[ISN] 13,000 Credit Reports Stolen by Hackers

From: InfoSec News (isnat_private)
Date: Mon May 20 2002 - 03:22:37 PDT

  • Next message: InfoSec News: "[ISN] Computer whiz still faces second lawsuit"

    May 17, 2002
    Hackers posing as employees of the Ford Motor Credit Company have in 
    recent months harvested a trove of 13,000 credit reports - a virtual 
    one-stop shop for fraud and identity theft - with data on consumers in 
    affluent neighborhoods across the country.
    The company said in a letter to the victims that computer intruders 
    used an authorization code from Ford Credit to get the credit reports 
    from Experian, one of three major reporting agencies.
    "I've never seen anything of this size," a spokesman for Experian, 
    Donald Girard, said. "Privacy is the hallmark of our business. We're 
    extraordinarily concerned about the privacy issue here, and the trust 
    The inquiries gave the intruders access to each victim's personal and 
    financial information, including address, Social Security number, bank 
    and credit card accounts and ratings of creditworthiness, which can be 
    used to identify the best targets.
    "This is not just a credit card number; this is the whole kazoo," said 
    Richard Power, the editorial director for the Computer Security 
    Institute, an industry trade group. A criminal could use the data to 
    make credit card charges or even open bank and credit card accounts in 
    the victim's name. 
    Thefts of credit records, Mr. Power said, are far more common than is 
    reported. "The unique thing about this one," he said, "is that it has 
    surfaced." The theft was first reported yesterday by The Boston Globe 
    and The Detroit News.
    Statistics on identity theft are hard to come by, with estimates 
    ranging as high as 700,000 cases a year. Betsy Broder, the assistant 
    director for planning and information of the Federal Trade Commission, 
    said the commission received 86,000 complaints of identity theft last 
    Representatives of Ford Credit said they did not know how the hackers 
    acquired the code, which was used by the company's office in Grand 
    Rapids, Mich. The intruders focused on addresses in affluent 
    neighborhoods, often in numeric sequence, said Rich Van Leeuwen, 
    executive vice president at Ford Credit.
    The company said it had sent letters via certified mail to all 13,000 
    people, urging them to contact Experian and the two other credit 
    reporting giants, Equifax and TransUnion, and to report any evidence 
    of abuse to the F.B.I. 
    The company has also worked with Experian to set up a phone line to 
    let victims get their credit reports and help them resolve 
    Neither Ford Credit nor Experian has determined how many people have 
    reported fraudulent charges or other problems. Mr. Girard said that 
    Experian had received 2,700 calls since the letters started going out 
    this month. Although the unauthorized inquiries began in April 2001, 
    Ford first heard about the problem in February, Mr. Van Leeuwen said. 
    Only 400 of the 13,000 victims were customers of Ford Credit, he said.
    Dawn M. Clenney, a special agent at the F.B.I. office in Detroit, said 
    that she could not comment, except to say, "We're on the case."
    Mr. Girard, the Experian spokesman, said the company would work with 
    the F.B.I. to catch and prosecute the intruders. "It just shows that 
    today, even big companies can be victimized," he said. "it's a 
    never-ending struggle against the bad guys."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon May 20 2002 - 06:10:03 PDT