IP: 13,000 Credit Reports Stolen by Hackers

[Dave Farber <dave () farber net>]

13,000 Credit Reports Stolen by Hackers

May 17, 2002
By JOHN SCHWARTZ 




 

Hackers posing as employees of the Ford Motor Credit
Company have in recent months harvested a trove of 13,000
credit reports - a virtual one-stop shop for fraud and
identity theft - with data on consumers in affluent
neighborhoods across the country.

The company said in a letter to the victims that computer
intruders used an authorization code from Ford Credit to
get the credit reports from Experian, one of three major
reporting agencies.

"I've never seen anything of this size," a spokesman for
Experian, Donald Girard, said. "Privacy is the hallmark of
our business. We're extraordinarily concerned about the
privacy issue here, and the trust factor."

The inquiries gave the intruders access to each victim's
personal and financial information, including address,
Social Security number, bank and credit card accounts and
ratings of creditworthiness, which can be used to identify
the best targets. 

"This is not just a credit card number; this is the whole
kazoo," said Richard Power, the editorial director for the
Computer Security Institute, an industry trade group. A
criminal could use the data to make credit card charges or
even open bank and credit card accounts in the victim's
name. 

Thefts of credit records, Mr. Power said, are far more
common than is reported. "The unique thing about this one,"
he said, "is that it has surfaced." The theft was first
reported yesterday by The Boston Globe and The Detroit
News. 

Statistics on identity theft are hard to come by, with
estimates ranging as high as 700,000 cases a year. Betsy
Broder, the assistant director for planning and information
of the Federal Trade Commission, said the commission
received 86,000 complaints of identity theft last year.

Representatives of Ford Credit said they did not know how
the hackers acquired the code, which was used by the
company's office in Grand Rapids, Mich. The intruders
focused on addresses in affluent neighborhoods, often in
numeric sequence, said Rich Van Leeuwen, executive vice
president at Ford Credit.

The company said it had sent letters via certified mail to
all 13,000 people, urging them to contact Experian and the
two other credit reporting giants, Equifax and TransUnion,
and to report any evidence of abuse to the F.B.I.

The company has also worked with Experian to set up a phone
line to let victims get their credit reports and help them
resolve discrepancies.

Neither Ford Credit nor Experian has determined how many
people have reported fraudulent charges or other problems.
Mr. Girard said that Experian had received 2,700 calls
since the letters started going out this month. Although
the unauthorized inquiries began in April 2001, Ford first
heard about the problem in February, Mr. Van Leeuwen said.
Only 400 of the 13,000 victims were customers of Ford
Credit, he said. 

Dawn M. Clenney, a special agent at the F.B.I. office in
Detroit, said that she could not comment, except to say,
"We're on the case."

Mr. Girard, the Experian spokesman, said the company would
work with the F.B.I. to catch and prosecute the intruders.
"It just shows that today, even big companies can be
victimized," he said. "it's a never-ending struggle against
the bad guys." 

http://www.nytimes.com/2002/05/17/technology/17IDEN.html?ex=1022645875&ei=1&;
en=52dcf04672cce2d0


For archives see:
http://www.interesting-people.org/archives/interesting-people/