all couldn't wait until you actually needed the money? It was just, "Fired ... WHOO HOO! First unemployment check, here I come!"?
Re:Phew! (Score:4, Insightful)
Re: (Score:2)
So when you donate to a church/non-religious charity, do you apply for their aid to the needy when you're not needy, on the grounds that "well I done paid my f'r share, so I's gonna git it right back!"?
Re: (Score:2)
Re: (Score:2)
Take that line up with the taxman sometime, see how it works out. "Hey, I'm paying taxes to benefit *myself*, and I don't *benefit* from that project, so I shouldn't have to ..."
Re: (Score:2)
"Hey, I'm paying taxes to benefit *myself*, and I don't *benefit* from that project, so I shouldn't have to ..."
Show me where I said that. Do it. Quote me, and explain where I said that.
If you actually think that's what I said, then you're even more of a fucking retard than I thought. May I suggest a repeat of third grade English?
Re: (Score:2)
Fine, "I'm paying taxes to benefit *everyone*, and this project doesn't benefit everyone so I'm going to try to get some of my money back for it by fraudulently applying for benefits."
Same diff.
Re: (Score:2)
Well, swearing at you didn't work, so I'll switch to treating you as a child.
What I asked, sweetheart, is which of the following two things you believe in your own little head. Here's number 1 for you. "I believe that the taxes I pay toward unemployment are paid ultimately for my own benefit." Let's say you believe that ok honey? If that's the case, why would you refuse to take an unemployment payout when you are eligible for it?
And here's the other possibility, you perfect angel. "I believe that the taxes
Re: (Score:2)
That's not talking to me like a child, that's talking to me like a queen, thweetie.
Re: (Score:2)
Unemployment is insurance - you pay the premiums, no shame in collecting the payout when the insured event occurs. I'm not sure you're even eligible if you wait.
Re: (Score:2, Flamebait)
she didn't find it shameful at all to go on unemployment just for a two month gap?
Not nearly as shameful as your assumption that everyone has psychic powers and knows how long it will take to find a job.
Re: (Score:1)
Not nearly as shameful as your assumption that everyone has psychic powers and knows how long it will take to find a job.
The point was that (in the original story before he clarified that his wife was actually receiving a legal settlement, not "unemployment") she *didn't even wait* those two months before deciding she had to resort to being a leech. No psychic powers necessary.
Re: (Score:2)
"It's called unemployment insurance for a reason..."
Save your breath. It's clear from the language "deciding she had to resort to being a leech" that all unemployed for however long or whatever reason are immoral people getting what they deserve because they chose their circumstances. Nothing you say will penetrate DriedClexler's Calvinist glee at the suffering of the unelect or endless search for Obama's birth certificate.
Re: (Score:2)
Let me guess: you're a conservative.
In Texas, that ain't exactly a reach... And there is also a very strong thread of personal responsibility and self reliance. Hence, people are much less likely to try for unemployment then in traditional "entitlement" states. That said, I do consider teachers (even if retired) to be productive people.
Re: (Score:2)
Actually, it only skews conservative outside the urban areas and the valley....
http://elections.nytimes.com/2008/results/states/texas.html [nytimes.com]
Re: (Score:2)
Re: (Score:3)
Re: (Score:1)
A few years ago, I found a publicly accessible server that belonged to the local K-12 school system in a medium sized city. By using the username "test," and password "test", any one could access all of the Individualized Education Plans (IEPs) that the school system kept for each and every one of its special education students. Probably, most of these documents were for "Gifted and Talented" children, and were standardized forms that had contact information. However, some of them almost certainly contained details about the learning disabilities that various children had.
Dear citizen: thank you very much for your confession. A federal agent will be contacting you shortly. We will notify your relatives and loved ones that you will be unavailable until further notice. Please be sure to have a change of clothes at the ready.
Yours,
Big Brother
Re: (Score:2)
Re: (Score:2)
Also, on a semi-related note, your name looks familiar and I've been meaning to ask you if you used to hang out at a right wing American politics site (I stopped being a regular there in early 2009). If you're the same Kilgore Trout, I think I know you from somewhere.
Re: (Score:2)