Jump to content

Something I read today that is rather frightening about credit cards


This topic is 6022 days old and is no longer open for new replies.  Replies are automatically disabled after two years of inactivity.  Please create a new topic instead of posting here.  

Recommended Posts

24% of Americans over 18 have been exposed to ID theft in the last 100 days.


Rmvea07212005_1Identities for the taking...


I have written about companies lack of securing consumers identity a few times on this site as it is an issue I feel strongly about. See here, here, and here. Every year, millions of identities are stolen and billions of dollars are lost in the financial and credit industries. Worse still, is the extreme nightmare a consumer goes through attempting to fix a problem they had no hand in creating. Over the last few days, what began as another post has turned into a study. Below I have documented every incident I could find in the last 100 days where a company has compromised sensitive consumer data. With the help of google, I have found that roughly 50 million consumers have had their personal identity breached in the last 100 days.


My study has yielded the following information thus far:


1 out of every 6 people in the U.S. have had their personal information breached in the last 100 days. US population = 296,689,763.


1 out of every 4 people over the age of 18 have been exposed to identity breaches in the last 100 days. US pop. over 18= 209,128,094 - That's 24%.


This is alarming. At this pace, every consumer record in our country will have been exposed/breached/stolen in less than two years.


I.D. Theft. If it hasn't found you yet, just give it a minute. Let me first list the incidents I have found that caused 50 million consumers to have their private information breached since 4-08-05...


Security breaches:


Exhibit 1 - The Boston Herald 7-21-05


The Registry of Motor Vehicles is failing to shred thousands of records containing sensitive customer information, leaving countless people vulnerable to identity theft and fraud, a Herald investigation has found.


At a Registry branch in Boston this week, piles of records sat in unlocked bins on the street for two hours until a recycling company collected them. The unshredded records included Social Security numbers, addresses, birth dates and medical data.


Exhibit 2: Hackers hit university of Colorado 7-22-05


University of Colorado students and employees were warned of possible fraud and identity theft after hackers hit two of the school's computer servers.


One of the servers was used by the Wardenburg Health Center and contained personal information for 42,000 students, faculty and staff members as well as for a small number of visitors, according to the university. It also contained some medical information.


The other server was used by the Visual Resource Center of the College of Architecture and Planning. It held names and Social Security numbers of 900 students and faculty members.


Exhibit 3: Reuters 7/21/05


U.S. payment processing firm CardSystems Solutions Inc. said on Thursday it faces "imminent extinction" after revealing last month a massive credit card data security breach.


The privately held payment processor for more than 100,000 merchants, CardSystems last month disclosed that details of 40 million cards -- names, account numbers and expiration dates -- had been taken from its database. The FBI is investigating


Exhibit 4 - Got Blue Cross/Blue Shield? Bad News: 7-13-05


The personal information of 57,000 Blue Cross Blue Shield of Arizona customers was stolen from a Phoenix-based managed care company.


The stolen information included policyholders' addresses, phone numbers, Social Security numbers and dates of birth. They also contained partial treatment histories for some patients and certain information about the doctors who provided that care, Biodyne spokeswoman Erin Somers said


Exhibit 5: MSNBC June 7-2005


CitiFinancial, the consumer finance division of Citigroup Inc., said Monday it has begun notifying some 3.9 million U.S. customers that computer tapes containing their personal data had been lost.


New York-based Citigroup said the tapes were in a box shipped in May via UPS Inc. from a Citigroup facility in Weehawken, N.J. to an Experian credit bureau facility in Allen, Texas. Data on the tapes included account information, payment histories and Social Security numbers.


Exhibit 6 - City National Bank, LA 7-6-05


Today I bring news of yet another security breach involving potentially thousands of people's personal info, and this is the first anyone's hearing of it.


"Recently we learned that a leading data storage firm employed by one of these computer service suppliers lost two back-up tapes containing City National data during transport to a secure storage facility. Social Security numbers and account numbers were on these tapes."


City National Bank has 52 offices statewide and about $14 billion in assets.


Exhibit 7: Work for MCI? Bad News: 5-23-2005


A laptop computer containing the names and Social Security numbers of about 16,500 current and former employees of MCI Inc. was stolen last month, the Wall Street Journal reported on Monday.


Exhibit 8: Work for Time Warner? Bad news: MSNBC 5-02-05


Time Warner Inc. on Monday said data on 600,000 current and former employees stored on computer back-up tapes was lost by an outside storage company, which the U.S. Secret Service is now investigating.


Exhibit 9: Ever use Ameritrade? Bad News: MSNBC 4-19-2005


Ameritrade Inc. has advised 200,000 current and former customers that a computer backup tape containing their personal information has been lost, MSNBC.com has learned.


"The information could include your account number, name and/or other personal information, like your Social Security number."


Exhibit 10: Ever buy shoes from DSW? Bad News: MSNBC 4-18-05


Thieves who accessed a DSW Shoe Warehouse database obtained 1.4 million credit card numbers and the names on those accounts — 10 times more than the company estimated last month.


Exhibit 11: Buy a Polo from Ralph Lauren recently? Bad News: 4-14-05


Data apparently stolen from the popular clothing retailer Polo Ralph Lauren Inc. is forcing banks and credit card issuers to notify thousands of consumers that their credit-card information may have been exposed.


HSBC spokesman Stephen E. Cohen said Thursday that "we began doing it last week, and we are continuing." He said that about 180,000 GM-branded card holders are affected.


Exhibit 12: Security Info Watch 4-1305


Criminals may have breached computer files containing the personal information of 310,000 people, a tenfold increase over a previous estimate of how much data was stolen from information broker LexisNexis, the company's parent said Tuesday.


Information accessed included names, addresses, Social Security and driver license numbers.


Exhibit 13: Have a San Jose Doctor? Bad News: 4-08-05


A San Jose-based medical practice has notified about 185,000 current and former patients about the theft of their personal information contained on two computers stolen from its offices during a burglary March 28.


The computers contained names, addresses, confidential medical information and Social Security numbers of some 185,000 current and former patients, according to the health care provider.


Exhibit 14: Go to The University of Delaware? Bad News: 7-16-05


University of Delaware officials acknowledged Friday that 343 students' Social Security numbers and class grades were lost in a computer theft at the school last December. But students weren't told about the theft until last month.


Exhibit 15: Apply at USC recently? Bad News: 7-20-05


A University of Southern California database containing about 270,000 records of past applicants that included their names and Social Security numbers was hacked last month, officials said yesterday.


Exhibit 16: Ever work for Lucas County Children Services? Bad News. 6-28-05


About 900 current and former employees of Lucas County Children Services are being advised to watch and protect their commercial credit after information from the agency's personnel database was compiled and e-mailed to an outside computer, executive director Dean Sparks, the agency's executive director, said.


The information compiled and taken includes names, telephone numbers, and Social Security numbers for the agency's 400 current employees and about 500 others who have worked there at one time or another since 1991, Mr. Sparks said.


Exhibit 17: Work for the DOJ? Bad News. 5-31-05


The FBI and Fairfax, Va., police are investigating the theft of a laptop containing the names and credit card numbers of about 80,000 U.S. Department of Justice workers.


Exhibit 18: St. Johns Regional Medical Center. Bad News. 7-23-05


St. John's Regional Medical Center has begun informing more 27,000 patients of the theft of hospital records with personal information about them.


LaFerla said the information stored in the computers included the names, dates of birth, admission and discharge dates, medical record numbers, and account numbers of patients from those years. It did not include any other personal information such as medical records, health information or Social Security numbers, she said.


LaFerla said it is doubtful the information stolen could be used to accomplish any identity theft that might harm anyone affected.


[ Ms. LaFerla's doubt is addressed below ]


Exhibit 19: The Inside Job. 7-11-05


“These are people who have access to a lot more personal information, so it’s very serious.”


Wachovia and Bank of America were forced to alert more than 100,000 customers in May after police in New Jersey charged nine people, including seven bank workers, in a plot to steal financial records of thousands of bank customers.


Exhibit 20: ABC News 2/25/05 (thrown in for good measure, not used in the statistics above)


Bank of America Corp. has lost computer data tapes containing personal information on 1.2 million federal employees, including some members of the U.S. Senate.


The lost data includes Social Security numbers and account information that could make customers of a federal government charge card program vulnerable to identity theft.


Have I gotten anyone's attention yet? This stuff is serious and rampant. Does anybody out there want to agree with me that we have a serious problem protecting sensitive consumer data in this country?


As consumers, it's time we began to get more vocal on this issue. We need our federal government to enact strict and tough penalties for any company (or government agency ) found guilty of handling sensitive consumer data without proper security procedures in place. If we do not speak out now, surely we will be speaking up when we are one of the millions who have our identity stolen in the future.


My first piece of advice, check your credit report regularly and consider signing up with one of the bureaus credit monitoring programs so you are notified anytime a change is made on your credit report. You can get a copy of your credit report and learn about the monitoring programs at:








Here is a great resource page with lots of answers to FAQ's about ID theft and what to do if you are a victim of this crime.


With regards to Exhibit 18:


Ms. LaFerla is either ill-informed about how identity theft works or is trying to downplay a serious breach of consumer data. I'll let you decide the answer to that.


The truth is, there are several databases that crooks can use to run searches on people. All they need is a name, date of birth and city or state. The search will give them the current address and social security number of everyone with that name and DOB in that city or state. Now, the crook is armed with the patients name, DOB, SSN and current address. What else do they need to steal that persons identity?


What database allows a person to search and get SSN's on people you ask? Well, LexisNexis for one. While you are thinking about that, I direct you to take another look at exhibit 12.


For those interested inmy experience in this field, I have spent 11 years in the credit industry, and only offer my opinions as I see them. I speak for no one else within the industry.




1 - We need to require that all consumer data is encrypted. The dirty secret is that the vast majority of companies do not encrypt consumer data. It is generally stored in what is known as comma delimited format. (name,,,address,,,ssn,,,dob,,,etc). This format makes it easy for anyone reading the data to understand what they are looking at.


But only 10 percent of businesses encrypt their data, according to Avivah Litan, vice president and research director of Gartner Financial Services.


2 - Why do people need to walk around with laptops that have thousands of consumers information on them? Enough said here, I hope.


3 - Better computer security to prevent hacking. If this is done in conjunction with encryption, hackers will have a much tougher time deciphering the data when they are successful in hacking a system.


4 - Here's an easy one: SHRED PAPER DOCUMENTS. Companies found throwing out consumer data in the trash without shredding the documents should face severe penalties. This is just stupid.


5 - Have strict screening procedures in place for all companies that are applying to pull credit reports and/or use any consumer database. Require that all credit bureaus and database providers conduct regular audits on the companies they sell information to so they are sure the companies are only accessing information they have a permissable purpose to view.


There's five things I think will help eliminate some of the news items I outlined above. This will not stop them from occuring, but it should make them less frequent and less damaging when data is compromised.


Feel free to weigh in with your thoughts. I will address them the best that I can.


Beth Donovan comments:


"What's scary is that someone could have stolen your identity years before you find out about. I recently found out that a daycare center in Chicago (where I have never lived) used my social security number to obtain credit in 1993. "


Bizzy blog contends the answer is in the "Credit freeze provision pending in federal legislation". ( read more...)


Note: This post is subject to change as more information is found.


Posted by Trey Jackson at 12:19 PM in Credit & Collections | Permalink

Link to comment
Share on other sites

Where I live there have been two news stories in the past week about kids (under the age of 5 years) that have had their identify stolen. In each instance their social security number was being used by an illegal for work and credit purposes.


Not quite sure how a kid gets their SSN stolen but I suspect it might be health care/insurance.


I check my credit report regularly and pay to be alerted when a new account is opened in my name.



"Any fool can criticize, condemn, and complain -- and most fools do." Dale Carnegie

Link to comment
Share on other sites

Guest Jocoluver

"I check my credit report regularly and pay to be alerted when a new account is opened in my name."


Without giving away identity info, can you give some details about how you have arranged this?


Sounds like something I want to do.


Thank you.

Link to comment
Share on other sites


In order to post in the Political Issues forum, all members are required to acknowledge that their post is in compliance with our Community Guidelines.  In addition, you acknowledge that it meets the following requirements: 

  • No personal attacks: Attack the issue not the person
  • No hijacking: Stay on the subject of the thread 

  • No hate speech or offensive terms/expressions

Posts that do not comply with the above requirements will be removed.  Multiple violations may result in a loss of access to this forum.

  • Create New...