[ISN] Experian, Ford Still Unsure How Hacker Stole 13,000 Credit Reports

From: InfoSec News (isnat_private)
Date: Tue May 28 2002 - 01:28:26 PDT

  • Next message: InfoSec News: "RE: [ISN] MS Outlook booted off campus"

    NEW YORK, May 28 (LendingIntelligence.com) - It is almost four months 
    after hackers using at least one Ford Motor Credit Co. authorization 
    code stole 13,000 consumers' credit reports from Experian and the 
    companies still do not know exactly how the scam was pulled off - 
    although neither is saying it was at fault for the security breach.
    The Federal Bureau of Investigation continues to look into the 
    purported theft.
    What is known is this: One or more computer hackers got access to at 
    least one Ford Credit authorization code and downloaded about 13,000 
    credit reports from Experian's database. How this exactly transpired 
    is still a point of debate between Experian and Ford officials.
    A Ford spokesman said the hackers did not break into Ford's computer 
    systems - contrary to some published reports - but "broke into the 
    credit bureau's system," referring to Experian.
    "And it is not just one password that they got," said Dan Jarvis, the 
    spokesman. "If you are a bank and you are dealing with credit reports, 
    you need a whole series of codes and passwords to get into [a credit 
    bureau's] system. It would be virtually impossible to just use some 
    "They hacked right through Experian's system," he said. "You cannot go 
    up to someone's door in newly fallen snow and not leave a footprint. 
    The footprint said that it was Ford Credit. [Law-enforcement 
    officials] do not think it was an employee of Ford Credit, and they do 
    not think they just got hold of a password or pass code. You need a 
    whole series of things. You need a whole basket of information. The 
    credit reports were all random."
    Experian, meanwhile, said it does not fully know how the theft 
    occurred. Yet, a company spokesman said Experian's security is 
    anything but porous.
    "Our files are protected by state-of-the-art, Star Wars-style security 
    and encryption technology," said Donald Girard, Experian director of 
    public relations.
    Girard said that Experian "is pretty confident" that its database was 
    not hacked into, "leaving a range of possibilities." Nevertheless, 
    Girard would not blame Ford for the security failure.
    A Ford Credit spokeswoman said the FBI has "leads" on who perpetrated 
    the crime.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue May 28 2002 - 05:11:49 PDT