Forgot your password?
typodupeerror
Security Crime Privacy

Experian Sold Social Security Numbers To ID Theft Service 390

Posted by Unknown Lamer
from the you-can-totally-trust-us dept.
realized writes "Experian — one of the three national U.S. credit bureaus — reportedly sold SSNs through its subsidiary, Court Ventures, to the operators of SuperGet.info who then offered all of the information online for a price. The website would advertise having '99% to 100% of all USA' in their database on websites frequented by carders. Hieu Minh Ngo, the website owner, was recently been indicted for 15-counts filed under seal in November 2012, charging him with conspiracy to commit wire fraud, substantive wire fraud, conspiracy to commit identity fraud, substantive identity fraud, aggravated identity theft, conspiracy to commit access device fraud, and substantive access device fraud."
This discussion has been archived. No new comments can be posted.

Experian Sold Social Security Numbers To ID Theft Service

Comments Filter:
  • by Anonymous Coward on Monday October 21, 2013 @12:41PM (#45190035)

    WHAT THE FUCK!!!?!!!?

    • by Anonymous Coward on Monday October 21, 2013 @12:50PM (#45190173)

      A very articulate and insightful comment. No sarcasm intended

    • by binarylarry (1338699) on Monday October 21, 2013 @12:56PM (#45190275)

      Agreed. I'd vote for hanging some of the Experian exec responsible for this.

      • That seems far to kind of a punishment for them. Having them drawn and quartered would be closer but still falls woefully short.
        • NOT ENUF! (Score:5, Funny)

          by TiggertheMad (556308) on Monday October 21, 2013 @01:47PM (#45191075) Homepage Journal
          Hanging's too good for him. Burning's too good for him! He should be torn into little bitsy pieces and buried alive!
    • by lymond01 (314120) on Monday October 21, 2013 @12:57PM (#45190291)

      WHAT THE FUCK!!!?!!!?

      According to TFA, basically the company that Experian purchased had already been selling information to the notorious 24-year old cyber criminal. Once the company was purchased, Experian didn't review its own transactions closely enough and inadvertently sold our SSNs to the guy too. Monthly. The Secret Service found out, captured the 24-year old, and it's unknown if Experian, credit watchdog, will suffer for sleeping on the job.

      I'm not sure who appointed Experian watchdog (though I'm certain someone on Slashdot will point out how ignorant I am for not knowing), but for a company with so much power over your own life in terms of credit, it would be nice if, with the power came some sort of responsibility -- and accountability. I suppose we'll need to off Experian's Uncle Ben to get our point across...

      • by Scutter (18425) on Monday October 21, 2013 @01:26PM (#45190745) Journal

        At the very least, Experian's board should be held accountable by its shareholders for gross negligence in failing to do its due diligence during the purchase.

        • by gsgriffin (1195771) on Monday October 21, 2013 @03:14PM (#45192327)
          They're up 24 points, 2% right now. Don't think investor care so long as they make money. $1,224/share is pretty staggering.
      • by Solandri (704621) on Monday October 21, 2013 @02:02PM (#45191261)

        I'm not sure who appointed Experian watchdog (though I'm certain someone on Slashdot will point out how ignorant I am for not knowing), but for a company with so much power over your own life in terms of credit, it would be nice if, with the power came some sort of responsibility -- and accountability.

        Nobody "appointed" Experian watchdog over this information. Many companies (banks, lenders, credit card companies, etc) needed reliable information on a customer's past creditworthiness. Experian (and TransUnion and Equifax) collected and provide this information in sufficient quality for these companies' needs, and so they've become the watchdogs.

        The problem is a subtle one I've noticed in several fields (mainly HR and hiring). The credit agencies protect against a false positive - one where an individual who is a high credit risk is incorrectly determined to be a low credit risk, and thus the bank gives them a loan. This protects the companies who seek this information before lending out money or equipment.

        They do very little to protect against false negatives - one where an individual with low credit risk is incorrectly flagged as a high credit risk. The companies who use the credit bureaus don't really care about this case because it's a "safe" error for them. If they refuse a loan to someone who would've paid it back, they just lose out on the interest. So there's less incentive to verify the accuracy of negatives on someone's credit report. (Incidentally, low interest rates exacerbate this situation. If interest rates are higher, the interest on a loan can exceed the principal, and thus a false negative could become a greater financial loss than a false positive.)

        (In the HR case, a HR department which carelessly culls out job applicants based on keywords and unrealistic years of experience is lowering their risk of false positives. But they're also increasing their risk of false negatives and weeding out a lot of qualified people. From management's standpoint, they can see the direct negative consequences of a bad hire. The negative consequences of failing to hire someone who was a good fit for the job are not so obvious. To correct for this, companies should regularly test their HR departments by submitting applicants who are "perfect" for a job and seeing how many of them get asked for interviews.)

      • by synapse7 (1075571) on Monday October 21, 2013 @02:38PM (#45191807)
        So are all SSNs compromised?
    • by Anonymous Coward on Monday October 21, 2013 @01:37PM (#45190913)

      The solution to this issue is for the Social Security Administration to publish EVERY SSN along with name in a big set of phone type books, and online. The SSN was never intended to be a secret number.

      Banks and credit organisations who use the SSN as some sort of secret code can find some other real authentication method. Publishing them all at once would 'shock' the system into the fix that is needed.

    • by cusco (717999)

      Now watch for the new Experian advertising campaign.

      We know for a fact that criminals have your Social Security number, because we sold it to them! Now wouldn't it be a shame if they were to use that information to ruin your credit (hint, hint, nudge, nudge)? For only $9.99 a month we will make sure that those fraudulent charges don't apply to your credit score, so you can argue with the credit card companies without that worry!

  • by Anonymous Coward on Monday October 21, 2013 @12:42PM (#45190043)

    These are the same people who offer to counsel you for $15, with a made-up number (even more made up than FICO) with fine print like this: "your Experian Credit Score indicates your relative credit risk level for educational purposes and is not the score used by lenders". Yep, super class act all the way. Even among credit rating scams, er "agencies", they are the worst.

    • Re: (Score:2, Informative)

      by afidel (530433)

      They can't use FICO because it's owned by a third party (Fair Isaac), what they CAN do is use a similar algorithm on the data they hold (FICO includes inputs from all 3 major credit bureaus).

      • by Anonymous Coward on Monday October 21, 2013 @01:39PM (#45190955)

        You have no idea what you're talking about. Indeed, the FICO score is strictly a model from the Fair Isaac Corporation. However, that model is licensed out to the major credit bureaus, and they will indeed provide you a FICO score. However, any FICO score is only as good as the information it's based on. Since all three credit bureaus can happen to have different info on you, you can have a different FICO score with each of them. That's why all the ads you see talk about checking your three FICO scores - the algorithm is the same in all cases, it's just coming up with different results due to different inputs.

        Now as to what the GP was saying, Experian has it's own, non-FICO score too, that they'll sell you (in addition to selling you a FICO score, should you pay for that), for a price. That's the "even more made up" number the GP is referring to, which has the name VantageScore. It's not your FICO score, and due to the less licensing and federal regulation surrounding it, costs less. However, the GP is wrong in sticking this with Experian - all three major bureaus jointly use VantageScore.

        And lastly, folks pulling credit history that aren't making a direct loan (ex: insurers), usually don't pull a FICO score, since it's expensive, relatively speaking, but will pull yet another number made up by the three bureaus (what it is depends on what you're looking to insure - they have separate scores for auto and homeowner's insurance). All of this has made the FICO score itself much less important than it used to be. It's still the gold standard for big, big ticket items, where a mortgage company has no problem spending the $ to get the FICO score from all three bureaus to insure their hundreds of thousands of lending to you.

      • by ShanghaiBill (739463) on Monday October 21, 2013 @01:57PM (#45191203)

        They can't use FICO because it's owned by a third party (Fair Isaac)

        Wrong. They can and do give out FICO numbers. They just don't give it out to you, as an individual, when you pay $7 for your "credit score", because they don't want to pay a fee to Fair Isaac. Instead they give you a number that is just meaningless garbage. 99% of the people paying the $7 think they are are going to get their actual FICO score. I fell for this scam myself.

  • by Anonymous Coward on Monday October 21, 2013 @12:43PM (#45190055)

    The US Credit system is a racket designed to screw people. I have been fighting a bogus charge on my credit report for years and I would love to see the power that these behemoths lowered.

    Granted, I do not know of a superior way to track people, but the amount of destruction caused by identity theft or improper billing is insane.

    • by Solarhands (1279802) on Monday October 21, 2013 @12:53PM (#45190225)
      Move to California. In California the burden of proof is on them if you dispute something.
    • by bradley13 (1118935) on Monday October 21, 2013 @01:03PM (#45190385) Homepage

      "Granted, I do not know of a superior way to track people"

      How about this for an idea: don't track them.

      Let's be real: These credit reporting agencies bring zero added value to the system. If you want a loan, go to the bank, show them certified copies of your pay statements, sign a legal document listing your other debts (or whatever other information the bank needs for a decision), and that ought to be it. There is zero need for anyone to know that you were three days late on a credit card payment in March of 2007.

      These agencies are a blight. They are in the same category as Facebook: you are not the customer, your personal data is a product that they sell to anyone that will pay for it.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        I have no problem with the service they provide, I only have a problem with the mechanism they use to provide it. We need a law that radically limits the usage of people's SSN. It is a government identification number and, as such, needs to be restricted to purposes that involve the government. If a company needs to deal with the IRS, Medicare, or any other government entity, they can and should use SSN for that purpose only. A private credit transaction does not involve the government, so using an SSN as a

      • by asmkm22 (1902712)

        The industry is broken, that's for sure. But your proposed solution would only lead to the same problem. If a bank loaned money out like that, you know they'd keep track of who pays on time and who doesn't (or at all). You'd still end up in a database with a record showing how trustworthy you are when it comes to paying back loans. At first, that might allow you to just go to different banks since the databases wouldn't be shared, and get loans despite having a poor repayment record, but eventually (as

  • by gstoddart (321705) on Monday October 21, 2013 @12:43PM (#45190069) Homepage

    So if the credit bureau is selling all of the information to the identify thieves you're pretty much fucked.

    Sounds like this company is playing both ends against the middle and needs to be shutdown.

    Pathetic.

    • by Bob the Super Hamste (1152367) on Monday October 21, 2013 @01:03PM (#45190381) Homepage
      Wasn't there some law that stated that when data breaches like this happen the company has to pay for credit monitoring for those affected. Given that it sounds like they may have distributed all US citizens' info it might be enough to sink their company. Then again I may only be remembering some proposed law that died a quiet death in some committee.
    • by Ronin Developer (67677) on Monday October 21, 2013 @02:01PM (#45191253)

      How about we make Experian liable for clearing ANY AND ALL debt incurred whose credit info was divulged by them?

      Once upon a time, the SSN was to be used for Social Security Purposes only - not for ID. Then, they started asked asking for it in college (as my ID) ... now, they ask for it at the local grocery store. Seems the law was changed. Why?

      At one point, when someone wrote a letter (remember those?) in the 1980's to a service member, they gave the name, rank, SSN and Fleet or APO post office number. In retrospect...WTF where they thinking? Prior to that, a service number was issued and it was NOT your SSN.

  • by Anonymous Coward on Monday October 21, 2013 @12:44PM (#45190081)

    Even though Experian was selling the info, only the people who bought it will get punished.

    • by mark-t (151149)
      I think, presumably, that an argument exists that Experian would not have had any way of realizing the nature of who they were selling it to, and that presumably, there is a separate argument to be made for Experian having the right to ever sell the information at all.
      • by mcgrew (92797) *

        and that presumably, there is a separate argument to be made for Experian having the right to ever sell the information at all.

        And what, pray tell, would that argument be? I can see nothing whatever society gains by letting Experian sell what they do not own.

        • by Sarten-X (1102295)

          Ah, but they do own it. See, when you signed that loan agreement, or contracted for utilities, or had that background check for that job, you signed an agreement that your Social Security Number could be given to a "third party" for the fulfillment of the credit or background check, and that the third party could then use it according to its own policies. Those policies you never saw but agreed to anyway likely remove all restriction on what can be done with your SSN.

      • by sjames (1099)

        And since they cannot possibly not know about 'identity theft' (that is, bank fraud where the cost is pushed off onto a third party to the fraudulent transaction), they will require proof that the adverse information reported is actually about you before it affects anything.

        HAHAHAHAHAHAHAHAHAHAHAHAHAHAHA I crack me up. That's a knee slapper!

        Their 'credit reporting' will continue to be based on gossip and innuendo such that the National Enquirer looks like the New York Times in comparison.

      • by PraiseBob (1923958) on Monday October 21, 2013 @01:31PM (#45190817)
        an argument exists that Experian would not have had any way of realizing the nature of who they were selling it to

        Excuse me? You are saying there is a valid argument that they have no way of knowing whom they are doing business with?

        They have permanently compromised a system that hundreds of millions of people use every single day. They have made every single citizen subject to fraud, and have no ability to fix it, except conveniently through their business model. This breach will STILL be an issue ruining people's lives 20 years from now, and we will have to beg Experian to correct the problems they caused, and even pay them for the privilege. The economic damage could reach well into the trillions of dollars, there is virtually no cap, since it undermines the entire credit system of every citizen currently alive, for their entire lifetime. Every executive at the company should be put to a firing squad.
    • by Jason Levine (196982) on Monday October 21, 2013 @01:08PM (#45190449)

      Sadly, the people whose identity was stolen will also be punished by having to spend time, energy, and money restoring their credit files and getting the bogus accounts removed. In some cases they will have to prove that they really didn't open the lines of credit to Experian - the very company who is responsible for the mess they are in. They will also need to watch their credit closely for the rest of their lives wondering when the next line of credit will open up or deal with the hassle of freezing their credit and not being able to open new lines of credit when they want. (Though, as an ID theft victim who did the latter, it's really not that much of a pain. Just stinks that it is necessary.)

      Experian, on the other hand, will face a vicious finger wagging by Congress. At the very worst. Maybe a token fine that they can make back in 2.3 seconds of doing their normal business.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Read the article - it wasn't Experian selling the info.

      As stated also in the summary, it was a company called Court Ventures, although what the summary doesn't say is that although Court Ventures is currently a subsidiary of Experian, it was already illegally selling this information before it was aquired by Experian, and also that the Secret Service contacted Experian about it after the aquisition.

      It also should be noted that the information itself did not originate from Experian, but from US Info Search,

  • by Theophile (535535) on Monday October 21, 2013 @12:44PM (#45190091)
    I'm an American, so I'll admit that I couldn't find Experia on a map if I tried, but this is an outrage and I say we start bombing the Experians back to the stone age right now!
  • by nimbius (983462) on Monday October 21, 2013 @12:45PM (#45190105) Homepage
    If convicted in an american court those 15 counts amount to:
    10 years in prison, appealed to 7
    parole after 4

    and experian leaving the room without ever having admitted any wrongdoing. Visa and Mastercard dont care, because the amount of credit as a balance reflected on a card is imaginary anyhow and doesnt correlate to any real value. They simply issue chargebacks against the vendors affected by fraudulent purchases.
    the vendors in turn get a strike against them for accepting fraudulent transactions. cardholders get a new card, and the game resets. Consumer capitalism cannot be permitted to short-circuit at the expense of the consumer.

    The cards are commonly used to purchase web hosting or secure free trials to distribute malware as a means of garnering more legitimate cards and absolving their dependence on lucky ducks like the Experian guy. The wheel is still turning.
    • You realize this only works for cards consumers know about. Given that the average person only gets a new loan every few years, and hence only worries about their credit report at that frequency, they might not even know that someone has stolen their identity & now have fraudulent credit cards open in their name for years. And my understanding is that once the card is opened, it's now on the consumer to dispute everything about the card, which is no easy task. It's not like charges from 1/2 across th
      • by I'm New Around Here (1154723) on Monday October 21, 2013 @01:37PM (#45190917)

        And my understanding is that once the card is opened, it's now on the consumer to dispute everything about the card,

        I never understood that line of thought. If someone, e.g. a bank, says I owe them money because I agreed to repay them money they loaned to someone who claimed to be me, my first question would be "Where is the paper I signed?". If the contract was made at a branch of the bank, such as for a loan, my next question would be "Where is the video footage of me at that bank?".

        Because if they don't have those two items, and they indisputably prove it is me, they have absolutely no case to try to extort money from me. They can go after the actual person they gave money or credit to. Why should it not be that way for all cases of so-called "identity theft"? It used to be called "bank fraud", which firmly shows the bank is the victim of fraud, and should have been more diligent in its actions. Instead they now imply the party who should have been more pro-active is the person whose name was used without their knowledge.

        Stop calling it ID theft, call it bank fraud, and tell the banks they can get their money from whomever they decided to give it to.

        • by Bob the Super Hamste (1152367) on Monday October 21, 2013 @02:21PM (#45191519) Homepage
          That actually happened to my wife. She got a call from American Express stating that we were in default on a card she had taken out and bills were being sent to an address in Las Vegas. They demanded that we pay in the most aggressive legal way they could. I told them that it isn't my fault that they didn't do their due diligence in giving out credit and that since it was a credit card we were only liable for up to $50 of it and I wasn't going to even pay that since neither of us had ever been in Nevada let alone Las Vegas. I then mentioned that if I ever heard from them again I would be filing charges against them for attempting to defraud me and would also be filing a complaint with my state's attorney general. Never heard back from them. I do the same thing with the idiots who keep buying someone's bad college loan debt that was accrued 14 years before I was born who happens to share my name. Some new company seems to buy it every 2-3 years and then they start calling or sending mail so I don't know if it is a scam or not but I treat it as if it were one.
          • by onyxruby (118189)

            Okay, your not helping yourself or anyone else like you think you are. I'm not writing this response for you personally, I'm writing it before other people follow your advice and get themselves in legal trouble.

            You have rights [ftc.gov] if your a fraud victim and you should exercise them, which you haven't done. In order to protect yourself and your credit rating [consumerfinance.gov] you have to file a fraud complaint and send it to the and credit [ftc.gov] agency [ftc.gov] and company [ftc.gov].

            If you don't do that the company can continue to report against your cre

  • Why is SSN secret? (Score:4, Interesting)

    by bigwheel (2238516) on Monday October 21, 2013 @12:46PM (#45190111)

    I never understood why social security numbers have become secret. It was my student ID both in undergrad and grad school. Available to everyone. Once upon a time, you were even supposed to keep your social security card in your wallet. Now it needs to be kept secret, along with my mother's maiden name.

    It is just a has code -- not a password.

    • by ComfortablyAmbiguous (1740854) on Monday October 21, 2013 @12:49PM (#45190165)
      Besides that, it's a horrible, horrible secret. Until just a few years ago the first five digits could be easily determined from your birthday and location of birth, leaving only 4 digits of somewhat randomness, and even that went in sequential order, giving you a pretty good guess at a much small range. To add insult to injury, whenever a company thinks they are helping you keep it secret they will ask you for the last four digits of the number, the only four digits that actually matter.
      • by unrtst (777550)

        It's very similar with credit card numbers, especially bank account ones. The first 6 digits idenfity the issuer. The last digit is just a check digit (usually via Luhn algorithm). That leaves 9 digits for the user account for most cards. However, many banks use a heirarchal system that identifies the branch where you got the card in the first 4 digits of that. The last 4 digits (3 account digits + checksum) and the expiration are usually printed on reciepts and such, as is the type of card (visa/mastercard

    • by thaylin (555395) on Monday October 21, 2013 @12:50PM (#45190179)
      because with your SSN now you have access to EVERY other piece of information. Forget your password with any company that has your SSN and they will use your SSN as the ultimate password.
    • by Anonymous Coward on Monday October 21, 2013 @12:56PM (#45190283)

      And how do you keep your mothers maiden name a secret?
      Do you kill her and her parents and wipe out all traces of them?
      Why do they use stupid shit like this to identify someone.

    • by jeffmeden (135043)

      I never understood why social security numbers have become secret. It was my student ID both in undergrad and grad school. Available to everyone. Once upon a time, you were even supposed to keep your social security card in your wallet. Now it needs to be kept secret, along with my mother's maiden name.

      It is just a has code -- not a password.

      Until the grand abstractor that is the Internet came along, exploiting the system usually meant being in a position of some power at one of those institutions, or digging through lots of garbage to find discarded records. In the realm of things that make you unique and are both quantifiable and indelible, SSN is at the top of the list. It became the de facto "identity password" since about 50 years ago when national, impersonal, remote services like credit cards took off and the creditors (banks), instead

    • by Jason Levine (196982) on Monday October 21, 2013 @01:11PM (#45190491)

      Not that mother's maiden name is any protection. When someone opened a credit card in my name, they had my name, address, social security number, and date of birth. They got the mother's maiden name wrong, though. It wasn't even close. Didn't stop Capital One from approving the card application, though, and almost giving the people a line of credit in my name. (The only thing that stopped them was a fluke where they paid for rush delivery of the card and immediately changed the address from mine to theirs. The two processes crossed paths and the card arrived on my doorstep. Had it worked as intended, they would have gotten the card and run up a huge bill under my name.)

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Here's a dirty little secret about SSN's. They were never intended to be used as unique identifiers. In fact, it says on the card For social security only, not to be used for identification [apfn.org]. Even more, they are not secure in the least, up until recently you could get the first 3-5 numbers just by knowing a little bit about the person, see ID by state of issue [about.com], and it's pretty simple to identify the group number [about.com] as well. Last 4? those were sequential. Basically, they were never designed to be secure, and now

  • Oh, wow. TFA looks more than just noise, but we don't know how true it is yet. That said, I've seen so many articles about companies disclaiming liability because the crimes were committed by a partner or subsidiary. I want to do that too. After all, if companies get the benefits of personhood, I think people should get the benefits that corporations do too. I'll spin off a subsidiary person. He'll do all the crimes (cutting off mattress tags, walking on the "Don't Walk", eating oatmeal without a spoon) an

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Always go check for an apposite Will Rogers quotation:

      "A holding company is a thing where you hand an accomplice the goods while the policeman searches you." - Will Rogers

  • by necro81 (917438) on Monday October 21, 2013 @12:47PM (#45190125) Journal
    I have a general question: why does the Social Security Number endure as the primary key of, well, every kind of financial account or transaction in the United States. The SSN - how it's assigned, how it's revoked, the regulations regarding who can use it and for what, what necessary safeguards are in place to prevent theft or misuse, its anonymity or lack thereof - was never intended for the tasks that it is now burdened with. It's broken in so many ways that it would be hilarious - if the consequences were not so dire.

    Is it just that this is the system that we in the US are stuck with, and that's that? How do other countries handle this? What are the potential alternatives? What are the true requirements for a "master identifier key", and how can they be realized in a way accessible to all people? How can we convince the business and banking community to stop using the SSN - not because they're forced to, but because it's such an awful liability?

    Which politicians' identities need to be stolen in order to put such a system in place?
    • I have a general question: why does the Social Security Number endure as the primary key of, well, every kind of financial account or transaction in the United States.

      Because it's the only common identifier assigned to all US citizens. Not everybody has a drivers license, passport, address or phone number.. but almost everybody born within the confines of society has a SSN. There really isn't any better or more consistent means of identifying an individual on a national scale. We're well beyond the days of opening a line of credit at the general store based on personal relationships and a handshake.

      • by necro81 (917438)
        Oh, I can understand how it came about. But, really, there are any number of intelligent people - security analysts, IT professionals, bankers, human factors specialists, and armchair thinkers - that could probably craft the outlines of a better, more secure system with an afternoon's effort. Why hasn't such a system come around yet?

        They say, "if it ain't broke, don't fix it." But the way we use SSNs as a catch-all identifier has been broken at least since the introduction of online commerce - why h
      • by Cro Magnon (467622) on Monday October 21, 2013 @02:23PM (#45191561) Homepage Journal

        The problem, IMHO, isn't SSN as an identifier. It's that SSN is used as a password! I wouldn't care if everyone knew that xxx-xx-xxxx belonged to Cro Magnon, but when someone can buy a car in my name with just that number, that's a serious problem.

    • by jeffmeden (135043)

      I have a general question: why does the Social Security Number endure as the primary key of, well, every kind of financial account or transaction in the United States. The SSN - how it's assigned, how it's revoked, the regulations regarding who can use it and for what, what necessary safeguards are in place to prevent theft or misuse, its anonymity or lack thereof - was never intended for the tasks that it is now burdened with. It's broken in so many ways that it would be hilarious - if the consequences were not so dire.

      The answer to your question is easy: consumers demand easier interactions with banks and other orgs, and the orgs know that the harder they are to deal with the less likely the are to attract customers.

      Instead of enrolling a new user by gathering all of their NPPI and then insisting on some extra public key verification (home mailing, notarized document, etc) before creating a private key (a password) they simply take you at your word that if you know all this NPPI, you must be _that_ John C Doe and not a d

    • by TheCarp (96830)

      Easy, mostly it crept in with a lot of "Monkey See, monkey do".

      It used to be there were no real central DBs of people's info. You don't have to go back far before the best records of who lived in a community were church baptismal records, and then Birth certificates. SS was really one of the first things where you could say just about every person here is enrolled and has a unique number.

      Back then, SSN was pretty useless. Sure you could always try to commit SS fraud, but, since most people apply, and the mo

    • by houghi (78078)

      In Belgium there is a 'General Identifier' It is your birthday + some extra numbers as there will be more then 1 person born on the same day.
      This is then linked to an (obliged) ID card.
      The ID cards have a chip that can be read by a generic cardreader. Applications are available online, as well as the open source software. http://eid.belgium.be/en/ [belgium.be] for more information.
      So you have your ID. This will then be linked to the Central Balance Sheet Office http://www.nbb.be/ [www.nbb.be] where all credits are available for cert

  • Who here thinks Experian will be held accountable? Anyone?
    • They will be held accountable to shareholders where they will be given a huge bonus for doing this. :(

      As for being accountable to us or to the laws they broke? Not a chance. I give better odds on Santa Claus existing than these guys being actually held accountable to a court.

    • They will get a vicious finger wagging by the federal government perhaps with a "big fine" (that they pay with the money they make during 2.3 seconds of normal business operations). They will hang their heads in shame until the news cycle about this is over (a day or two), promising to completely revamp how they operate.... and then they'll go back to normal business operations until they are caught doing this again. (At which point, start reading from the beginning of my comment again.)

  • by gr8_phk (621180) on Monday October 21, 2013 @12:51PM (#45190193)

    Hieu Minh Ngo, the website owner, was recently been indicted for 15-counts filed under seal in November 2012, charging him with conspiracy to commit wire fraud, substantive wire fraud, conspiracy to commit identity fraud, substantive identity fraud, aggravated identity theft, conspiracy to commit access device fraud, and substantive access device fraud.

    Why does someone at one level of the crime get charged but not the one at the top. Remember:

    Experian — one of the three national U.S. credit bureaus — reportedly sold SSNs through its subsidiary, Court Ventures, to the operators of SuperGet.info

    Why are they not being charged? Using SSNs for certain things is illegal, and selling them probably is too - otherwise what did the other guy do wrong?

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Because criminal culpability usually requires intent. This would require the prosecutor to show that Experian executives either knew about it or suspected it, or should have known about it but were too wreckless in their supervisory duties. Obviously the latter is more likely, but that can be tough to prove. Experian would bring in an army of experts to explain to the jury why the executives lived up to every reasonable standard, and that these mistakes happen every once in awhile, etc.

      In many other countri

  • obDilbert (Score:2, Funny)

    by Anonymous Coward

    http://dilbert.com/strips/comic/2010-10-14/

  • by bradley13 (1118935) on Monday October 21, 2013 @12:58PM (#45190305) Homepage

    Credit reporting ought to have everyone up in arms anyway. Every company an American does business with sends personal, financial details to these agencies. No permission required. The agencies themselves have a shared monopoly, but the size of their market is static. So they are always looking for quasi-legal ways to make even more money by selling your personal data. Sometimes quasi-illegal.

    The whole system stinks. Americans need to get themselves some privacy rights...

  • by Lysol (11150) on Monday October 21, 2013 @12:59PM (#45190317)

    My family and I were looking to move recently. Of course, we have to print out our credit reports. It used to be nice years ago when Yahoo had a service where you could easily get all 3 in just a few mins. But I'm sure since that was actually useful in real life, someone had to end it. So now, you have to log into the big 3 separately and request your 'free' report.

    Of course, it's not 'free' since there's quite a bit of time involved in just getting it. You have a right by law to get this information once a year, but in order to do so, you have to put in your credit card. Red flag right there. This 'entitles' you to a free month of credit 'protection'.

    After your done with your 'free' month, you have to call and cancel or else they'll charge you. Yup, you're right, no easy way to do that, no cancel account link or button to click - you gotta get on a phone and do an old school call. To keep the good times rolling, once you're actually off hold and connected to someone, it's some call center in another country. Mine happened to be India. What ensued next was back and forth on just getting the fucking thing canceled. There were many "just a moment" pauses and even a few upsells. I had to tell the guy 3 times I want to cancel. Just click the cancel button in your crappy web app.

    30 mins later, I was off the phone. This company and the people that work for it are trash, plain and simple. They are a scourge on society and a drain on humanity. And along with banking (and warring I guess), credit 'scoring' and manipulation has to be one of the worst human endeavors ever. I don't understand how these people sleep at night and I'm not surprised they're selling people's info to whomever will pay.

    • Re: (Score:3, Insightful)

      by sconeu (64226)

      I've *NEVER* had to enter a credit card to get my free credit report. Where the hell are you going to get it?

    • I use Quizzle instead. I've never been upsold that way.
    • Re: (Score:3, Informative)

      by Anonymous Coward

      Stop spreading FUD. No credit card info is required to get your free annual credit report.
      You don't have to agree to upsell features like FAKO credit score and credit monitoring.

    • by HeavyD14 (898751) on Monday October 21, 2013 @01:16PM (#45190573) Homepage
      Next time, go to http://annualcreditreport.com/ [annualcreditreport.com] for your free report. No credit card or trial required. Takes care of all three agencies at once.
      • by Solandri (704621) on Monday October 21, 2013 @01:30PM (#45190801)
        That's the official (and only) government site for getting your free credit reports. All the sites asking for your credit card are scam sites (usually run by the credit bureaus themselves) which automatically sign you up for a credit monitoring service and charge your card if you forget to cancel.

        All of this confusion and scamming could be eliminated if the government would just move the real site to the .gov domain. Then it'd be easy. .gov = real, .com = fake.
        • by SeaFox (739806)

          All of this confusion and scamming could be eliminated if the government would just move the real site to the .gov domain. Then it'd be easy. .gov = real, .com = fake.

          They had one. I remember going to freecreditreport.gov last time I got my credit report, then that commercial outfit got freecreditreport.com and started running all their stupid singing TV ads. I even remember a campaign to educate people that they needed to go to the .gov site for the official report. But it looks the government had to change because for the sheeple the idea a website can end in something other than .com is too difficult.

          Try freecreditreport.gov now and you get a redirect to the FTC and t

    • But you don't understand, it's charity.

      If these kinds of inefficiencies didn't exist, the rest of the world would have a really hard time catching up to the US.
      Charity is why went inventing boundless outsourcing, tax loopholes, credit scores, SUVs, TSA...

    • by Qzukk (229616)

      I just spend a few bucks and get all the information from this site I found, superget.info. Yeah, you can get it for free elsewhere but they don't try to stick you with signing up with all sorts of bullcrap. Funny, though, I can't seem to log into the site right now, maybe you're right about useful things getting shut down.

      Google tells me I can get a free report from https://www.annualcreditreport.com/ [annualcreditreport.com] but the site looks like one of those crappy scam sites crapped out of a template with some generic stock

  • I'm Dead (Score:4, Interesting)

    by Princeofcups (150855) <john@princeofcups.com> on Monday October 21, 2013 @01:08PM (#45190453) Homepage

    These are the same fuckers who insisted that I was dead because someone had mistyped a social security number. Therefore they rejected all credit requests (I was trying to get financing on a car) until I could prove that I was still alive. That's right. If they make a mistake, the victim, errr, customer, has to correct it.

  • Here's a thought (Score:3, Insightful)

    by g0bshiTe (596213) on Monday October 21, 2013 @03:15PM (#45192355)
    How about penalizing Experian for selling the information in the first place.

The first version always gets thrown away.

Working...