100,000 More Social Security Numbers Exposed 325
ThinkComp writes "PayMaxx, Inc. is a web-based payroll processing company, and they recently notified me that my on-line form W-2 was available. And so it was, along with the W-2 (including SSN and salary data) of every other one-time PayMaxx customer dating back at least five years, possibly 100,000 in all. Through news.com, PayMaxx reports, 'PayMaxx has made and continues to make every effort to secure its system against any breach,' which is why part of their site has been down now for several days."
Free credit reports... (Score:2, Informative)
Alternate link (Score:3, Informative)
First ChoicePoint now this? How long until a major government database like one from the IRS gets hacked and information on almost every US citizen is available? Scary thought.
- Cary
--Fairfax Underground [fairfaxunderground.com]: Where Fairfax County comes out to play
Re:Uh oh... (Score:2, Informative)
But, I noticed, that couldn't be Jon Stewart's real social security card, because the name that would appear would be his real name, which is Jonathan Stuart Leibowitz.
Re:Define "breach" (Score:5, Informative)
He changed his name (Score:1, Informative)
Stewart married long-time girlfriend Tracey McShane in 2000, at which time they both legally changed their last names to "Stewart." The couple had their first child, Nathan Thomas, on July 3, 2004.
Re:Free credit reports... (Score:3, Informative)
From ftc.gov [ftc.gov]...
Free reports will be phased in during a nine-month period, rolling from the West Coast to the East beginning December 1, 2004. Beginning September 1, 2005, free reports will be accessible to all Americans, regardless of where they live.
Consumers in the Western states -- Alaska, Arizona, California, Colorado, Hawaii, Idaho, Montana, Nevada, New Mexico, Oregon, Utah, Washington, and Wyoming -- can order their free reports beginning December 1, 2004.
Consumers in the Midwestern states -- Illinois, Indiana, Iowa, Kansas, Michigan, Minnesota, Missouri, Nebraska, North Dakota, Ohio, South Dakota, and Wisconsin -- can order their free reports beginning March 1, 2005.
Consumers in the Southern states -- Alabama, Arkansas, Florida, Georgia, Kentucky, Louisiana, Mississippi, Oklahoma, South Carolina, Tennessee, and Texas -- can order their free reports beginning June 1, 2005.
Consumers in the Eastern states -- Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, New Jersey, New York, North Carolina, Pennsylvania, Rhode Island, Vermont, Virginia, and West Virginia -- the District of Columbia, Puerto Rico, and all U.S. territories can order their free reports beginning September 1, 2005
Re:Time to write to my Congressman (Score:2, Informative)
here's some info for you related to this (Score:2, Informative)
Back the bus up... (Score:3, Informative)
If you check the Boston.com article [boston.com] that's been posted by another user, you'll see that "Think Computer" was demanding payment to tell them about this bug. This sounds a little bit like extortion, don't you think? What gets even more interesting, is that I recognized this guy from an earlier story [slashdot.org] on Slashdot. He wrote a rambling, alarmist "whitepaper" about how unsecure WiFi was in the Boston subway. Furthermore, searching Massachusetts business filings [state.ma.us] doesn't show that any "Think Computer" corporate entity exists.
I believe that this is just some young kid who desperatly wants for himself to be seen as some sort of security expert. His techniques are highly unprofessional and insulting to those of us in the industry who do, in fact, have a clue as to how IT consulting works.
Re:Credit report monitoring (Score:2, Informative)
Find me a criminal law that says negligent release of sensitive information is a crime??
However, if you are referring to negligence in a tort action at common law then there is a possibility. However, again there is no law making them protect the information. In a tort action we must find an actual breach of duty that is required by law. The only duty that may apply is if this company had a privacy policy or contract that said they would protect the information.
Without such a contract or policy known to the public there is no basis of a breach of duty that I can think of.
If you give me your social security number I can give it out with impunity as long as I do not give it to a known identity thief or constructively assist in the perpretration of a fraud since that would be an obvious accessory or aiding crime.
Re:Use of SSN fundamentally flawed. (Score:3, Informative)
The result? Another trip to the legislature required...
Re:Uh oh... (Score:2, Informative)